An interesting story up on Bluesnews today. It appears that there is a potential risk in all Unreal games leaving users open to Denial of Service, DDoS, and Bounce attacks online. Compounding the issue, the problem is not isolated to new releases, but to all Unreal games from the original Unreal to the recent Unreal 2.Read on for some specifics.
The report outlines the problem, which affects dozens of games from Unreal through Unreal II, and describes how the author of the report held off on publicizing this for almost three months to give time for Epic to devise a fix. I contacted Epic's Mark Rein to ask about this and he was very frank about how this had indeed been brought to their attention, but had unfortunately fallen through the cracks. He sent along a list of changes for the next planned UT2003 patch which will now address these vulnerabilities, and says it's likely that a small patch will be issued to address these in the original version of Unreal Tournament as well. As for other games using the Unreal engine, he says that fixes like this are always made available to licensees, who will then be able to issue patches of their own should they so choose.
Three months is a disturbing amount of time for this revelation to have passed without a pre-emptive fix. I'm not remotely suggesting that Epic ignored the problem, but it does raise questions as to how serious and inherant a problem this is with the engine. Mark Rein goes on to say:
I won't sugar coat this. We f*cked up on this. Yes this is real and yes this was brought to our attention and yes we should have fixed it by now. We are working on fixing this now and we will have this fixed in an upcoming patch before too long.
You know, I just have a ton of respect for this guy. When it hits the fan, this guy is there to step up and take the flack. - Elysium