Blizzard's massive security flaw

in life •  7 years ago  (edited)

Today, the Google security researcher found a glaring flaw with the Blizzard Update Agent that allows for hackers to take over the victims computer.

Through a hacking technique called DNS Rebinding, where a hacker can modify a website as a bridge between an external server like Blizzard's 'BattleNet', to the victims localhost. The website part of Blizzards security flaw came from an application called the Blizzard Update Agent, which runs a 'JSON_RPC' server over an HTTP protocol (JSON-RPC is just a computer protocol which controls some data and and commands) . Through DNS Rebinding, a hacker can reroute anyone to visit a a webpage through the Blizzard Update Agent, in which the website can automatically download malicious files. This download is not protected nor scanned by any kind of computer security/virus software because the user has given the application which allows the applications to make changes to the computer if necessary.

Fortunately, as far as we know, Travis Ormandy, the leader of the Google Project Zero (a project consisting of security analysts to find zero-day exploits), was the first the discover this exploit, and Blizzard has already announced that a security patch is underway.

So if anyone stills plays Starcraft, message me so we can play sometime (hard to find new friends in a dead game :'(

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!