IE Blamed for Half Life 2 Code Theft

By TS | Thomas
Oct 5, 2003
  1. The theft of the code, which was made available for download on the Net, came after a monthlong concerted effort by hackers to infiltrate Valve's network. Malicious activity in the Valve network included denial-of-service attacks, suspicious e-mail activity & the installation of keystroke loggers, Newell added.

    "This is what happens when you have 31 publicly known unpatched vulnerabilities in IE," wrote Thor Larholm, senior security researcher for PivX Solutions LLC, in a posting to the NTBugTraq mailing list. "I have seen screenshots of successfully compiled HL2 installations, with WorldCraft & Model Viewer running atop a listing of directories such as hl2, tf2 & cstrike."

    Would you like to know more? You can find PivX's IE vulnerability listing here, as can be seen, much of these remaining vulnerabilities have been around for well over a year now - hopefully Microsoft will stop trying to hide behind technicalities as to how much user interaction is required for something to not be a vulnerability & just fixed the damned issues.
  2. Per Hansson

    Per Hansson TS Server Guru Posts: 1,926   +185

    Wow, I had no idea it was that many vulnerabilities

    It's a pity that Windows Update only works with IE, otherwise I would uninstall the crap with 2000lite from
  3. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    I am sure it has more. There will ALWAYS be this many and more vulnerabilities to ALL software. That is life. There is no changing it. We don't live in a perfect world, or in a world with "hero hackers" like the movies that can make the perfect software.

    So, people need to quit complaining about how MS products are unsecure. You can't make software perfect and even if you did people would still complain because you can't make anyone happy.

    Really makes me sick.
  4. TS | Thomas

    TS | Thomas TS Rookie Topic Starter Posts: 1,319

    The listing there isn't totally complete as it says, though that listing there is based on a *patched* installation of IE (i.e. there's only 33 vulnerabilities assuming you've got all those security patches installed - the new cumulative IE patch will probably reduce that to 30 - it should be updated in a few days to reflect it).

    As regards MS being only human, yeah that's fine, no-ones perfect. I can completely understand nothing is going to be released without some problems - that's inevitable.
    BUT. Can you explain why these imperfect beings have failed to fix problems which have been *reported to them* over than a year ago? That's just inexcusable.
  5. snapon

    snapon TS Rookie

    Why would anyone leave source code, the heart of your biggest project and financial well being, on a computer connected to the internet? Seems less of a MS/IE problem and more of a problem with how you handle and store your data. Rather careless of Valve imo.
  6. StormBringer

    StormBringer TS Rookie Posts: 2,244

    I'm gonna keep my mouth shut. If I voice my opinion about this I will surely be banned. /me mutters something about morons and configuring a firewall......
  7. Per Hansson

    Per Hansson TS Server Guru Posts: 1,926   +185

    snapon and StormBringer, yea, I agree...

    Why in the world they had their production machines connected to the internet is beyond me, had this been my corporation I would have made sure that no physical connection exsisted....

    Nontheless Valve has the problem that they must supply for example the GFX card manufacturers with test versions of their game so they can optimize their code for it...

    So I guess a more open design of the network can be benifitical here, though if that had been necessary the code could have been compiled and encrypted...
  8. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    I am afraid I would have to jump on the wagon with this one too!

    I think that Value should have had better defences. Why weren't they surfing behind a proxy server, with good firewall, patched browser and e-mail client, etc?

    It doesn't excuse the actual hacking, but its a bit like the following:

    "I walked alone last night, on a known dangerous, dark path, and got attacked. Weren't the people who attacked me bad?"

    "Yes, they were. But what the hell were you doing walking home that way? You are lucky to be alive hanging around there at night! What were you thinking?!"

    These days, if you connect even a Windows box belonging to a complete nobody to the net, it gets hacked and attacked right away. Nevermind a computer that might contain something that someone wants.

    No... I think that Value should have delt with this a little better. They seem to indicate that they had some warning that this was going on - why didn't that encourage them to take some sort of action? Like visit ? Or install a better firewall? Come on, you are a software development company, you should know about these things....
  9. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    These things are why I don't believe the HL2 source story never actually happened. Valve isn't that stupid. Way too many things don't add up. Something is fishy. Someone is lying whether it is someone who made this story up or Valve is lying themselves. The code might have been leaked but I doubt at all that it happened the way they say it did. If it was even Valve that said these things and not some ***** website owner spreading rumors.
  10. StormBringer

    StormBringer TS Rookie Posts: 2,244

    Well, I said all along I thought Valve did this to give themselves an excuse for delaying the game. Stolen source code pretty much gives them the opportunity to delay as long as they want, and no one is gonna ***** much because Valve are victims here right?.

    Like I said when this first happened(or maybe I only said it in the IRC channel) anyone dumb enough to leave the code for their uber top secret, best thing since sliced bread project, laying around on a server connected to the internet deserves to have it stolen, just to teach them a lesson, when you try to blame an MS security flaw for this, that makes you a *****.
  11. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    Yea, I definately agree if Valve did indeed allow this to happen then they are definately reaping what they sowed. Or in this case, shall we say.. weeping what they sowed.
  12. tkteo

    tkteo TS Rookie Posts: 52

    I'd think that companies like ZoneAlarm, Symantec and McAfee would have been jostling to get Valve to install their internet security/firewall products, that is if Valve had wanted to do so. ;)

    Or ATI and Valve can also bundle the forthcoming Radeon 9800/9600 XTs with a software firewall.

    "Don't get shot by a hacker while playing your favorite shooter." Message sponsored by ATI and Valve. :)
  13. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    "Don't get shot by a hacker whilst developing your new shooter."

    - Phantasm66.
  14. olefarte

    olefarte TechSpot Ambassador Posts: 1,343   +6

    This, from The Inquirer, kind of echos some thoughts that have been expressed here first.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...