Progress wrote:
You are "citing" examples that have nothing to do with the actual topic, basically. Just because an SQL injection is a potentially "possible" way to "get in", doesnt mean it is always possible. And in this case, the client is most likely not even running an SQL server of any kind. A buffer overflow is not always possible, either. It is no joke that openbsd is probably the most secure OS available right now - and has been for some time.
Oh my bad I thought SRO ran on a server at joymax's end. So citing different types of remote vulnerabilities etc that can be attacked might be topical. Guess I was wrong.
As far as BSD goes I use it so you are preaching to the choir. I may not be the loudest one in the choir. BSD is great and all. But it is not all that. Last time I looked at installing a high demand SQL server on a BSD box I found it was hampered by poor to non existant pthread implementation. Eh but that is nither here nor there security wise.
Progress wrote:
Just because they can modify packets doesnt mean the server wont check and discard them if they "ask" for something that the "client" isnt supposed to be able to do.
Does not mean the server will check either. We don't know. What was the point again?
Progress wrote:
Because it hasnt happened yet, at least i havent seen an indication that it would be the case.
Well when it comes down to it between what we know and what we have seen there is still alot we don't know. Recently there have not been alot of public and visible hack attacks. Does not mean they have not happened. The absence of evidence is not the evidence of absence. What about the mass unique spawning "bugs". It has happened at least twice now. It is possible the bug was re-introduced due to a regression. But how do we know they were really benign bugs and not the result of an active attempt. Something like that could be a good way to draw attention away from someplace else. Still no matter what you and I say this all remains conjecture.
Progress wrote:
It is possible that their servers do have vulnerabilities that can be exploited remotely. This doesnt really matter much unless you actually know what they are. I really dont wanna get into a free software vs closed source discussion, but one thing is correct, if you dont know what the bug is, it is unlikely that you can exploit it.
Well since you bring it up <sarcasm>Windows is by definition the most secure OS on earth</sarcasm>
Progress wrote:
What you seem to not understand is that there is not always a "way in".
Computer security lesson 1. There is no such thing as impenetrable security. THERE IS ALWAYS A WAY IN. It comes down to how bad do they want to get in. And I can think of a few parties that would love to get access to higher lvl accts to take the gold, goods, and even the accts themselves to sell on e-bay for real money. If that is not motivation I don't know what is.
But anything further from either of us is pure conjecture and pontification. To whit the non tech readers scream: "Mein eyez! Zegogglz! Ze do notzing!".
