Odin.Slore said: »
Remember to comment out the pulse weapon part or enjoy your cells :)
cells
interlinked
PSA: Flaw Identified In Voidwatch Addon (Ban Risk) |
||
PSA: Flaw Identified in Voidwatch Addon (Ban Risk)
Odin.Slore said: » Remember to comment out the pulse weapon part or enjoy your cells :) cells interlinked tyalangan said: » Was he reporting “normal use” so he didn’t seem like he was purposely hacking the addon... It was confirmed the use case is normal during the look into the issue, the person who reported the issue is also not likely the one who modified the file, though couldn't really say who did modify the file. Odin.Slore said: » Great time to inform SE about this during a VW event. How many people were using this in last 2 weeks? How many people are gonna get nailed for this now inadvertently using it under normal conditions having no knowledge about a hack? Think SE will care that they didn't know about it? This probably just killed a ton of people. This is why the flaw was reported it now. To inform the community of the flaw and not SE then the flaw will be exploited. To inform only SE and not the community then more people might be banned. It is also not know how wide spread the use of the given variant for voidwatch.lua is or how SE will react the the report. If the issue has only come up as a result of the patch and no consistent exploitation is evident then there may be no bans, we just dont know. ryukin182 said: » The logic was almost coherent. Afraid of getting nailed again from last exploit and windower team getting blamed/targeted for lack of transparency. Now they are trying to do the right thing and be transparent... In the dumbest/stupidest/thoughtless possible way imaginable. At least their heart was in the right place? It seemed this was the reaction the community expects, If the windower team is informed of an exploitable flaw in the game the flaw should be reported. This is the first time its happened for the current team and that is what ended up being done with the information. Jetackuu said: » ryukin182 said: » In the dumbest/stupidest/thoughtless possible way imaginable. This, I can't believe ya'll. Are you that obtuse that you can't see? I mean the Windower team are the same people who don't really get ***for making the game better with things they bring to the table (additions QOL etc), what do most people here bring, just a lot of bitching, self-entitlement and crying. Man grow the *** up already. Quote: It is also not know how wide spread the use of the given variant for voidwatch.lua is or how SE will react the the report. If the issue has only come up as a result of the patch and no consistent exploitation is evident then there may be no bans, we just dont know. It would be great to know what some of the code was or a identifiable portion so people can check to know if people have that in their file. Think SE is going to be nice to those people and say, well you didn't know so we will let you slide this time? Incoming ban hammer round 3? What we up to for rounds this week? Chimerawizard said: » Is this an excellent troll, an actual dupe that got reported, or both? The underlying behavior that allows the flaw to became an exploit was reported to SE, yes was actually reported. Offline
Posts: 163
Odin.Slore said: » Quote: It is also not know how wide spread the use of the given variant for voidwatch.lua is or how SE will react the the report. If the issue has only come up as a result of the patch and no consistent exploitation is evident then there may be no bans, we just dont know. It would be great to know what some of the code was or a identifiable portion so people can check to know if people have that in their file. Think SE is going to be nice to those people and say, well you didn't know so we will let you slide this time? Incoming ban hammer round 3? What we up to for rounds this week? Dude... delete your file and download the one in OP if you want to continue using this add-on. What problem do you have with this logic? holy ***... WTF good does it do to people that already have a file that do not know if that code is even in there? They may have it in there and not even know. Yes they can get the new one but if they used the modified one what the hell good will that do?
Seriously spengler stop talking about ***you don't know Odin.Slore said: » It would be great to know what some of the code was or a identifiable portion so people can check to know if people have that in their file. Any code that differs from the one linked in the OP is likely bad, aside from just having values in the tables at the top of the file commented out. Odin.Slore said: » WTF good does it do to people that already have a file that do not know if that code is even in there? They may have it in there and not even know. Yes they can get the new one but if they used the modified one what the hell good will that do? Seriously spengler stop talking about ***you don't know Leviathan.Nitenichi said: » Jetackuu said: » ryukin182 said: » In the dumbest/stupidest/thoughtless possible way imaginable. This, I can't believe ya'll. Are you that obtuse that you can't see? I mean the Windower team are the same people who don't really get ***for making the game better with things they bring to the table (additions QOL etc), what do most people here bring, just a lot of bitching, self-entitlement and crying. Man grow the *** up already. hmm newsflash: windower on it's own is a bannable offense, although an unlikely one, everyone who has used it ever knows the risks, grow up. Offline
Posts: 189
Jetackuu said: » ryukin182 said: » In the dumbest/stupidest/thoughtless possible way imaginable. It's clear you thought about how they could have done it better for about as long as it took you to think of that extremely weird and stupid insult. They could have done a lot better job with how/when/what information was given. ryukin182 said: » Jetackuu said: » ryukin182 said: » In the dumbest/stupidest/thoughtless possible way imaginable. It's clear you thought about how they could have done it better for about as long as it took you to think of that extremely weird and stupid insult. They could have done a lot better job with how/when/what information was given. They have no obligation to. Grow up. ryukin182 said: » They could have done a lot better job with how/when/what information was given. The team welcomes constructive criticism this is the first time this has happened. if you have example of how you would have liked it handled I encourage you to share it. Offline
Offline
Posts: 14
It's hard to do better than "<X> version of a piece of software has a glitch that could get you *** over, use <Y> instead, and any further details than that go to the authorities", from the perspective of someone who does computer security for part of their job. ;P Y'all just need to get over yourselves.
Props to the Windower team for the PSA; it's an unsupported addon so they easily could have said nothing and let tons of people screw themselves. Literally nobody cares about bots that automate chest-popping except for pearl-clutching aunties who like to pretend they're not using GearSwap. SE doesn't, any more than they care about Windower itself. But something that sounds like it has the potential for some kind of severe, /unintentional/ bannable exploit is the kind of thing users ought to be made aware of ASAP. Fenrir.Niflheim said: » ryukin182 said: » They could have done a lot better job with how/when/what information was given. The team welcomes constructive criticism this is the first time this has happened. if you have example of how you would have liked it handled I encourage you to share it. If SE doesn't get ban happy for using a non-sanitized version before this thread, keep up the good work. I do not give a damn for me cause I don't use it. I do have a ancient copy on my system but with the exception of some wording location it is the same.
I mention this because no information was provided like code was changed around such and such a timeframe or section of code is such and such so if people have that they understand they probably screwed but causing a panic without anything identifiable for the person is kinda wrong. A simple if you have this partial line of code in your vw lua I got bad news for ya. Obviously it has already been reported so if anyone uses it after that they are a complete dumbass and deserve to be banned. Whether you know if your version is risky (well, riskier than just the normal version) doesn't help you; all that matters is what you do in the future with it, which they supplied sufficient information for.
Here's the thing though, the original was modified BECAUSE the cell/glow logic was flawed. It got modified to work properly.
Unless it's something else that was modified, this is why you can't be this vague. Now I highly doubt that simply switching two numbers or REMOVING a line of code caused it, but nothing would surprise me. Honestly a community PSA that said hey shits bugged, could lead to easier/more noticeable detection and bans, use this instead, we are investigating the issue and will report to SE when finished. Let the word get around without describing it explicitly as an exploit with potential upside, then after the ***storm calms down announce an end to said investigation (obviously can already found, potentially recreated and verified) report it to SE to allow for a better time window for the community to adjust what they have and give less of an excuse to the ignorant and stupid for continually using busted ***.
Granted this will probably only be rolling temp bans ala sphere botting or quetz so who really cares. But you can make the difference between putting people in the cross-hairs and helping the community. Also follow up after (if any) SE action takes place to verify it's been fixed and what was the cause would be much appreciated. is the modded one the the one with heavy metal pouches being declared important items? idk
Offline
Posts: 233
Quote: Literally nobody cares about bots that automate chest-popping except for pearl-clutching aunties who like to pretend they're not using GearSwap. SE doesn't, any more than they care about Windower itself. But something that sounds like it has the potential for some kind of severe, /unintentional/ bannable exploit is the kind of thing users ought to be made aware of ASAP. I always thought SE cared a lot about Windower. Thats why they added to vanilla; Windower, Tparty, Timestamp, Yarnball, Spellcast Doing that would both let the exploit fester for longer (opening up more people who are willing to take the risk to abuse it), give more chance for more people to get accidentally banned if SE figures it out first, and give them a higher chance of being retaliated against by SE because they knew about it but didn't immediately tell SE.
Offline
Posts: 189
Jetackuu said: » They have no obligation to. Grow up. But an even better way? Odin.Bluemule said: » Honestly a community PSA that said hey shits bugged, could lead to easier/more noticeable detection and bans, use this instead, we are investigating the issue and will report to SE when finished. Let the word get around without describing it explicitly as an exploit with potential upside Don't mention there's an exploit with an upside, this will cause 10x the amount of bans then there ever would have been if they said nothing. You can't/won't stop people from figuring out the upside of the exploit when they -know- it's there. You can even just say there's a code of line added that's not intended which will lead to a potential ban if that lua is used, here's a non-dirty lua. |
||
All FFXI content and images © 2002-2024 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.
|