(since the reply-to somehow managed to break, I'm re-sending this...)
I'm more concerned that this can be client-induced from what I've read,
there's too many bad actors out there who are going to abuse this if it
ever gains traction. Even just a quick mandatory update for all affected
games would do (especially considering the severe update draught in Team
Fortress 2 right now...)
On 09/10/2017 10:31, Stealth Mode wrote:
Headsup admins/owners. Might want to disable custom files till valve
addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject
custom files with all types of malicious code. From hacks in weapon
skins, to ransomware in custom .bsp, to remote backdoors in custom
spray paints.
The exploit is injecting code into any image, sound, or data file. You
can take weapon skins (csgo), sound files, spray paint image files,
even .bsp/etc. and inject hack code, or actual ransomware, viruses, or
Trojans/rootkits directly into a server cache, or client cache via the
custom file.
Might want to disable custom files till valve decides to correct this
issue.
-StealthMode
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
