Minecraft developer Mojang has addressed a serious security flaw following a blog post that publicly chastised the company for not responding to proof that a security flaw could cripple the game's servers.
In July 2013, programmer Ammar Askar "responsibly and privately disclosed the problem" to the Minecraft team and asked for updates in "one month intervals over the course of 3 months". Feeling "ignored or given highly unsatisfactory responses", Askar broke his silence at the end of last week, frustrated that the vulnerability -- which allows you to "crash any server, and starve the actual machines of the CPU and memory" -- was not addressed despite two major updates and dozens of minor patches.
"I thought a lot before writing this post," Askar wrote in his blog. "On the one hand I don't want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act on it."... read more