• tleb@lemmy.ca
    link
    fedilink
    arrow-up
    72
    ·
    11 months ago

    The headline is about exposing your IP, which frankly isn’t that big of a deal. The actual article says it exposed your IP, and then includes arbitrary code execution as the after thought… Clearly the code execution is the massive vulnerability here lol

    • Auli@lemmy.ca
      link
      fedilink
      arrow-up
      9
      ·
      11 months ago

      Man shut down the net. When you visit a site your IP is leaked, well be the next headline.

    • HATEFISH@midwest.social
      link
      fedilink
      arrow-up
      8
      ·
      11 months ago

      Status no longer reports user Ips as those are hidden through some steam routing, I’m not sure if rcon status still reports it but that would be limited to server admins. If you open the steam overlay while in CS it shows some of the details.

    • Serinus@lemmy.world
      link
      fedilink
      arrow-up
      7
      arrow-down
      3
      ·
      11 months ago

      No, most multiplayer games and services these days only share your IP with the server, and not with other players.

      Leaking your IP to someone malicious can mean DDoS attacks and rough geolocation. IP can be a good narrowing to find your address when combined with additional information.

      SC2 is not a game one would expect to leak your IP and is a valid, small concern.

        • Serinus@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Choosing to join a private server is very different from having your IP leaked on official servers.

            • Serinus@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              11 months ago

              Being aware of the small risk you’re taking with one person (the server owner) versus being unaware of the risk you’re taking with many different random lobbies.

              Server owners are more likely to ban you than DDoS you. And it’s a single digit number of people with access to that information vs hundreds in random lobbies.

              The risk, while still small, is hundreds of times greater than a private server.

      • Auli@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        It can be very rough geolocation, currently my IP geolocates to a city around 300 Km away, other times the right city.

  • ipkpjersi@lemmy.ml
    link
    fedilink
    arrow-up
    20
    ·
    edit-2
    11 months ago

    If only leaking your IP was the huge exploit lmao. It literally allowed for arbitrary code execution which is infinitely worse. Honestly bad title by the author of that article, it’s far more serious than they let on.

    Pretty unfortunate bug but at least they patched it pretty quickly it seems.

  • thantik@lemmy.world
    link
    fedilink
    arrow-up
    19
    ·
    11 months ago

    It sounds like the person who posted this believes you can run code on people’s machines simply by having their IP address rather than there actually being any kind of exploitable code-running capability. Leaking your IP isn’t really a big deal, as you’re constantly leaking your IP any time you connect to anything anyways, and if CS:2 uses any kind of peer-to-peer to lower latency or make the game more responsive, you could have grabbed those ips with a simple netstat (for windows users) command anyhow.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      Right, the worst that can happen is a DDoS, you can take down a residential connection really easily. Those little consumer grade routers cannot handle much lmao

      • thantik@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        11 months ago

        And since most residential IPs are short-lived DHCP leases, instead of permanent IPs, a simple router reset will usually get you a new IP and you’re good at that point.

    • lud@lemm.ee
      link
      fedilink
      arrow-up
      6
      ·
      11 months ago

      My excuse is that it’s a waste. There is no point in doing that unless you want to do something that you are not allowed to do like hop regions or something.

      • smotherlove@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        11 months ago

        All of my traffic for all the devices in my home goes through VPN cause I have it configured at the router level. I’m not gonna turn it off for gaming.

      • hihellobyeoh@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        4
        ·
        edit-2
        11 months ago

        Security, that’s a major use of vpns.

        Edit: I should of pointed out that I meant limited use for security reasons, like accessing your bank account in public areas, its not much but it can help to protect you from MitM attacks at the very least.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          6
          ·
          11 months ago

          VPNs doesn’t really improve security in a way that usually matters.

          Nearly all web traffic is already encrypted.

          VPNs absolutely have their uses (like accessing remote networks, bypassing firewalls and censorship, piracy) but they are not needed for just using all the time.

          • smotherlove@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            11 months ago

            Web encryption is genuinely security theater considering whose root certificates come pre-installed. Microsoft has the ability to decrypt all web traffic on Windows at will due to their preinstalled cert, and they are almost certainly under gag order and compelled to give the NSA unrestricted access to this backdoor.

            Futher, the EU is going to install their certs on every computer and make it illegal for browsers to uninstall or untrust them. I don’t live in the EU so I can’t confirm if this is happened already but theoretically this can have global impact.

            I’m not saying a VPN necessarily helps here but your trust in web encryption is misplaced.

        • Nik282000@lemmy.ca
          link
          fedilink
          arrow-up
          5
          ·
          11 months ago

          YouTube sponsorship is the major use of VPNs. Hiding your IP does nothing to mitigate user tracking by application/hardware finger printing, tracking of users logged into a service, or tracking of user activity with cookies.

          • Auli@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            I know there are so many other ways they are tracking people. There was one discovered they put a list of I think 500 top sites and they could identify people with I think it was 90% accuracy, just by telling which sites they visited because the links turn purple. I these are the ones discovered, so they where doing this before people found out what else are the doing that nobody knows about yet.

        • Auli@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          So what are you gaining using a VPN to access your bank? Your bank website is https so it’s already encrypted. VPN’s are vastly misrepresented in their commercials.

          • smotherlove@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            11 months ago

            If you must know, I seed my public tracker torrents to a ratio of 10:1. That’s why I have a router-level VPN config. Someone’s gotta do it.

            • satanicleftist@lemmy.ca
              link
              fedilink
              arrow-up
              0
              ·
              11 months ago

              Okay but why not set up a separate/dedicated route for that traffic?

              Not that I disapprove of what/how you’re doing, curious because it’s what I do. I’d assume you’ve got a VM or node other than your workstation hosting your torrent client, otherwise this method doesn’t make sense.

              • smotherlove@sh.itjust.works
                link
                fedilink
                arrow-up
                0
                arrow-down
                1
                ·
                11 months ago

                The VPN runs on my router and my torrent client runs on my server. Anyhow, why would I want only some of my traffic to go through VPN when I can send it all through?

            • Nik282000@lemmy.ca
              link
              fedilink
              arrow-up
              0
              ·
              11 months ago

              Fighting the good fight. I have about 25 torrents that have one one seed, me, and can’t be otherwise purchased. I just leave them on unlimited ratio and feel better when every I see a leech connect.