Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

1) I'm guessing this is how they handle people reconnecting after a disconnection. You terminate the old connection? 2) The bot replaces player 2, then submits a resignation. The server registers it as player 2 resigning.


Ah, makes sense. I guess they just assume that any client who is requesting to sit in that seat is authorized to.


Yeah, the seat is the problem. There are a LOT of security systems that depend on assuming the holder of a large random string, like a guid, is the proper holder of that string so it's not necessarily a bad thing for the match. They should have made the seat index random as well though they are probably now just checking credentials.


Looks to me like they only verified match ids, not the seats at all.


Yes, I had my desktop version of MTGA hang and when I connected to the match with my iPhone it immediately disconnected the desktop.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: