My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs.
…Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I know.
A lot of people online claim they “hate furries”, but almost none of them quite understand how prolific our community is, let alone how important we are to the Internet. As Stormi the Folf puts it…
I guarantee you the internet would collapse in a most horrific manner if all the furries in the world got Thano's snapped.They *run* the internet in more ways than most people realize
— 🦊Stormi the Folf🐺 🔜FWA (@StormiFolf) April 23, 2020
Stormi is the Potato of Knowledge and Floof
What Stormi’s alluding to is true, and that’s a tale best told by an outsider to our community.
Telecommunications as a whole, which also encompasses The Internet, is in a constant state of failure and just in time fixes and functionally all modern communication would collapse if about 50 people, most of which are furries, decided to turn their pager off for a day. https://t.co/k1UqOv5kpd— Ẑ͚͔͍̻̤̟ä̶̼̗̟͔́̿̾̓n̬͙̫̿͑͊̈̚d̡̰̭̞͖̟̖̟ͬ̚ê̺͖̂ͩ̀̉ͣrͪ̓ (@mmsword) November 28, 2019
Their follow-up tweet that elaborates on furry involvement is here.
So I’d like take the time to explain why nobody should ever underestimate the ingenuity or positivity of the furry community.
The Furry Fandom Has Saved Lives
https://www.youtube.com/embed/3h9sO17CV9A?feature=oembed
This is just one of many anecdotes. You can find many more here.
Although the furry fandom is widely misunderstood, it’s difficult to overstate how many lives have been saved and enriched by our community.
I wanted to share this touching moment. @Reo_Grayfox was telling me his story, and said those lines while staring straight into his fursuit's eyes. Hearing personal stories like this makes you appreciate the vastly diverse reasons why the furry fandom is essential to so many. pic.twitter.com/fD09Wmv6mf— Joaquín Baldwin (@joabaldwin) January 22, 2018
Furries Provide Much-Needed Comfort to Others
In 2016, refugees from the civil war in Syria ended up in a hotel in Canada. This would have been an utterly remarkable fact if it wasn’t the same hotel and weekend as the local furry convention, Vancoufur.
The kids loved it.
This isn’t an isolated incident either. Our community is well-known for kindness and generosity in spades.
https://charcoalthings.tumblr.com/post/132996328881/i-will-defend-furries-to-my-grave
https://wakor.tumblr.com/post/126072529744/ok-you-know-what
What’s there to hate?
The Furry Fandom is Collectively Pretty Bad-Ass
No, not like that.
The fandom is bad-ass in as many ways as the fandom is incredibly diverse.
90s furries built the Internet pic.twitter.com/Gicxme2HkT— SwiftOnSecurity (@SwiftOnSecurity) April 30, 2019
SwiftOnSecurity knows the truth about more than just corn.
So one of my friends said furries pretty much run the US nuclear response communication networks. Just in case you're worried about Trump.— SwiftOnSecurity (@SwiftOnSecurity) November 12, 2016
Seriously.
Some of the Most Talented People You’ll Ever Meet Are Furries
eSports Champions:
https://www.youtube.com/embed/TWhrECl6zOY?feature=oembed
Musicians:
https://open.spotify.com/embed/album/4NlXsjKmcWegIfQEI0JzHK?utm_source=oembed
Artists and costume makers: I could literally link to hundreds of artists here. Follow me on Twitter; I retweet a lot of cute stuff.
Pretty much everything you could aspire to be that isn’t also terrible, if you look hard enough, you’ll find furries in the leaderboards having a fun time with it all.
The only reason to hate furries is thinly-veiled homophobia, because only about 25% of furries are heterosexual.
Why So Curious?
If I’ve made you curious about our community, and now you want to learn more about us, I’ve got you.
https://www.youtube.com/embed/K2XeOxWW2oY?feature=oembed
Psychology Today: What’s the Deal with Furries?
Furry Fandom Documentary When?
https://www.youtube.com/embed/cF9DQQsUcs0?feature=oembed
Ash Coyote is releasing a documentary about our subculture soon, titled The Fandom. You can find out more about it on her YouTube channel.
https://soatok.blog/2020/04/23/never-underestimate-the-furry-fandom/
#furries #furry #FurryFandom #hateMail #positivity #Society
There are two news stories today. Unfortunately, some people have difficulty uncoupling the two.
- The Team Fortress 2 Source Code has been leaked.
- Hackers discovered a Remote Code Execution exploit.
The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient reason to uninstall the game and wait for a fix to be released. Good on everyone for reporting that. You’re being responsible. (If it’s real, that is! See update at the bottom.)
The first point might explain why the second happened, which is fine for the sake of narrative… but by itself, a source code leak is a non-issue that nobody in their right mind should worry about from a security perspective.
Anyone who believes they’re less secure because the source code is public is either uninformed or misinformed.
I will explain.
Professor Dreamseeker is in the house. Twitch Emote by Swizz.
Why Source Code Leaks Don’t Matter for Security
You should know that, throughout my time online as a furry, I have been awarded thousand dollar bounties through public bounty programs.How did you earn those bounties?
By finding zero-day vulnerabilities in those companies’ software.But only some of those were for open source software projects. CreditKarma definitely does not share their Android app’s source code with security researchers.
How did you do it?
I simply reverse engineered their apps using off-the-shelf tools, and studied the decompiled source code.Why are you making that sound trivial?
Because it is trivial!If you don’t believe me, choose a random game from your Steam library.
Right click > Properties. Click on the Local Files tab, then click “Browse Local Files”. Now search for a binary.
Me, following these steps to locate the No Man’s Sky binary.
If your game is a typical C/C++ project, you’ll next want to install Ghidra.Other platforms and their respective tools:
If you see a bunch of HTML and JS files, you can literally use beautifier.io to make the code readable.
Open your target binary in the appropriate reverse engineering software, and you can decompile the binary into C/C++ code.
Decompiled code from No Man’s Sky’s NMS.exe file on Windows.
Congratulations! If you’ve made it this far, you’re neck-and-neck with any attacker who has a leaked copy of the source code.Every Information Security Expert Knows This
Almost literally everyone working in infosec knows that keeping a product’s source code a secret doesn’t actually improve the security of the product.There’s a derisive term for this belief: Security Through Obscurity.
The only people whose job will be made more difficult with the source code leak are lawyers dealing with Intellectual Property (IP) disputes.
In Conclusion
Remote Code Execution is bad.The Source Code being public? Yawn.
Pictured: Soatok trying to figure out why people are worried about source code disclosure when he publishes everything publicly on Github anyway (2020). Art by Riley.
Update: Shortly after I made this post, I was made aware of another news story worthy of everyone’s attention far more than FUD about source code leaks.With the Source leaks happening today, I think everyone is missing the most important part: how much does Valve swear? I tallied up instances of these words in the leak*:"fuck": 116
"shit": 63
"damn": 109*There was some non-Valve stuff in the leak; I didn't count it
— @tj (@tjhorner) April 22, 2020
Well damn if that doesn’t capture my interest.
Now this is the kind of story that makes Twitter worthwhile!Is the RCE Exploit Even Real?
Update 2: I’ve heard a lot of reports that the alleged RCE exploit is fake. I haven’t taken the time to look at Team Fortress 2 or CS:GO in any meaningful way, but the CS:GO team did have this to say about the leaks:We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.— CS2 (@CounterStrike) April 22, 2020
Fake news and old news are strange (yet strangely common) bedfellows.
https://soatok.blog/2020/04/22/source-code-leak-is-effectively-meaningless-to-endpoint-security/
#commonSense #informationSecurity #infosec #misinformation #reverseEngineering #security #securityThroughObscurity #sourceCode
