Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Half-Life 2 Source Code Leak

A post to the Halflife2.net Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source code, brought to the world's attention by Gamer's With Jobs and Slashdot. Here's the deal:

Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

View
329 Replies. 17 pages. Viewing page 12.
< Newer [ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ] Older >

109. The "Official" Spoof name... Oct 2, 2003, 20:23 Kxmode
 
for Half-Life is now Shelf-Life. What's the expiration date?

 
Avatar 18786
 
Reply Quote Edit Delete Report
 
108. WTF!!!!!!! Oct 2, 2003, 20:20 Slingblade
 
What BULLSH@T! Anyone who would go to those lengths for a little bit of game code is a POS and about as sad an example of a human being as I can think of...Here is a company that is probably putting in an UNGODLY amount of hours at work -- time out of their lives, missing their loved families, friends, buddies, their hobbies, seeing actual daylight -- just so we can play the game before Christmas. Then, some a$$wipe with no sense of decency, no courage, no integrity, and surely no girlfriend, breaks in to steal a bunch of 0's and 1's.

Dude, if you are going to commit a felony you might as well go rob a bank. Atleast that takes GUTS which you obviously have NONE OF.

GET A F@CKING LIFE MORON!!!

To all those at Valve, I feel your pain . . . .

Sling

 
Reply Quote Edit Delete Report
 
107. Re: hmmm Oct 2, 2003, 20:18 HIGH_PING
 
The gaming community DESERVES To be flamed every once in a while. Its fanatacism, mob-behavior, and habit of biting the hands that feed it are a constant source of frustration for those of us that make games for a living.

lol, Is that your idea of how to market a game?

 
Reply Quote Edit Delete Report
 
106. Valve's Excuses Oct 2, 2003, 20:18 Zephalephelah
 
Note that this latest wave of crying from Valve does not have to do with the release of Half-life 2. This is just Valve crying.

I think this is a good time to state that before all this shit with the release date that I was a fan of Valve. But my loyalty only goes so far. When a company promises you something & renigs on that promise then they should feel the weight of the customer disappointment.

All Valve has been doing is crying & lying.

 
Reply Quote Edit Delete Report
 
105. Security ??? Oct 2, 2003, 20:18 Toxic_Metal
 
In this day and age you'd think ppl would know better...
How they ever allowed this to happen in the first place?

Maybe some ppl will realize that secure environments aren't as
secure as they think

Learn from your mistakes

* * * * * * *
Their freedom was taken away as they crashed . . .
 
* * * * * *
Their freedom was taken away as they crashed . . .
-- "So Long, and thanks for all the fish..."
Reply Quote Edit Delete Report
 
104. Re: No subject Oct 2, 2003, 20:15 Enahs
 
HL1 was built upon the Quake1 source. It's likely much of it remains intact. "No need to reinvent the wheel."

Ohh yeah! I forgot about that, how dumb am I?
heh

Thanks man! I removed the post before it started some long stupid crap!

This comment was edited on Oct 2, 20:18.
 
Avatar 15513
 
I am free of all prejudice. I hate everyone equally.
- W. C. Fields
Reply Quote Edit Delete Report
 
103. Re: No subject Oct 2, 2003, 20:15 HBringer
 
Xenopulse -

Steam itself is for distributing files / content. It does NOT actually run the game. The game itself (the client on your machine, and the server that you're connected to) talk over the 'net when you're playing. Everytime a piece of the game-world changes, the server tells your computer, and your copy of the game updates your view to reflect the changes. Your computer also tells the server what you are doing ("I'm walking forward", or "I'm crouching down in this corner"). The server is responsible for sorting out what's "legal" and not in the game - things like moving 500MPH on foot are forbidden. However, someone with the source-code can see EXACTLY what the client is supposed to send, what kind of messages the server is supposed to receive, and then exactly how to "break" those.

Also, some weaknesses in the server-code (if they exist) could potentially be exploited to get viruses and trojans onto those server-machines. Not ONLY will players now be taking a risk of having their stuff messed with; or other players cheating - but the people that own / run the Servers have to consider the fact that a buffer overrun (much like the Outlook one that happened to Gabe) could be used to plant malicious code or files on the actual server. This is a BigDeal(tm)!

Take care,

--Noel "HB" Wade


 
Reply Quote Edit Delete Report
 
102. Re: No subject Oct 2, 2003, 20:14 z0dd
 
"A good bit of the source code looks like it is just modified portions of the public released GPL of the Quake source?"

HL1 was (legitimately) built upon the Quake1 source. It's likely much of it remains intact. "No need to reinvent the wheel."

EDIT: Added "legitimately"
This comment was edited on Oct 2, 20:15.
 
Reply Quote Edit Delete Report
 
101. Re: No subject Oct 2, 2003, 20:09 Enahs
 
Edit by user
I am an idiot and forgot something very important, removing as to not start some stupid conspiracy theory crap. Thanks zoDD!


This comment was edited on Oct 2, 20:17.
 
Avatar 15513
 
I am free of all prejudice. I hate everyone equally.
- W. C. Fields
Reply Quote Edit Delete Report
 
100. Re: This is disturbing... Oct 2, 2003, 20:08 BATTLE4MY
 
truly is.....

 
Reply Quote Edit Delete Report
 
99. This is disturbing... Oct 2, 2003, 20:07 Slingblade
 


 
Reply Quote Edit Delete Report
 
98. woow Oct 2, 2003, 20:05 World war 3
 
This is major shit.

Bummer for Valve, but I don't think it will seriously down sales. Cheating will be a more serious problem, though.

_______________________ __ _

http://www.worldwar3.cjb.net Updated December 25th
_______________________ __ _
 
_______________________ __ _

http://www.worldwar3.cjb.net Updated April 17th 2009
_______________________ __ _
Reply Quote Edit Delete Report
 
97. Re: No subject Oct 2, 2003, 20:03 HIGH_PING
 
There are a whole bunch of cheats used with steam. Opengl based exploits usually work for a long time (such as translucent textures, bright models, etc) since steam cant control what things your video card doesn't support. There are a few aimbots out there that work with steam, but like always, not for very long (usually a week or two).

 
Reply Quote Edit Delete Report
 
96. Re: No subject Oct 2, 2003, 20:00 RichRz
 
Now wouldn't exactly consider myself a programming guru but I think this whole thing has been blown out of proportion. It would seem somewhat easy to modify the source slightly to thwart cheaters/hackers. It is quite late in the game now but I wouldn't think it should take too long to make these changes. I promise you right now as you are reading this NVidia devs pouring through the code looking for ATI fingerprints.

 
Reply Quote Edit Delete Report
 
95. source Oct 2, 2003, 20:00 Yakumo
 
to all @ valve : though it sounds like you realy need to rethink security arround there, having worked for 2 years in my past for games companies, and even if i hadn't, truly my heart goes out to you guys, to have even a days work leaked out in an uncontrollable fassion is abysmal, but all that you have lost here?? my god.... I've never heard of stolen source being distributed like this, ever, alpha, beta builds, yes, but never source. today truly is a sad day for the whole internet comunity, not just the gamers i have truly been inshock since seeing it was real

This comment was edited on Oct 2, 20:03.
 
Reply Quote Edit Delete Report
 
94. Re: hmmm Oct 2, 2003, 20:00 HBringer
 
HIGH_PING - Thanks for confirming you're a 10 year old; if not in body then in maturity-level at least.

The gaming community DESERVES To be flamed every once in a while. Its fanatacism, mob-behavior, and habit of biting the hands that feed it are a constant source of frustration for those of us that make games for a living. We love making games, and we love having fans that care and want our products - but having those same fans attack us is pretty discouraging and frustrating (need I point out Alex Rodburg as a recent example? *quick, someone flame me for mentioning him - you'll prove my point!*).

First off, people need to remember that just 'cuz yer talking online and not face-to-face, doesn't give you the right to be an ass.

Valve HAS been a part of the community. They released some killer SDKs, updates to the game, free Mods, supported many mod developers and tutorial websites (including mine, Wavelength, which you'll find on page 29 of the original HL manual). Name another game company that has done as much! id releases its source and tools, to be sure - but NO ONE has done as much as Valve.

All you people that complain about HL2 and TF2 being delayed: How PISSED would you be if those games came out 2 years ago, but were crappy? Valve would never live it down - instead they put up with your whining because they know in the end it'll be worth releasing a quality product.

And as for things being freeware: There's a REASON that commercial games are high quality - the time it takes to put together art, story, AND technology assets is huge. No one can spare that kind of time and *not* be paid (unless they're already wealthy to begin with). RealLife - for those of you still in school - means working and paying bills. Its fair to expect that if I devote hundreds of hours to a project, that I should at least be compensated for my time. And my company has the right to leverage my work so that it survives and grows.

Its not ideal, and its not a utopia - but its REALITY. And in REALITY, Valve has been raped. I don't use that word lightly - its about the best analogy; sure the damage isn't permanent, and they weren't virgins - but they HAVE been violated and taken advantage of; and this experience is going to haunt them for a long long time.

Take care,

--Noel "HB" Wade


 
Reply Quote Edit Delete Report
 
93. Re: No subject Oct 2, 2003, 19:55 anon@24.76
 
check this out
http://www.myg0t.com/ChrisNewcombe-PR.txt
they didnt just steal the code, they got his email logs.

Steam is the reason it was delayed.


 
Reply Quote Edit Delete Report
 
92. No subject Oct 2, 2003, 19:51 Xenopulse
 
Somebody enlighten me - I thought with Steam, cheating is not possible because they'd have to re-code and re-compile the cheat each time there's a miniscule update, and they could amke updates every 5 minutes if they wanted to. Not true?

 
Reply Quote Edit Delete Report
 
91. No good will come of this. Oct 2, 2003, 19:50 Scott
 
This just throws a big ass wrench into the gears.

Supporter of the "a happy fredster is a fredster doused in gasoline and smoking a cigarette" fanclub.
 
Reply Quote Edit Delete Report
 
90. P2P Networks Oct 2, 2003, 19:50 Gish
 
HALFLIFE-2-SOURCE-CODE-BRITNEYSPEARS-BLOWJOB.ZIP.JPG.RAR.VBS

 
Reply Quote Edit Delete Report
 
329 Replies. 17 pages. Viewing page 12.
< Newer [ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ] Older >


footer

.. .. ..

Blue's News logo