Minecraft Mods are Dangerous Again… (Bleeding Pipe)



Minecraft Viki (video wiki) ➜ https://minecraft.viki.gg

Keep yourself safe!
Want more? Check here…

-=Socials=-

Second Channel: @LunarVods
Twitter: https://twitter.com/Cygnus_MC
Discord: https://discord.gg/MDtfugqu5w

Want acces to the full interview and support my work?
Join the Patreon: https://www.patreon.com/CygnusMC

Thumbnail by: https://twitter.com/ApollyonX69
Pebble art by: https://midnightmorpha.carrd.co/

-=Summary=–

Bleeding Pipe, the newest exploit in minecraft 1.12.2 (and above), is as dangerous as the Log4J incident, and has already stolen Discord, steam and Minecraft accounts! The MMPA and serializationisbad has brought out statements, but put millions at risk, and meanwhile people where getting outrage about a stupid EULA changing. Ive tracked down and talked to one of the first people to get exploited @yoyoyopo5 and had him for an interieuw! Be sure to install PipeBlocker.

#log4j #bleedingpipe #minecraft
-=Timestamps=-

None

-=Credit&Sources=-

Mmpa on Bleedingpipe:
https://blog.mmpa.info/posts/bleeding-pipe/

SIB on Bleedingpipe:
https://github.com/dogboy21/serializationisbad/tree/master

Java ObjectInputStream:
https://docs.oracle.com/javase/8/docs/api/java/io/ObjectInputStream.html

Yoyoyopo’s Twitch:
https://www.twitch.tv/yoyoyopo5

Footage by ItsDrowned
https://www.twitch.tv/itsdrowned

source

29 thoughts on “Minecraft Mods are Dangerous Again… (Bleeding Pipe)”

  1. BEFORE YOU COMMENT READ THIS:

    – Corrections

    *THIS DOES NOT AFFECT SINGLE-PLAYER WORLDS, OR WHITELISTED SERVERS

    *This was not a zero day: While it was the first time a minecraft server was exploited, this has been known in java for years as Mad Gadget.

    *The MMPA are not as bad as i made it out to be: The MMPA and SIB apearently had some disagreements and arguements, causing me to sadly critizise them undeserved, these are good folks with the right intention.

    *Rusenon, while shown in the video as an acomplice, could just have been an hacked account.

    *OIS is a legitimate Java Class with real use cases, if used properly

    Reply
  2. Not taking a possible RCA seriously it's like… The stupidest thing to do
    Especially with serialization.
    Don't get me wrong, i absolutely understand the devs neglecting obsolete software but…
    Like is not that hard to check/sandbox what you got from the serialized packet(/file or whatever you're using)

    Reply
  3. Only confirms my belief that discontinuing the legacy console editions was a huge mistake.

    Good thing console edition doesn’t let you install mods, at least not easily. I have over a year’s worth of work on one world on there. Losing that would mentally destroy me.

    Reply
  4. This is one of the reasons why more stuff needs to be open-sourced. Even if the original developer is done with the project, other people may fork it and maintain it way past its lifetime, including for archaic versions of Minecraft too.

    Reply
  5. If someone hacks my discord account they can keep it. I have 2 step authentication on steam and anything that I've spent money on so they aren't going to get into those.

    Reply
  6. Not surprised honestly, with Microsoft doing their damnedest to control and monetize every aspect of minecraft, the fact we still haven’t settled on one mod launcher to use going forward, and the fact the community has gotten quite divisive in the past few years I wouldn’t be surprised if we suffer a few more attacks before Microsoft comes out with their own paid mod system as a “safe alternative” and sponsors enough of these attacks you can’t play modded minecraft safely anymore at all

    Reply
  7. That's actually scary what- I always have 2FA on all my accounts because I"m terrified of stuff like this. Geez. Good on you for getting the information out there, mate. 👍

    Reply

Leave a Comment