mod approvals

any idea what is actually wrong? its been a few weeks and I'm wondering what the actual problem is

 

"For technical reasons"

 

yeah but its not very descriptive

 

could be something related to possible exploits?

 

maybe I just hope there able to get it working imagine how many mods they will have to approve once its working again! weeks worth of mod approval requests!

 

Those were my thoughts on security issues a few weeks ago:
Security improvements? Enough?

I suspect that the approval delay has something to do with it. That seems plausible to me. So I'll just be patient and keep my fingers crossed that the devs get everything done as desired.

 

I heard their double checking all repo mods for viruses and such because of the "Disney-Got-Hacked" Incident.

 

I don't understand how this "Disney" speculation crept in. Any "Disney" thing has nothing to do with it! Simply rubbish imo. I think they "harden" BeamNG against code infiltration via mods. Till this is done, mod approvals are delayed, that's logical. Of course, the re-checking of all mods will be automated. I strongly recommend to avoid any mods from outside the repo untill we know more.

The fact that we don't get any clear statements from the devs further reinforces the thesis that these are security issues in my opinion. It is understandable.

Checking mods (zip files) with the help of any anti virus software definitely does not work and gives no safety at all for this issue. Those exploits work in a comletely different way: They provoke unhandled errors in the processing software (here BeamNG) and try to make the CPU jump into some memory areas containing "data". Building something like this is very complex. You can basically say that any mod can not be a virus by itself but it could turn BeamNG to do unexpexted things and then bring some small ugly piece of code disguised as data to execution.

That's my view as an developer. Hope that stops some speculation and helps to understand a bit. I am curious if and when we will find out more.

 

Many news sources like CNN don’t point a beamNG mod as a cause

 

It's good at least that the've pivoted to there security issues and are trying to fix them. I consider that worth the delay.

 

That's generally speaking an 'access violation' to my best knowledge, and 25 years ago was common to cause a 'General Protection Fault' in Windows 9x. I believe they've had protection in the CPU micro-code against executable code otherwise 'hidden' in RAM where it's not intended to have executable code for about 10+ years now. There's a no-execute (execute disable) bit that gets set for a given block of RAM. There is also some form of protection against this since almost 20 years ago when Core 2 Duo was released but I forget what that exact feature was.
However, using micro-code on this most basic level (since it's loaded in and initialized long before Windows or your OS of choice even begins to boot) can completely get around most protections even those built-in to the hardware itself, especially since most of them exploit firmware / micro-code bugs.
That said, hopefully that's all correct, as my memory doesn't serve me as well as it used to do.
If not, please correct this, as I'd like to know / not want to spread misinformation!
EDIT: Go figure the mod support is down right now when I actually polished off a Los Injurus release. Just my luck.

 

Yes, the protection of RAM against unwanted execution or writing is a standard since a long time. In general this works very well if the software and all used libraries have no errors in using this technique. Code injection gets possible if data provoces miss-interpretation at lowest level. Not all memory is protected so a few bytes are enough to alter a jumptable for example. It is very complex for a black hat hacker to find such security gaps. But they exist.
Edit: Of course, it remains questionable whether this is a possible reason for the current repository problem.