Half-Life 2 Source Code Leak [Oct 02, 2003, 5:41 pm ET] – Share – Viewing Comments
A post to the Halflife2.net
Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source
code, brought to the world's attention by Gamer's
With Jobs and Slashdot.
Here's the deal:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
I think one way is suppoed to simply mean all unsolicited traffic from the cloud is blocked. In otherwords a firewall/router.
This comment was edited on Oct 5, 04:50.
This comment was edited on Oct 5, 04:50.
Creston,
First of all , it looks like the second comment was from me, but it wasn't...
About outlook - I didn't see anywhere what hack they used... how exactly do you know they used a security hole dated a year ago??
About the net - there is no such thing as "one way connection to the net", refresh your TCP/IP knowledge - if you want to get information from the net you need to send a packet requesting the data and then receive the data back to your computer (if you mean by "one way" "no server allowed" that is easily hackable by someone who knows what they are doing...)
First of all , it looks like the second comment was from me, but it wasn't...
About outlook - I didn't see anywhere what hack they used... how exactly do you know they used a security hole dated a year ago??
About the net - there is no such thing as "one way connection to the net", refresh your TCP/IP knowledge - if you want to get information from the net you need to send a packet requesting the data and then receive the data back to your computer (if you mean by "one way" "no server allowed" that is easily hackable by someone who knows what they are doing...)
"shut the fuck up you mother fucking nerds. GET A FUCKING LIFE.
GO OUTSIDE, go get some fucking pussy. Stop whining about the delay of this game.
I dont give two shits about some source code leaked. I fucking hope there are tons of cheaters that plague the online community for this game. Ill fucking laugh at it, then fuck my girl.
damnit, you guys realize how much of fucking losers you sound like?"
Oh well, with comments like this, I guess my point wasn't taken.
This comment was edited on Oct 5, 01:37.
GO OUTSIDE, go get some fucking pussy. Stop whining about the delay of this game.
I dont give two shits about some source code leaked. I fucking hope there are tons of cheaters that plague the online community for this game. Ill fucking laugh at it, then fuck my girl.
damnit, you guys realize how much of fucking losers you sound like?"
Oh well, with comments like this, I guess my point wasn't taken.
This comment was edited on Oct 5, 01:37.
Roundhouse,
Your small dick is showing.
Your small dick is showing.
--
He cut the possum's face off then cut around the eye socket. In the center of the belt buckle, where the possum's eye would be, he has placed a small piece of wood from his old '52 Ford's home made railroad tie bumper. Damn, he misses that truck.
He cut the possum's face off then cut around the eye socket. In the center of the belt buckle, where the possum's eye would be, he has placed a small piece of wood from his old '52 Ford's home made railroad tie bumper. Damn, he misses that truck.
shut the fuck up you mother fucking nerds. GET A FUCKING LIFE.
GO OUTSIDE, go get some fucking pussy. Stop whining about the delay of this game.
I dont give two shits about some source code leaked. I fucking hope there are tons of cheaters that plague the online community for this game. Ill fucking laugh at it, then fuck my girl.
damnit, you guys realize how much of fucking losers you sound like?
GO OUTSIDE, go get some fucking pussy. Stop whining about the delay of this game.
I dont give two shits about some source code leaked. I fucking hope there are tons of cheaters that plague the online community for this game. Ill fucking laugh at it, then fuck my girl.
damnit, you guys realize how much of fucking losers you sound like?
"You can't ask programmers to stop using the Net
No reason to do that, actually. Set up a one way connection."
You don't even have to go that far. Just set up two networks. One that is properly protected & anonymous, and another for Gabe to send out his replies to the fans. I wish Valve wasn't so stupid as to overlook this as the security hole that they themselves allowed.
It was a stupid conclusion to believe that you can trust fans of anything. One of them might pretend to be a fan, pretend to ask a real question, just so that when you respond he can trace back where the mail came from & walk right through the back door THAT YOU YOURSELF OPENED!
If Gabe wants to do this, & I think he should & I think it is wonderful that a developer would want to field questions at all, then they should seperate that computer from the other network, go as far as you need to make it completely isolated & let him have his fun safely.
No reason to do that, actually. Set up a one way connection."
You don't even have to go that far. Just set up two networks. One that is properly protected & anonymous, and another for Gabe to send out his replies to the fans. I wish Valve wasn't so stupid as to overlook this as the security hole that they themselves allowed.
It was a stupid conclusion to believe that you can trust fans of anything. One of them might pretend to be a fan, pretend to ask a real question, just so that when you respond he can trace back where the mail came from & walk right through the back door THAT YOU YOURSELF OPENED!
If Gabe wants to do this, & I think he should & I think it is wonderful that a developer would want to field questions at all, then they should seperate that computer from the other network, go as far as you need to make it completely isolated & let him have his fun safely.
and I also think valve has a good case against Microsoft (Assuming they kept all other doors guarded...).
Not really shul. This vulnerability in Outlook was patched well over a year ago. If Valve chooses not to patch, they can't blame Microsoft for getting hacked. (Which is the only reason Microsoft patches anyways, to avoid legal responsibility.)
p'haps u can make some money but the hacker will surely make more if they hacked into a bank or something
Except that banks actually have more than adequate security to stop something as simple as a keygrabber.
You can't ask programmers to stop using the Net
No reason to do that, actually. Set up a one way connection. They can download off the net, or look some stuff up to their heart's content, but that PC won't actually allow any traffic to go off it. But even so, it can't be that much effort to code on a PC that's not hooked up to the biggest security risk on the planet (ie, the Internet). That Valve chose to do so, and even worse, have approximately zero security into place was not a very smart decision, and they (unfortunately) paid for it.
Nexus's last comments made me think of something. What if this sourcecode is used to create something similar to the battle.net clone / spoof (can't remember its name...) that got Blizzard all riled up awhile back, which won't force you to go through Steam? It's about the only moderately useful thing I can see coming out of this.
Creston
PS : Fungu, who the fuck are you, exactly?
This comment was edited on Oct 4, 16:01.
Not really shul. This vulnerability in Outlook was patched well over a year ago. If Valve chooses not to patch, they can't blame Microsoft for getting hacked. (Which is the only reason Microsoft patches anyways, to avoid legal responsibility.)
p'haps u can make some money but the hacker will surely make more if they hacked into a bank or something
Except that banks actually have more than adequate security to stop something as simple as a keygrabber.
You can't ask programmers to stop using the Net
No reason to do that, actually. Set up a one way connection. They can download off the net, or look some stuff up to their heart's content, but that PC won't actually allow any traffic to go off it. But even so, it can't be that much effort to code on a PC that's not hooked up to the biggest security risk on the planet (ie, the Internet). That Valve chose to do so, and even worse, have approximately zero security into place was not a very smart decision, and they (unfortunately) paid for it.
Nexus's last comments made me think of something. What if this sourcecode is used to create something similar to the battle.net clone / spoof (can't remember its name...) that got Blizzard all riled up awhile back, which won't force you to go through Steam? It's about the only moderately useful thing I can see coming out of this.
Creston
PS : Fungu, who the fuck are you, exactly?
This comment was edited on Oct 4, 16:01.
Here is a thought that will make you lay in bed at night with chills of horror:
The kids posting on this forum are the future of our planet.
I'm betting I will see the fall of mankind in my lifetime.
--
He cut the possum's face off then cut around the eye socket. In the center of the belt buckle, where the possum's eye would be, he has placed a small piece of wood from his old '52 Ford's home made railroad tie bumper. Damn, he misses that truck.
He cut the possum's face off then cut around the eye socket. In the center of the belt buckle, where the possum's eye would be, he has placed a small piece of wood from his old '52 Ford's home made railroad tie bumper. Damn, he misses that truck.
If you don't want a flame war, don't fan the fire.
Goes to show what working at microsoft for an extended period teaches you about security 
"With this code, you could even probably write a seperate program that worked like a firewall to block and then reply to HL2's connections, allowing HL2 to think it was steam authenticated without ever actually having connected to a real server."
Good, I am sick of always being monitored by somebody. Soon enough I will have to swipe a card to take a shit in my own house so someone can see water usage patterns. Steam was a bad idea with piss poor implementation.
Good, I am sick of always being monitored by somebody. Soon enough I will have to swipe a card to take a shit in my own house so someone can see water usage patterns. Steam was a bad idea with piss poor implementation.
Well put. Couldnt have said it any better. Thanks for that. Ahhhhhhhhhh!I wish it was like on Jay and Silent Bob.
So Gabe worked at MS for like 15 years when he started Valve. Now developing on an M$ box is no big deal IMO. What really makes me wonder wtf is why he would store the source locally. Hell...why the source was allowed to even see a computer on the internet is Darwinism. I loved HL. Hated some of the spawn from it, but perhaps this is a time to shape up or ship out. Smarten up or get beat down. A few simple changes in protocol woulda avoided all this. I know it was all said before, but not by me so...
Further, this will set them back. And for the person who said they shoulda kept quiet, it would bite them in the ass later. Say they kept quiet and released anyway...who would you be pissed at when something happened then resulting from this?
Monetarily, I think you guys are placing your worry in the wrong places. They may not be Bill Gates, but Gabe was a millionaire before he left Microsoft. Ok, so his game isn't going to be released for another 6 months or something while they re-work the network code. Big deal. It is not like they are some unemployed paycheque to paycheque coder who is having a house forclosed because he can't make his mortgage payment. These guys are rich. They will cope. It is the frustration and the sense of loss that is the worst for them. I promise you, lost revenue was not the #1 thing on Gabe's mind.
In closing I would like to extend my heartiest MWAHAHAHAHA to those dumb shits who upgrade their systems for 1 game.
Further, this will set them back. And for the person who said they shoulda kept quiet, it would bite them in the ass later. Say they kept quiet and released anyway...who would you be pissed at when something happened then resulting from this?
Monetarily, I think you guys are placing your worry in the wrong places. They may not be Bill Gates, but Gabe was a millionaire before he left Microsoft. Ok, so his game isn't going to be released for another 6 months or something while they re-work the network code. Big deal. It is not like they are some unemployed paycheque to paycheque coder who is having a house forclosed because he can't make his mortgage payment. These guys are rich. They will cope. It is the frustration and the sense of loss that is the worst for them. I promise you, lost revenue was not the #1 thing on Gabe's mind.
In closing I would like to extend my heartiest MWAHAHAHAHA to those dumb shits who upgrade their systems for 1 game.
I would tell you to STFU, but hat would kind of negate my point. If you don't like something someone says on a message board ON THE INTERNET don't read it! If you can't handle that, then go join a nice calm moderated board like banandtech, and have you posts deleted because you aren't friends with the mods.
Seriously, no one has ever been hurt because someone expressed their opinion. If they were, they chose to be! I know anything in the private sector is not protected by the Constitution of the USA (especially if it's in Canada, but that's their fault :P), but damnit, this country was founded on those principles for a good reason.
Seriously, no one has ever been hurt because someone expressed their opinion. If they were, they chose to be! I know anything in the private sector is not protected by the Constitution of the USA (especially if it's in Canada, but that's their fault :P), but damnit, this country was founded on those principles for a good reason.
im with post 255. there was a LOVE for playing games back in the hay-day of quake and doom. the community has changed (for the worse) since then. think back and rememeber what it was like...ahhhh gameing bliss.
... Zeph. is actually right about the requirement for Steam for CS and other HL based games that are played online. At some point in the future, the current server lists will be shut down, and switched to Steam, forcing you to use Steam if you want to play any of them online any longer.
That much of it doesn't really bother me, since I don't play CS any more. The major issue that I now have with steam (other than a few new security worries) is the requirement to be online to play HL2 single player, I really wanted them to ditch this in favour of "if you happen to be online while playing HL2 single player, we will authenticate you".
Unfortunately, the release of this code makes me wonder if it's even worth postponing my purchase untill they do that, since I'm no longer certain that they will. On the other hand, since the code is out there, I can't see how they can prevent people from patching Steam out of HL for single player, so perhaps they'll see the futility in knackering their real customers with this lame requirement.
I'd like to think that my personal descision for a boycott was perhaps a little more balanced than thinking that Valve deserved all manner of nasty things happening to them though.
I'd submit this as another reason why this release really hurts Valve. I don't know a huge amount about it, but I predict that in some way cracking the eventual release of halflife to remove both the CD-key and Steam is going to be much easier, and make pirated single player copies a *lot* easier to create in a game that was designed to be deployed in a way that hopefully deterred piracy. With this code, you could even probably write a seperate program that worked like a firewall to block and then reply to HL2's connections, allowing HL2 to think it was steam authenticated without ever actually having connected to a real server.
That much of it doesn't really bother me, since I don't play CS any more. The major issue that I now have with steam (other than a few new security worries) is the requirement to be online to play HL2 single player, I really wanted them to ditch this in favour of "if you happen to be online while playing HL2 single player, we will authenticate you".
Unfortunately, the release of this code makes me wonder if it's even worth postponing my purchase untill they do that, since I'm no longer certain that they will. On the other hand, since the code is out there, I can't see how they can prevent people from patching Steam out of HL for single player, so perhaps they'll see the futility in knackering their real customers with this lame requirement.
I'd like to think that my personal descision for a boycott was perhaps a little more balanced than thinking that Valve deserved all manner of nasty things happening to them though.
I'd submit this as another reason why this release really hurts Valve. I don't know a huge amount about it, but I predict that in some way cracking the eventual release of halflife to remove both the CD-key and Steam is going to be much easier, and make pirated single player copies a *lot* easier to create in a game that was designed to be deployed in a way that hopefully deterred piracy. With this code, you could even probably write a seperate program that worked like a firewall to block and then reply to HL2's connections, allowing HL2 to think it was steam authenticated without ever actually having connected to a real server.
Why should I entertain you with the knowledge that is free for all to know. If you didn't read it, then that's your loss.
BTW: You said, "you fucking moron". So I say, why don't you rent out that blowup doll of yours & you can have a dual-family income. Bitch.
BTW: You said, "you fucking moron". So I say, why don't you rent out that blowup doll of yours & you can have a dual-family income. Bitch.
I think it's time Blue ditched these forums and put in a system with mods and admins who have the ability to enforce rules and place bans upon people.
"As for Steam, to play HL2, at least for a few weeks, even single-player, you have to have steam. That's what I've read. Counter-Strike 1.6 & above to 2, you need steam. That's the way it is. "
I'm callin bullshit. Link to where it was said that you need steam to play single player. You won't because it was never said, you fucking moron.
This comment was edited on Oct 4, 05:23.
I'm callin bullshit. Link to where it was said that you need steam to play single player. You won't because it was never said, you fucking moron.
This comment was edited on Oct 4, 05:23.
Copyright © 1996-2025 Stephen Heaslip. All rights reserved.
All trademarks are properties of their respective owners.
Privacy Policy. Manage Cookie Settings.
News CGI copyright © 1999-2025 James "furn" Furness & Blue's News. All rights reserved.
Chatbear v1.5.0/blue++: Page generated 18 June 2025, 23:27.