Half-Life 2 Source Code Leak [Oct 02, 2003, 5:41 pm ET] – Share – Viewing Comments
A post to the Halflife2.net
Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source
code, brought to the world's attention by Gamer's
With Jobs and Slashdot.
Here's the deal:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
and I also think valve has a good case against Microsoft (Assuming they kept all other doors guarded...).
Not really shul. This vulnerability in Outlook was patched well over a year ago. If Valve chooses not to patch, they can't blame Microsoft for getting hacked. (Which is the only reason Microsoft patches anyways, to avoid legal responsibility.)
p'haps u can make some money but the hacker will surely make more if they hacked into a bank or something
Except that banks actually have more than adequate security to stop something as simple as a keygrabber.
You can't ask programmers to stop using the Net
No reason to do that, actually. Set up a one way connection. They can download off the net, or look some stuff up to their heart's content, but that PC won't actually allow any traffic to go off it. But even so, it can't be that much effort to code on a PC that's not hooked up to the biggest security risk on the planet (ie, the Internet). That Valve chose to do so, and even worse, have approximately zero security into place was not a very smart decision, and they (unfortunately) paid for it.
Nexus's last comments made me think of something. What if this sourcecode is used to create something similar to the battle.net clone / spoof (can't remember its name...) that got Blizzard all riled up awhile back, which won't force you to go through Steam? It's about the only moderately useful thing I can see coming out of this.
Creston
PS : Fungu, who the fuck are you, exactly?
This comment was edited on Oct 4, 16:01.
Not really shul. This vulnerability in Outlook was patched well over a year ago. If Valve chooses not to patch, they can't blame Microsoft for getting hacked. (Which is the only reason Microsoft patches anyways, to avoid legal responsibility.)
p'haps u can make some money but the hacker will surely make more if they hacked into a bank or something
Except that banks actually have more than adequate security to stop something as simple as a keygrabber.
You can't ask programmers to stop using the Net
No reason to do that, actually. Set up a one way connection. They can download off the net, or look some stuff up to their heart's content, but that PC won't actually allow any traffic to go off it. But even so, it can't be that much effort to code on a PC that's not hooked up to the biggest security risk on the planet (ie, the Internet). That Valve chose to do so, and even worse, have approximately zero security into place was not a very smart decision, and they (unfortunately) paid for it.
Nexus's last comments made me think of something. What if this sourcecode is used to create something similar to the battle.net clone / spoof (can't remember its name...) that got Blizzard all riled up awhile back, which won't force you to go through Steam? It's about the only moderately useful thing I can see coming out of this.
Creston
PS : Fungu, who the fuck are you, exactly?
This comment was edited on Oct 4, 16:01.
Date
Subject
Author
Copyright © 1996-2025 Stephen Heaslip. All rights reserved.
All trademarks are properties of their respective owners.
Privacy Policy. Manage Cookie Settings.
News CGI copyright © 1999-2025 James "furn" Furness & Blue's News. All rights reserved.
Chatbear v1.5.0/blue++: Page generated 15 July 2025, 16:31.