nik

Вы помните, когда зарегистрировались в X? Я — да. #МояГодовщинаВX

Telegram was banned in Russia — yet 50M+ Russians still use it daily via VPNs. The government has spent years trying to ban VPNs too. Their blocking attempts just triggered a massive banking failure — cash briefly became the only payment method nationwide.

Плюсую. Как же задолбали все эти секур буты, сафетинеты, нотаризации, сертификации, верификации, подписи, просто дайте мне программку запустить. Я железяку если купил за свои деньги, должен иметь право делать что хочу *на свой страх и риск.* Если сломал - сам виноват, но не могу!

HMUR is a dynamic retro FPS that combines classic style with modern gameplay. Watch the latest trailer and get ready for thrilling challenges. @ValkyrieInitia1 msft.it/6017s3MC9

@vxunderground All Xbox games run in a hypervisor (Game OS) so even if you were to take control over the game, somehow, the worst thing you could probably do is mess with the savedata and that's it really. If you try to do anything funny, the Host OS will just kill the Game OS VM.

I'm seeing a lot of misinformation and confusion from video game nerds regarding this video. As is tradition, I'll provide a high-level overview explaining what is (probably) occurring. Note that I am writing "probably" because without forensic evidence (data logs, debug data, information from the exploit author, the exploit code itself) I can only make an educated guess. An RCE exploit, an acronym for "Remote Code Execution" exploit, is a type of computer exploit in which an attacker is capable of delivering a payload (malicious computer code) to a remote target (your computer for example). More often than not, RCE exploits can possess limitations such as "privileges", such as what it can and cannot execute. These privileges can be the result of several factors such as the application it's exploiting (in this scenario the vulnerable application is Call of Duty WWII) privilege level (running as user or administrator). To answer some basic questions: "Is this possible on Xbox?". The answer is No. The reason why is that Xbox runs a different operating system than the operating system on your computer (for nerds: Xbox uses the Windows kernel "OneCore", the same as Windows 11, but it's still different enough). Basically, the Xbox OS lacks the sophisticated and ... "freedom" of an actual PC to perform an RCE. Even if an attacker successfully performed an RCE on the Xbox OS, it would fail due to differences between the Xbox OS and Windows 10 or Windows 11 OS. Another question: "How did they get the victims IP address?" Historically, video game developers used the P2P (Peer-2-Peer) method of playing video games. From a high-level overview, video game providers provided a service for users to match each other. However, once users were located, their computer networks would directly connect to each other. Back in the day this was the preferred method of multiplayer because it was significantly cheaper. As time progressed video game vendors migrated to a dedicated server model whereas each player would connect to a computer and all video game player actions would be communicated to the server and back to the player. Although this method is more expensive, it eradicated security concerns of P2P based matchmaking which plagued video games such as Halo, Call of Duty, and Gears of War in the mid-2000s. As you can probably assume, Call of Duty WWII is older and does not possess any dedicated servers which means it relies on the more archaic method of P2P based matchmaking. Every game you play you can identify the computer addresses of the people in your lobby. Another question: "What is this exploit doing?" In the footage shown below you can see the target machine spawn a CMD (Command Prompt) window which displays a file download in progress. - CMD title shows C:\WINDOWS\System32, meaning this is probably an administrative privilege. We can assume Call of Duty WWII is running as administrator - The file download in progress shown is from cURL, a command-line tool for downloading files or uploading files - Without forensic evidence we don't know what was downloaded, however we can make an educated guess Following the successful execution of cURL, a secondary CMD window opens up. This results in NOTEPAD.exe spawning and displaying a .txt document. Presumably here is what is happening: "CMD NOTEPAD.exe downloadedfile.txt" This command line means the cURL command downloaded a text file and subsequently executed NOTEPAD.exe to open the text file Additionally, when the Call of Duty WWII application crashes (or the user closes it), the desktop background is changed to show a prominent lawyer who Activision hired to prosecute video game cheaters. It is worth noting that changing the desktop wallpaper is slightly more complex of a task than invoking cURL and invoking NOTEPAD.exe. Which illustrates the attacker is capable of downloading a malicious script and having CMD execute that as well. However, as you can infer, there was nothing in the video which shows the RCE modifying the desktop wallpaper meaning it is possible for an attacker to execute commands remotely without the user visually seeing anything (other than cURL to download the file). The concern in this particular case is that this means an attacker is capable of deploying information stealer malware, a RAT (remote administration tool), or ransomware. Thankfully, it appears this attacker is primarily interested in memeing and fucking with people. There is more I can write to address edge cases, such as how people performed this back on Xbox 360 (that involved JTAGGING, and the Xbox 360 not using OneCore), and blah blah blah. I have to go back to taking care of my newborn son (again) Have a nice day -smelly

Obligatory reminder to sign the stopkillinggames.com Stop Killing Games petition, also fuck Pirate Software.

@ValdikSS @Cluster_M О, у меня LaserJet P1102s. Вообще конкретно мой принтер спокойно работал со стоковым HPLIP из любого дистрибутива новее 2015-го. Правда почему-то когда печатаешь из винды - шум принтера один, когда из под линукса - шум чуть тише/глуше, как будто скорость ниже. Не знаю почему так.

@Cluster_M А был бы у тебя принт-сервер, не отваливалось бы :P У тебя P1102, если правильно помню? Какой драйвер?

После обновлений принтер опять перестал работать под Linux. Сил моих больше нет снова с ним колупаться, в первый раз это заняло полдня.

@veygax @panley01 I'd agree with you overall 200% if I could be absolutely sure that my bank's certs won't be revoked because of geopolitical pressure or w/e. I agree that normal TLS w/o a custom CA should be enough, but a backup plan is always way better than "oh shit oh shit we're down!"

@veygax @panley01 Well, to be fair, most banks that have to use this CA for legal reasons tend to bundle a custom TLS library with GOST/Kuznechik support with this CA in their apps instead of asking you to install this CA system-wide, which is a MUCH better sollution. Also,

This is actual spyware by the way, they ask you to install a CA. For the love of God do not install a CA ever. There is no good reason to install a CA. You cannot pay me enough to install a CA. This is insane & I have no idea why tech outlets aren't talking about it.

macOS

@GameMakerEngine no mondealy D:

It's time to vote on your winners of the 2024 GameMaker Awards!! 🎉🏆 Choosing finalists gets harder every year so we want to thank the community for creating amazing stuff! 🔗 gamemaker.io/en/blog/gamema… VOTE CLOSES SEPT 11.

@defcon @DefConFranklin What about the defcon32 badge creator though?

If you saw Jake Braun’s talk about the #DEFCONFranklin project and you want to sign up, you can visit their site at defconfranklin.github.io or give them a follow at @DefConFranklin . Let’s make this happen! #defcon #engage

#Mondealy turns 1 year! To celebrate the first anniversary, we've released Mondealy on #PlayStation Store! PS Store: bit.ly/3AiD8a1 @real_uglycoal #GameMaker #MadeWithGameMaker

omg corsic from the hit indie game mondealy.

@GameMakerEngine Release Mondealy on PS4 and PS5, hopefully...

We reaching (crawling towards?) the end of the year! We've had an amazing year at GameMaker but how has your gamedev gone in 2023? What are your goals for 2024??

@vxunderground what's the password to the hard drive though?

The harddrives are now arriving. Individuals residing in the United States should expect the drives by Friday at the latest. And again, as a general liability thing, please for the love of Christ be careful, don't nuke your box

@Xrayez To quote their own post: "Customers will set forth their team size in our contract...We trust in the honesty of our clients...We also trust they properly recognize their staff in the game credits." But credits can get very large with all the volunteers etc esp. in indies

@nkrapivindev I wonder how are they going to verify information on the number of employees, to begin with.

Thought I'd share some feedback. Hi, I'm Nikita Krapivin, I work for @ValkyrieInitia1 - a game publisher. And there are several issues I see with the current model. 1) Team members The way Unity does team members is simple yet very effective - 1 seat per 1 Unity ID.

3) Remarks It is great that W4 made this initiative, truly, it's awesome. But if less people can afford a product, less people will buy it. And publishers don't really care how complex an engine is, if the price tag is more than e.g. Unity/GM (ref to twitter.com/reduzio/status…)

2) The pricing itself Given the 1) issue, the current price tag is more expensive than all other engines. I understand that this price might be OK for US legal entities, but not for LATAM or CIS. I hope there will be regional pricing for, uhm, not so rich countries.