User exposes Minecraft exploit after he said Mojang failed to act
About two years ago, a Pakistan-based developer named Ammar Askar discovered a vulnerability in Minecraft while he was working on mods for the block-building game. Askar says he informed Mojang AB of the problem, but after the studio failed to act on the information, he exposed the exploit on the internet, effectively forcing Mojang to come up with a fix. Yes, it’s essentially the premise to Live Free or Die Hard.
“I thought a lot before writing this post, on the one hand I don’t want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act upon it,” Askar wrote on his blog. “Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands [of] people play on servers running their software at any given time.”
Askar explained that the vulnerability made it possible for users to crash Minecraft servers with relatively little difficulty by overwhelming them with nested lists of data. While the lists look simple to create, they can be complicated for the servers to read, eventually causing them to run out of memory and crash.
“They have a responsibility to fix and properly work out problems like this”
Asker points out that fixing the problem “isn’t exactly that hard,” and he even offered a couple of suggested solutions to Mojang when he discovered the flaw two years ago.
“They have a responsibility to fix and properly work out problems like this,” Askar wrote. “In addition, it should be noted that giving condescending responses to white hats who are responsibly disclosing vulnerabilities and trying to improve a product they enjoy is a sure fire way to get developers dis-interested the next time they come across a bug like this.”
After releasing the details of the exploit, Mojang quickly released a fix that solved the issue. Askar updated his blog noting the solution, saying that the studio informed him that a fix had been implemented in the past, but it apparently did not address the problem.
“In retrospect, a final warning before this full disclosure more recently was probably in order,” Askar wrote. “A combination of miscommunication and lack of testing led to this situation today, hopefully it can be a good learning experience.”
Image credit: Mojang AB (c)
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
