In-Reply-To: <20030211193135.12389.qmail@mail.securityfocus.com> As a side note, the trojaned map vulnerability has been known to many people in the security industry for over a year, since certain members of us are avid UT players, and it came under some intense review. (After finding the Powerpoint 2000 vulnerability, which is very similar, I did a quick sweep of other interesting programs.) In fact, back in the day, I'd almost succeeded in getting a server to send out the modified map file and automatically exploit connecting clients. Dave Aitel Immunity, Inc. >Subject: Re: Epic Games threatens to sue security researchers > >In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4@wks.jubii.dk> > >Thor, > >I have sent your company an apology for those completely unfortunate >comments that I sincerely regret. We did provide an official statement >and I was not, at the time, aware that my verbal reaction, in a moment of >shock and surprise, was being captured for the article. > >The comment was a complete over-reaction to seeing the list of games >including future games that have not yet been published. It had nothing >to do with the security issues themselves, the validity of the report, or >the way Pivx presented it to us. Pivx gave us more than fair enough >warning of the bugs and we simply failed to fix them in the allotted >time. We released a statement last week to the Unreal community >indicating that "we fucked up" in not addressing these concerns within >the given time and that we were already testing a patch with the security >issues corrected. In addition the official statement we gave pointed out >that we were fixing the holes and that the Pivx report was fair and >accurate. Licensees were already provided with the source code for the >security fixes. > >Again this was a moment-of-stupidity reaction and I sincerely apologize >to Pivx and the entire security community. Epic has already stated that >we will take these matters far more seriously in the future. > > >Mark Rein, >Epic Games Inc. > >Visit us at http://www.epicgames.com >