wot-replays.org: Not all is well in replay land, a followup
A week ago, give or take, I posted about a data disclosure vulnerability associated with replay files. In the past week I've been waiting for any sort of news out of Wargaming, but have heard nothing. I did ask the mod who originally hid the topic about an update, and he hadn't heard anything yet either.
The mod also commented that he thought having posted it all on my blog wasn't really cool, which admittedly, it's not. But I did explain that my reasons for doing that are to make sure WG can't shove this under the carpet somewhere.
Unfortunately, I'm getting the feeling they're not necessarily trying to do that, but it's not being taken seriously either. There have been no questions about the why, what, and how - which is quite normal in situations like this. There hasn't been a single peep about "yes, we saw it, we're working on it". I don't necessarily want the details, but I do want to know that something is being done.
Granted, on the grand scale of things there are worse vulnerabilities out there, but after seeing how WG works, I want them to do the right thing and man up. But it looks like they won't be. In light of this, I'll be dedicating another series of posts to the replay file format, except this time I'll be discussing the un-packed and un-encrypted format instead.