1. Hey Guest, is it this your first time on the forums?

    Visit the Beginner's Box

    Introduce yourself, read some of the ins and outs of the community, access to useful links and information.

    Dismiss Notice

Direly Important Update (Build 349)

Discussion in 'Announcements' started by MM, Apr 1, 2012.

  1. MM

    MM THD Team THD Team Administrator Global Moderator

    Messages:
    327
    We’ve made a pretty bad mistake with one of the more recent updates, which added some functionality to the autoupdater. We’ve been working furiously over this weekend to solve the problem, and have finally finished the work needed to solve the problem, which we’ve put into an emergency patch.
    The exploit (which we wont detail for lack of further harm) allows malicious users to inject code directly into KAG. As such, literally anything could be happening to your computer as you play. Many of the users reporting strangeness with their computers (ie the reports that tipped us off that something was awry) also report not being able to log into the forums, as their accounts have been deactivated in the database.
    Reports have come in of people’s computers randomly popping up pornography, uninstalling KAG, openning hundreds of windows, consuming large amounts of bandwidth, and other blatant troll-virus symptoms.
    Luckily, MM’s computer was attacked yesterday, and we were able to learn more about the technical side of the attacks.
    Most of the attacks have contained some reference to urls containing ‘incarnum.net’, either grahically or as a target address for intercepted encrypted outbound traffic. It isn’t clear yet if it’s incarnum launching these attacks or someone with a vendetta against him trying to marr his name - we’re working on cracking the encrypted packets to get a clue.
    We’re not sure how many computers have been affected, but regardless this patch should be the end of any new infections. Be sure to run a virus scan after installing.
    I know this falls on april 1st for some of you, but this is no joke. Patch your game.
    MM & Geti :shad:
     
  2. BoiiW

    BoiiW Shark Slayer

    Messages:
    338
    Ah I just started KAG, saw an update and only found 3 servers. This explains it :) Thanks :]

    By the way, I still have the feeling this is an April's fools :p

    EDIT: I still can find only 3 servers after this patch... :shad:
     
  3. DawnOfNights

    DawnOfNights Shopkeep Stealer

    Messages:
    83
    Wow, luckly this hasn't happened to me yet, but i did see some weird stuff, like greg roar, greg scream, wings, wing sound ect. I wonder what they are planning for the next release...
     
  4. Raron

    Raron KAG Guard Tester

    Messages:
    543
    Downloading actor sounds...
    :shad:
    Sure aint april fool :p
     
    GHOZT, MooCowMan and PumpkingSlice like this.
  5. armymanpwns

    armymanpwns Bison Rider

    Messages:
    29
    Just wait a bit, there's more now but a lot still have to update obviously. :P
     
  6. Cadbury

    Cadbury You can't escape. Donator

    Messages:
    106
    Were people infected by entering a specific server, or could it have been anyone who logged into KAG? :shad:
     
  7. Rayne

    Rayne ༼ つ ◕_◕ ༽つ Administrator Global Moderator Forum Moderator Tester

    Messages:
    1,916
    This is not an april fools joke, there was a serious issue involving players :shad:who had somehow gained rcon access to ALL servers, regardless of password, also other issues.
     
    Boxpipe and PumpkingSlice like this.
  8. Xlayer

    Xlayer Haxor

    Messages:
    263
    I got chills when I read that blog post. Luckily it didn't happen to me, but I feel so bad for any victims. :oops:
     
  9. Adinxs

    Adinxs Bison Rider

    Messages:
    340
    Do you have the beginner filter on?
    If it is on you only get a few servers.
     
  10. NEMS

    NEMS Arsonist

    Messages:
    85
    Wow. :shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad::shad:
     
    Vidal, SARGRA13 and MooCowMan like this.
  11. BoiiW

    BoiiW Shark Slayer

    Messages:
    338
    But I don't get it, how can a game like KAG have all these permissions on our computers? There should be restrictions programmed in the application that makes it unable to alter anything but the KAG map right?
     
  12. Geti

    Geti Please avoid PMing me (poke a mod instead) THD Team Administrator Global Moderator

    Messages:
    3,730
    To clarify:
    The exploit was able to be performed using commands from a server to client to download data using some unprotected autoupdate functionality and cache it - its functionality that wasn't supposed to be exposed yet, to allow servers to download mods to clients. Unfortunately it was exploited to distribute viruses. If you scan /base, /cache and /downloads and nothing comes back, you should be good. :shad:It could technically be performed on any server by any member who had full RCON rights (ie not guards). We're unable to identify the source of attacks because the logging isn't up to scratch (unless we got server logs from everyone, and even then it'd be a giant task to pour over them all and find the culprit, which would probably be an alt anyway). As stated in the blog post, incarnum.net was a recurring element in the infection, on MM's computer anyway. We're unsure if pawel is involved, I'm not sure he'd be that blatant but you never can tell.
     
  13. Teemo

    Teemo T͔̕e͖͚̖̯̩̪͙͝e͡m̖o̤̪͘ Forum Moderator Donator Tester

    Messages:
    244
    it's in alpha
     
  14. BlueLuigi

    BlueLuigi :^) Forum Moderator Donator Tester

    Messages:
    3,620
  15. nuggitx

    nuggitx Shopkeep Stealer

    Messages:
    57
    Is it safe to play now? I'm kinda paranoid about these things and now i'm unsure if KAG is safe !!!
     
  16. evene

    evene Builder Stabber

    Messages:
    18
    in any case you should always wear protection in this kind of situations.
     
    SARGRA13, Serolfic and MooCowMan like this.
  17. TheFilip

    TheFilip Ballista Bolt Thrower

    Messages:
    204
    No problem, as long as you guys fix it.
     
  18. King_Colin

    King_Colin Catapult Fodder

    Messages:
    2
    Should this be something server owners are concerned about? I'd hate to have a virus on my server... :shad:
     
  19. Monsteri

    Monsteri Slower Than Light Tester

    Messages:
    1,916
    Bring us the head of incarnum! Crucify!
    Proof: There's a message to aliens in his website.

    You're allowing server-side mods btw? I hope that these will be very obviously marked in the server list, because when I want to have a serious game, I don't want to encounter servers with running pink dildos. Unless it doesn't mean that sprites can be changed.
     
    SARGRA13 likes this.
  20. Adinxs

    Adinxs Bison Rider

    Messages:
    340
    I had an encounter of something along those lines today, a :shad: thing picked up some players and flew off.