Wow. That article is very interesting guys, this is a HUGE thing, I didn't realize it was that important. Man, I really feel bad for Valve. All of their hard work, staying up to the wee hours of the morning coding just went down the sh!thole. 
BoberFett
Lifer
- Oct 9, 1999
- 37,562
- 9
- 81
I don't believe for a second that anybody has been able to run the game. Compile it, perhaps. Assuming they had all the necessary libaries included in the archive.
But not only has Valve had who knows how many programmers working on this thing for years, they've also had a lot artists and modellers working for years. It would be hard to reproduce that effort in the space of a few days. Even turning out primitive models and artwork would still take a team of people a long time to complete.
But not only has Valve had who knows how many programmers working on this thing for years, they've also had a lot artists and modellers working for years. It would be hard to reproduce that effort in the space of a few days. Even turning out primitive models and artwork would still take a team of people a long time to complete.
OK, here comes my question. Add a MD5 checksum for every file and if only ONE file hasn't got the correct checksum, don't run the game. Or is that too easy?
You really have to feel for Valve right now, i mean yeah they may have been able to stop this by having tighter security but it begs the question why would anyone want to do this....Are the getting some kind of rush from bringing a company to their knees...or is this purely selfish in that they wanted to be able to cheat...if this was the reason, why didnt they keep it to themselves. It seems stupid to me, now we will have no game for the next maybe 6 months, it will cost Valve a lot and its basically just pissed a lot of people off. One question just out of interest, does anyone know how it came about first, was it posted in a forum or what?
Originally posted by: NogginBoink
It's a step in the right direction. But I'll just write a hack that gives your security checker the MD5 hash it expects to see.
Valve will most likely come up with a security scheme that's an extension of this idea. I recommend "Applied Cryptography" to really get a good handle on all the different dimensions of this kind of issue. Great book.
It's a step in the right direction. But I'll just write a hack that gives your security checker the MD5 hash it expects to see.
Valve will most likely come up with a security scheme that's an extension of this idea. I recommend "Applied Cryptography" to really get a good handle on all the different dimensions of this kind of issue. Great book.
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
Gabe Newell, Valve, quote from ars technica
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
Gabe Newell, Valve, quote from ars technica
I don't think you can make this analogy. For your researcher guy, he was trusting his data to the university's IT department, who probably made promises that they'd do backups for him. In that case, it's natural to trust the IT staff. At least, it's certainly a reasonable thing to do (in most cases). Protecting yourself against a deliberate malicious attack from the IT staff is like wearing a kevlar vest just in case your wife decides to shoot you.
In Valve's case, I agree: they should have known better. While maintaining totally separate networks for internet and source code is probably impractical, they obviously could have done more to protect their code.
For perspective, I have access to all of Microsoft's Windows source code from the machine on which I'm making this post.
Is that unreasonable? No, I don't think so.
Is it a security risk? Absolutely.
Should Microsoft keep their source code on a totally isolated network that has no bridges to the Internet? Well, it'd be secure (to an extent) but it would make it much harder for Microsoft programmers to get their jobs done.
So the network that I'm on enforces antivirus software on the machines, has ACLs on the files and folders, and regular audits are done.
Security is very much a big set of compromises. Anyone who claims it is black and white doesn't know what they're talking about. Read the new book "Beyond Fear" by Schneier for more.
**UPDATE FROM GABE** Taken From Shack News
1) We've taken our network connection down to pretty much a minimum. We're still finding machines internally that have been compromised.
2) The suite of tools that the attacker was using included the modified version of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker Defender (a process, registry key and file hiding tool), the key logger, and various networking utilities that allowed them to transfer files (compressors, NetCat, and FTP). We also are pretty sure they were sniffing our network to gather passwords and other information. Haxker Defender includes a file system driver that allows an attacker to have stuff on your machine that is invisible, unless you do something like mount the drive under another OS that has NTFS support.
We have determined one way of detecting some infected machines, which is using a connection viewer to detect connections to anomalous hosts external to our network.
We still don't know their entry method.
3) In general, the community has been remarkably swift at tracking down the sources of the leak. What would be most helpful now are IP addresses of the people who were responsible for the intrusion or for the denial of service attacks.
4) Also, please continue to send in URLs of websites hosting the source code. We've been contacting people and asking them to take it down.
5) There's anecdotal evidence that other game developers have been targeted by whoever attacked us. This hasn't been confirmed. We've been providing other game developers with more detailed information about the exploits and evidence of infiltration.
6) We're running a little bit blind with our network shut down, but it seems like some of the press has picked up the story. I've been fielding calls from the mainstream non-games, non-technical press.all day. Hopefully they will get to report shortly what a mistake it is to piss off a whole bunch of gamers and get them hunting you around the Internet.
For any information related to this, please send it to helpvalve@valvesoftware.com, or you can always send to gaben@valvesoftware.com as well.
**Edit** Link
1) We've taken our network connection down to pretty much a minimum. We're still finding machines internally that have been compromised.
2) The suite of tools that the attacker was using included the modified version of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker Defender (a process, registry key and file hiding tool), the key logger, and various networking utilities that allowed them to transfer files (compressors, NetCat, and FTP). We also are pretty sure they were sniffing our network to gather passwords and other information. Haxker Defender includes a file system driver that allows an attacker to have stuff on your machine that is invisible, unless you do something like mount the drive under another OS that has NTFS support.
We have determined one way of detecting some infected machines, which is using a connection viewer to detect connections to anomalous hosts external to our network.
We still don't know their entry method.
3) In general, the community has been remarkably swift at tracking down the sources of the leak. What would be most helpful now are IP addresses of the people who were responsible for the intrusion or for the denial of service attacks.
4) Also, please continue to send in URLs of websites hosting the source code. We've been contacting people and asking them to take it down.
5) There's anecdotal evidence that other game developers have been targeted by whoever attacked us. This hasn't been confirmed. We've been providing other game developers with more detailed information about the exploits and evidence of infiltration.
6) We're running a little bit blind with our network shut down, but it seems like some of the press has picked up the story. I've been fielding calls from the mainstream non-games, non-technical press.all day. Hopefully they will get to report shortly what a mistake it is to piss off a whole bunch of gamers and get them hunting you around the Internet.
For any information related to this, please send it to helpvalve@valvesoftware.com, or you can always send to gaben@valvesoftware.com as well.
**Edit** Link
aww boo hoo
Like there wouldn't be hacks for it anyway. There are hacks for HL1 and UT and those were never leaked. It doesn't take a leak to make a hack. Hell there are hacks for bf1942 now too. Yeah that dweeb that kicked your ass in DC or BF1942 was probably using a hack if you're any good at the game.
And like HL2 technology is all that great. whoop dee do. I saw the preview movie they released and it wasn't much better than UT2k3 in the graphics dept. Ut2k3 has reflective metal surfaces too in case you didn't realize. And it runs a lot smoother on lower end systems than HL2 could ever dream of running.
flame away fanbois...
Like there wouldn't be hacks for it anyway. There are hacks for HL1 and UT and those were never leaked. It doesn't take a leak to make a hack. Hell there are hacks for bf1942 now too. Yeah that dweeb that kicked your ass in DC or BF1942 was probably using a hack if you're any good at the game.
And like HL2 technology is all that great. whoop dee do. I saw the preview movie they released and it wasn't much better than UT2k3 in the graphics dept. Ut2k3 has reflective metal surfaces too in case you didn't realize. And it runs a lot smoother on lower end systems than HL2 could ever dream of running.
flame away fanbois...
BoberFett
Lifer
- Oct 9, 1999
- 37,562
- 9
- 81
Apparently you saw the movie, but you didn't watch it. The models and animation are far beyond any game to date.Originally posted by: element®
aww boo hoo
Like there wouldn't be hacks for it anyway. There are hacks for HL1 and UT and those were never leaked. It doesn't take a leak to make a hack. Hell there are hacks for bf1942 now too. Yeah that dweeb that kicked your ass in DC or BF1942 was probably using a hack if you're any good at the game.
And like HL2 technology is all that great. whoop dee do. I saw the preview movie they released and it wasn't much better than UT2k3 in the graphics dept. Ut2k3 has reflective metal surfaces too in case you didn't realize. And it runs a lot smoother on lower end systems than HL2 could ever dream of running.
flame away fanbois...
I wonder if responsible for the delay. Once they find them I hope they publicly release thier names and IP Address to the entire gaming community.
silverpig
Lifer
- Jul 29, 2001
- 27,703
- 12
- 81
No no, it makes complete sense. Spend millions in R&D coming up with the most advanced game ever created, and then give it up on purpose for free, delaying your launch date just so you can get 99% of people talking about it instead of the 98% already talking about it because of your advertising campaign.
I wouldn't put a situation like this past some software companies, but considering Gabe's statement and other items, I think this was a genuinly unplanned situation. Plus, 160MB of CODE is a lot of damn code to just make up and throw on the internent.
Plus, with HL2 being distributed with some ATI cards, all the hype they already have, and the movies they have previously released, I think Valve had all the attention they wanted. For a smaller firm, any attention might be good attention, but in this case I see it hurting Valve. Who wants to license and engine that very well may be compromised?
The group who may benefit the most from this situation is the Id software team. If you are a 3rd part developer, which engine might you look at more for licensing? Half-Life or Doom? Both are very amazing, but one hasn't had its source code dumped on the internet.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter