Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
|
|||||||
IE Blamed for Half Life 2 Code Theft
|
Thread Tools |
|
#1
10-05-2003
|
||||
|
||||
|
IE Blamed for Half Life 2 Code Theft
The theft of the code, which was made available for download on the Net, came after a monthlong concerted effort by hackers to infiltrate Valve's network. Malicious activity in the Valve network included denial-of-service attacks, suspicious e-mail activity & the installation of keystroke loggers, Newell added.
"This is what happens when you have 31 publicly known unpatched vulnerabilities in IE," wrote Thor Larholm, senior security researcher for PivX Solutions LLC, in a posting to the NTBugTraq mailing list. "I have seen screenshots of successfully compiled HL2 installations, with WorldCraft & Model Viewer running atop a listing of directories such as hl2, tf2 & cstrike." Would you like to know more? You can find PivX's IE vulnerability listing here, as can be seen, much of these remaining vulnerabilities have been around for well over a year now - hopefully Microsoft will stop trying to hide behind technicalities as to how much user interaction is required for something to not be a vulnerability & just fixed the damned issues. |
|
#2
10-05-2003
|
||||
|
||||
|
Wow, I had no idea it was that many vulnerabilities
It's a pity that Windows Update only works with IE, otherwise I would uninstall the crap with 2000lite from www.litepc.com |
| You can remove this banner by registering, join the TS Community for free. |
|
|
|
|
#3
10-05-2003
|
||||
|
||||
|
I am sure it has more. There will ALWAYS be this many and more vulnerabilities to ALL software. That is life. There is no changing it. We don't live in a perfect world, or in a world with "hero hackers" like the movies that can make the perfect software.
So, people need to quit complaining about how MS products are unsecure. You can't make software perfect and even if you did people would still complain because you can't make anyone happy. Really makes me sick. |
|
#4
10-05-2003
|
||||
|
||||
|
The listing there isn't totally complete as it says, though that listing there is based on a *patched* installation of IE (i.e. there's only 33 vulnerabilities assuming you've got all those security patches installed - the new cumulative IE patch will probably reduce that to 30 - it should be updated in a few days to reflect it).
As regards MS being only human, yeah that's fine, no-ones perfect. I can completely understand nothing is going to be released without some problems - that's inevitable. BUT. Can you explain why these imperfect beings have failed to fix problems which have been *reported to them* over than a year ago? That's just inexcusable. |
|
#5
10-05-2003
|
|||
|
|||
|
Why would anyone leave source code, the heart of your biggest project and financial well being, on a computer connected to the internet? Seems less of a MS/IE problem and more of a problem with how you handle and store your data. Rather careless of Valve imo.
|
|
#6
10-05-2003
|
||||
|
||||
|
I'm gonna keep my mouth shut. If I voice my opinion about this I will surely be banned. /me mutters something about morons and configuring a firewall......
|
|
#7
10-05-2003
|
||||
|
||||
|
snapon and StormBringer, yea, I agree...
Why in the world they had their production machines connected to the internet is beyond me, had this been my corporation I would have made sure that no physical connection exsisted.... Nontheless Valve has the problem that they must supply for example the GFX card manufacturers with test versions of their game so they can optimize their code for it... So I guess a more open design of the network can be benifitical here, though if that had been necessary the code could have been compiled and encrypted... |
| You can remove this banner by registering, join the TS Community for free. |
|
|
|
|
#8
10-05-2003
|
||||
|
||||
|
I am afraid I would have to jump on the wagon with this one too!
I think that Value should have had better defences. Why weren't they surfing behind a proxy server, with good firewall, patched browser and e-mail client, etc? It doesn't excuse the actual hacking, but its a bit like the following: "I walked alone last night, on a known dangerous, dark path, and got attacked. Weren't the people who attacked me bad?" "Yes, they were. But what the hell were you doing walking home that way? You are lucky to be alive hanging around there at night! What were you thinking?!" These days, if you connect even a Windows box belonging to a complete nobody to the net, it gets hacked and attacked right away. Nevermind a computer that might contain something that someone wants. No... I think that Value should have delt with this a little better. They seem to indicate that they had some warning that this was going on - why didn't that encourage them to take some sort of action? Like visit windowsupdate.microsoft.com ? Or install a better firewall? Come on, you are a software development company, you should know about these things.... |
|
#9
10-05-2003
|
||||
|
||||
|
These things are why I don't believe the HL2 source story never actually happened. Valve isn't that stupid. Way too many things don't add up. Something is fishy. Someone is lying whether it is someone who made this story up or Valve is lying themselves. The code might have been leaked but I doubt at all that it happened the way they say it did. If it was even Valve that said these things and not some moron website owner spreading rumors.
|
|
#10
10-05-2003
|
||||
|
||||
|
Well, I said all along I thought Valve did this to give themselves an excuse for delaying the game. Stolen source code pretty much gives them the opportunity to delay as long as they want, and no one is gonna ***** much because Valve are victims here right?.
Like I said when this first happened(or maybe I only said it in the IRC channel) anyone dumb enough to leave the code for their uber top secret, best thing since sliced bread project, laying around on a server connected to the internet deserves to have it stolen, just to teach them a lesson, when you try to blame an MS security flaw for this, that makes you a moron. |
|
#11
10-05-2003
|
||||
|
||||
|
Yea, I definately agree if Valve did indeed allow this to happen then they are definately reaping what they sowed. Or in this case, shall we say.. weeping what they sowed.
|
|
#12
10-05-2003
|
||||
|
||||
|
I'd think that companies like ZoneAlarm, Symantec and McAfee would have been jostling to get Valve to install their internet security/firewall products, that is if Valve had wanted to do so.
 Or ATI and Valve can also bundle the forthcoming Radeon 9800/9600 XTs with a software firewall. "Don't get shot by a hacker while playing your favorite shooter." Message sponsored by ATI and Valve.  Last edited by tkteo; 10-05-2003 at 10:12 PM. |
|
#13
10-06-2003
|
||||
|
||||
|
Quote:
"Don't get shot by a hacker whilst developing your new shooter." - Phantasm66. |
|
#14
10-07-2003
|
|||
|
|||
|
This, from The Inquirer, kind of echos some thoughts that have been expressed here first.
Quote:
Quote:
|
| Thread Tools | |
|
| Similar Topics | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Lawsuit accuses Google of code theft | Phantasm66 | Old Frontpage News & Comments | 5 | 07-05-2004 09:04 AM |
| Arrests made on HL2 source code theft | Julio | Old Frontpage News & Comments | 4 | 06-11-2004 02:39 PM |
| 6/11 only Dell Home LCD Deals w/ 10% off $30 Coupon Code & free shipping | Deal Svengali | Hot Deals | 0 | 06-11-2004 03:05 AM |
| half life 2 source code leaked out!!! | forciano | Gaming and Consoles | 34 | 10-16-2003 02:05 PM |
| Hacker code could unleash Windows worm | tkteo | News & Interesting links | 1 | 07-26-2003 04:32 AM |
All times are GMT -4. The time now is 06:49 AM.
