婆罗门
精华
|
战斗力 鹅
|
回帖 0
注册时间 2017-2-28
|
楼主 |
发表于 2020-5-3 19:30
来自手机
|
显示全部楼层
Kidinthe21st 发表于 2020-5-3 19:19
能下定论了吗我听好多个版本了
-- 来自 能看大图的 Stage1官方 Android客户端 ...
这个是Jason本人确认的,你可以自己考量
这边还有一个详细版:https://mobile.twitter.com/PixelButts/status/1256792950136172550
Every ND game has a "final" patch that is pushed to the game that contains an Amazon AWS key, that when paired with a secret bucket ID it will give full access to the server's contents.
Theres a different key and bucket ID per game, this is important
This vulnerability was discovered recently and some hackers took full advantage of it, saving TLOU1, UC3, and other dev stuff.
At the time, it was disclosed to me around early February, and was very early on so ~January 2020 it was discovered
Come March, keys and data was saved, somewhere around 1-3TB, though I can only say 1TB for sure.
They were trying to dump TLOU1 in an effort to get that games key as UC3 had TLOU1 material, so surely TLOU1 had TLOU2? No idea in the end but come April things got spicy
In April all the leaks of story were validated by the footage posted. I cannot speak for the text posts with story, but I can say that the dates from discovery and disclosure match with timestamps in the footage as well.
You can check yourself, bottom left of all footage
Come may 30th, late at night, the source that disclosed this to me stated that the key had changed so ND for sure knew how to resolve this issue, and no keys work with the bucket IDs now.
This is good but theres more
The individual that spoke to me is a direct source of this compromise, but is NOT (as far as I am aware, or can tell) not the one that leaked this material. I say this because even they were weirdly skeptical about the "ND employee leaked things because they were mad"
I've been watching this for about 3 months now, and after speaking to a first hand source of this, my only conclusion is they (and their immediate circle) did not leak it, but shared information relating to what I described, and another party proceeded to leak such material
This is not the first time this has happened in circles like this either to boot.
I trust their word as a first hand source of this happening, and I trust that theyre not dumb enough to leak it, but whether they leaked everything to get such is another story.
In regards to the devkit nonsense: yes you would need a devkit to do this and given that its relatively easy to get one (yes really, it is) this is not very much of a problem.
I can say the circle for the vulnerability owns such hardware as well, I've seen the photos
What's the point I'm making?
The point: there's plenty of room to argue an ND employee is involved, but from the evidence (which I have submitted to ND back in February) stands to point to an ND-made security vulnerability that was exploited. Not an angry employee
While I will not give names, I will say this: I've been around, I know leaks, I listen, I watch, I keep tabs on things. I've known about this for months and kept quiet publicly but since it's blocked out now and news coverage confirmed what I've known I decided to say so publicly
I have no affiliation with the group, I have no materials from the leak, and I'm not going to. I had my ass bitten once and I dont need a second round of it, but putting the truth out there is important, because even then you'll still have people saying it was an ND employee
Don't believe what sounds like the juiciest story, even if it's what you wanna hear. Sometimes it's really that boring. Hackerman exploiting a vulnerability created by the company's own games to gain internal access.
Hopefully this has been enlightening for you
And as one final note: the person that spoke to me asked me about my previous legal run-in. That's primarily what led to this disclosure to begin with.
I do not advocate or suggest stealing and leaking. Preservation is important, but dont do it through stealing.
Tacking this onto the bottom since people insist that it was an ND employee when no, it wasnt. Why you think it's an ND employee that leaked this is still baffling to me
|
|
沪公网安备 31010702007642号 )
发表于 2020-5-3 19:12
我听好多个版本了
黑服务器比QA内鬼合理多了,当年DMM的服务器漏洞让多少A片还没卖就能被下载下来
当然是骑兵,又不是片商的服务器