Post by: UnderGod on October 2, 2003 09:04 pm CDT
What does this mean?
It means with the complete source visable, it will be impossible to stop cheats from being made. No matter what kind of protection they use.
This also means that there will be no need for any CD keys because the auth code can be patched without any hassle.
In the long run, Sierra will lose a couple hundred thousand in sales, not to mention making a game that was supposed to be impossible to hack, opened right up for the hackers/crackers.
Well.. Knowing Sierra.. They will probably fire Valve for this. On top of that, they might just start over on the game.
Post by: Darwin on October 2, 2003 09:21 pm CDT
Post by: Particle on October 2, 2003 09:21 pm CDT
It wasn't Valve's fault though.
Post by: UnderGod on October 2, 2003 09:24 pm CDT
As for rewriting the auth code.. It could be done.. But it would take a while.. Further delaying the release.
Secondly.. You don't know it isn't valve's fault.. And Sierra fired Dynamix for almost no reason.
This code could go for around 50k easy on e-bay...
Post by: Darwin on October 2, 2003 09:26 pm CDT
Post by: Particle on October 2, 2003 09:27 pm CDT
Half Life 2 Source Code Leaked:
We have already heard the rumors running around the net about the Half Life 2 source code being leaked, no need to keep sending the different links to websites hosting the information. We have seen the different website that are listing the files, directory tree and posting screenshots of proof but we choose NOT to post that kind of stuff for several reasons.
There hasnt been any official word from Valve yet, but when there is we will certainly bring you their statements on the issue. No matter how you slice it, stuff like this is extremely bad for the game industry. If the source code has in fact been leaked then the cheaters are well under way to creating cheats and hacks and I dont know when that has ever been a good thing or "cool". The bottom line is this, the information is out there if you are looking for it but personally, I wont be posting any of the links to people hosting this stuff. Hopefully this all turns out to be a hoax. Thanks to unscrupulous scumbags that leak this kind of stuff, we can all be sure that the wait for Half Life 2 will be much longer.
Valves Official Statement:
It seems like the rumors were in fact true and there was a lot more happening behind the scenes on this one that previously thought. This isn't just a simple matter of a leaked source code CD or your basic hacking, this was some pretty serious stuff going on here. Valve is reaching out to you guys for some help in this matter. Here is a copy of Gabe Newells Official statement:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve. Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great. We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
Post by: UnderGod on October 2, 2003 09:31 pm CDT
HL2 was supposed to be unhackable. Perfect netcode... Bugless.. The perfect game.
As I said.. THat source is worth a few hundred thousand.. And would sell quickly on ebay
Post by: Darwin on October 2, 2003 09:36 pm CDT
Quote from: "UnderGod"
...As I said.. THat source is worth a few hundred thousand.. And would sell quickly on ebay...
*plays a chanting voice*
~Guess Who Has IIIIIT!~
*From Gamespot*
GS: Valve hasn't said anything about Half-Life 2's multiplayer. Is it fully developed and blossoming behind the scenes?
GN: Half-Life 2's multiplayer is something we're not talking about because we want to keep it as a surprise for our customers as we roll into our launch cycle. I play it every day. I think it's going to be very popular with the community.
^^Pwned?^^
Post by: ExplorerMan on October 3, 2003 12:02 am CDT
Quote from: "UnderGod"
HL2 was supposed to be unhackable. Perfect netcode... Bugless.. The perfect game...
It hasn't been compromised. So what, big deal, it will require an update of some sort to patch up some of the code. Tribes 2 had the same type of update when it first started.
Suprise, suprise, but based on the ecnonomics that will (or already have) gone on, it will be found cheaper and more cost effective to patch the problem, then to recall all production done to date. As such, yes, it is no doubt an inconvienience to all concerned parties, however, it shouldn't warrant anything quite as durastic as some would have you believe.
Speaking of the topic of piracy however... Buy this month gone pasts' PC Gamer Magazine, I picked it up 2 weeks ago, well worth the price.
Post by: Darwin on October 3, 2003 12:43 am CDT
Quote from: "ExplorerMan"
Suprise, suprise, but based on the ecnonomics that will (or already have) gone on, it will be found cheaper and more cost effective to patch the problem, then to recall all production done to date. As such, yes, it is no doubt an inconvienience to all concerned parties, however, it shouldn't warrant anything quite as durastic as some would have you believe.
Yes, it would cost a hell of alot less. But guess what? Then valve would be releasing a game that will have hackers throughout the servers on the first day of release. That would be an incredibly stupid move. I say wait for it, and let them fix the code. Perhaps they will get it even more polished
Post by: Lidge Farkley on October 3, 2003 12:47 am CDT
See, if I ran a dev company, the machines who were deving the real deal wouldn't even be on the same network as the main corporate machines, let alone have access to the internet. I say they had some sloppy business security practices, but of course I am kind of paranoid about anything I would even develope in the future.
The truth is that computers are so insecure that I am not at all suprised this would happen.
Post by: Jason_Xero on October 3, 2003 01:03 pm CDT
Quote
The truth is that Microsoft is so insecure that I am not at all suprised this would happen.
Post by: LastWish on October 3, 2003 02:54 pm CDT
Quote from: "ExplorerMan"
Quote from: "UnderGod"HL2 was supposed to be unhackable. Perfect netcode... Bugless.. The perfect game...
It hasn't been compromised. So what, big deal, it will require an update of some sort to patch up some of the code. Tribes 2 had the same type of update when it first started.
Suprise, suprise, but based on the ecnonomics that will (or already have) gone on, it will be found cheaper and more cost effective to patch the problem, then to recall all production done to date. As such, yes, it is no doubt an inconvienience to all concerned parties, however, it shouldn't warrant anything quite as durastic as some would have you believe.
Speaking of the topic of piracy however... Buy this month gone pasts' PC Gamer Magazine, I picked it up 2 weeks ago, well worth the price.
Big deal? People made hacks without half-life's full code.. very very potent hacks that eventually ruined CS for the most part..
Now, they have the full source code for HL2.. that is like playing the lottery when you know what the winning numbers are. Basically, it's like a grab bag for all the cheat-developers out there. It IS a big deal.. a simple patch can't change every bit of the code that HL2 was developed on.. hackers now have a map of everything that happens in HL2, so now they can use all kinds of exploits that they would never think of without the source code.
Post by: UnderGod on October 3, 2003 03:35 pm CDT
Post by: Silvanoshei on October 3, 2003 03:36 pm CDT
Post by: LastWish on October 3, 2003 03:43 pm CDT
Post by: Silvanoshei on October 3, 2003 04:21 pm CDT
Post by: Particle on October 3, 2003 06:03 pm CDT
Automatically have all net traffic logged and refuse service permissions under all circumstances. Also, only allow like email/http/ftp access with a "virtual buffer" system in place where all data is pooled instead of being directly sent, where it can be scanned and more particulars of malicious intent filtered.
It could still be compromised, but it would be very remote.
Post by: UnderGod on October 3, 2003 08:02 pm CDT
Post by: Silvanoshei on October 3, 2003 09:01 pm CDT
Post by: Particle on October 4, 2003 08:09 am CDT
Quote from: "UnderGod"
Firewalls can be bypassed, and antiviruses didn't pick anything up =/
You obviously didn't read my post well, or you wouldn't have said that. Antiviruses pick up common trojans, etc. They aren't there to prevent access, but rather help if there has been some.
The machines would have internet but be almost completely isolated from it. No servers could run (reporting malware: key loggers, remotes, DDOS agents), or at least they wouldn't be useful. It would be hard to target them in the first place. You could have a simple app setup to detect certain types of intrusions as well. If x event happens, disable the network card and shutdown the server. It's not like that's a common (or looked for) type of app. Companies focus way too much on just making the firewall more secure, instead of spending just a little time to handle what happens after one is penetrated.
The machines would be near impossible to actively target.
Post by: Khorne on October 6, 2003 10:23 am CDT
Post by: UnderGod on October 6, 2003 04:37 pm CDT
Doubtfull.
Post by: Darwin on October 6, 2003 05:47 pm CDT
Post by: Jason_Xero on October 8, 2003 11:58 am CDT
http://money.cnn.com/2003/10/07/technol ... tm?cnn=yes (http://money.cnn.com/2003/10/07/technology/vivendi_code.reut/index.htm?cnn=yes)