Half-Life 2 Source Code Leak

A post to the Halflife2.net Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source code, brought to the world's attention by Gamer's With Jobs and Slashdot. Here's the deal:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe
View : : :
329 Replies. 17 pages. Viewing page 1.
Older [  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  ] Newer
1.
 
No subject
Oct 2, 2003, 17:43
1.
No subject Oct 2, 2003, 17:43
Oct 2, 2003, 17:43
 
Oooooops

AMD 2700+ XP
ASUS A7N8X Deluxe MB
1 Gig PC2700
Radeon 9700 Pro 128
Onboard Nforce2 Dolby 5.1 audio
2x WD 80 Gig HDs
Sony 52x CD / Plextor 12x/10x/32x Burner
2.
 
Some ones getting fired!
Oct 2, 2003, 17:47
2.
Some ones getting fired! Oct 2, 2003, 17:47
Oct 2, 2003, 17:47
3.
 
No subject
Oct 2, 2003, 17:47
3.
No subject Oct 2, 2003, 17:47
Oct 2, 2003, 17:47
 
Hehehe I don't feel sorry for him or Valve.

Just wish it was a beta or something that got leaked in stead of source code

4.
 
Part of the reason for the delay?
Oct 2, 2003, 17:48
4.
Part of the reason for the delay? Oct 2, 2003, 17:48
Oct 2, 2003, 17:48
 
I imagine that they could have put those numbers together by now... but if they knew the source code was copied back on 9/19, that could be at least a partial reason for delaying the game.

5.
 
No subject
Oct 2, 2003, 17:49
5.
No subject Oct 2, 2003, 17:49
Oct 2, 2003, 17:49
 
I suspected that much of the Steam delay was DOS attacks. The entire Internet is plagued but no one wants to say anything to encourage copycats.


BTW Gabe,
Try these sites frequently.

windowsupdate.microsoft.com
www.officeupdate.com

6.
 
Re: No subject
Oct 2, 2003, 17:49
6.
Re: No subject Oct 2, 2003, 17:49
Oct 2, 2003, 17:49
 
"Hehehe I don't feel sorry for him or Valve.

Just wish it was a beta or something that got leaked in stead of source code "

Nice. Good to know some people don;t give a shit about the livelihoods of the 60 or so people who have worked on this for the past four or five years.

7.
 
Thanks ATI!
Oct 2, 2003, 17:50
7.
Thanks ATI! Oct 2, 2003, 17:50
Oct 2, 2003, 17:50
 
I knew ATI wouldent let us down!


(yeah yeah not mine but funny none the less)

http://www.poorintern.com
- The Voices In My Fruit Loops Tell Me that a happy fredster is a fredster being force fed hot broken glass,...
------
Diablo & Diablo 2 for the DS, it makes sense Blizzard!
8.
 
Re: No subject
Oct 2, 2003, 17:50
8.
Re: No subject Oct 2, 2003, 17:50
Oct 2, 2003, 17:50
 
Hehehe I don't feel sorry for him or Valve.

"Heheheh" yeah, its fucking hilarious..

moron

----------------------------------------------------------------------
PAH!
----------------------------------------------------------------------
"Both the “left” and the “right” pretend they have the answer, but they are mere flippers on the same thalidomide baby, and the truth is that neither side has a clue."

- Jim Goad
Avatar 10137
9.
 
SWEET LOVE OF....
Oct 2, 2003, 17:50
Bob
9.
SWEET LOVE OF.... Oct 2, 2003, 17:50
Oct 2, 2003, 17:50
Bob
 
can I start bitching about the cheaters now? or do I have to actually wait until the morons show up in GOD mode with the power to take down a server on a whim.

10.
 
Re: Thanks ATI!
Oct 2, 2003, 17:51
10.
Re: Thanks ATI! Oct 2, 2003, 17:51
Oct 2, 2003, 17:51
 
what better SDK than the source itself!

11.
 
No subject
Oct 2, 2003, 17:52
11.
No subject Oct 2, 2003, 17:52
Oct 2, 2003, 17:52
 
<Rocket J. Squirrel>

Hokey Smokes!

</Rocket J. Squirrel>


"Yeah everyone's gotta have the sickness
Cause everyone seems to need the cure"
Avatar 7912
12.
 
Crap
Oct 2, 2003, 17:53
12.
Crap Oct 2, 2003, 17:53
Oct 2, 2003, 17:53
 
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer).
Crap, my machine is doing this sometimes too. Guess a reformat is in order, and I too am virus/trojan/worm free, or so says Norton.

Avatar 13977
13.
 
Re: Thanks ATI!
Oct 2, 2003, 17:54
13.
Re: Thanks ATI! Oct 2, 2003, 17:54
Oct 2, 2003, 17:54
 
So several things are now obvious. Even though they knew that bad things were going on in their network, all he did was a reformat. Apparently with their untold millions, they can't afford to have a tech guru on hand to handle network and security issues. From his statements, we can also gather that he's running a very old copy of Outlook and hasn't run system patches for a good while, as the preview pane bug has been patched for over a year now. We're leaving our systems' security up to these guys (with Steam) who can't even cover simple security issues? My view of Valve just fell through the floor.

This comment was edited on Oct 2, 17:55.
14.
 
Re: Crap
Oct 2, 2003, 17:54
14.
Re: Crap Oct 2, 2003, 17:54
Oct 2, 2003, 17:54
 
Shame.

15.
 
Re: No subject
Oct 2, 2003, 17:54
15.
Re: No subject Oct 2, 2003, 17:54
Oct 2, 2003, 17:54
 
a beta wouldn't be nice either, but ok compared to this!

all the code incl. Havoc-code, key encoding code(, steam stuff?), in short all their work is really bad...

real shit.

I ask me, when the game will be released now...

--------------------------------------------------
everyone who finds a spelling error can keep it and use it as a base for his own errors
--------------------------------------------------
"...you don't see me - 'cause I don't have much to say..."
http://www.gathering.nl
16.
 
pure speculation...
Oct 2, 2003, 17:55
16.
pure speculation... Oct 2, 2003, 17:55
Oct 2, 2003, 17:55
 
why did the game get delayed again? yeah, f' off to whoever did this. very good of ya >:(

Avatar 13889
17.
 
Re: No subject
Oct 2, 2003, 17:59
17.
Re: No subject Oct 2, 2003, 17:59
Oct 2, 2003, 17:59
 
I hope whichever dick is responsible for this is real proud when we're still waiting for the game this time next year.

Well, looks like I'll be playing something else in the forseeable future...

Nuts.

18.
 
What the hell?
Oct 2, 2003, 17:59
18.
What the hell? Oct 2, 2003, 17:59
Oct 2, 2003, 17:59
 
First off, if I was the Founder and Managing Director for a company releasing one of the MOST sought-after games, the last thing I would be using is Outlook. Secondly, I wouldn't use Windows altogether. With all the security and virus out there targetting Windows specifically, I'd either go the route of Linux, OSX, or hell even straight Unix and use PINE to check my email. This is YOUR damn fault Gabe. You should know better than to use Windows and Outlook on YOUR work system. Especially one that has access to the Source Code.

The most exercise some people get is jumping to conclusions.
Avatar 18786
19.
 
Re: What the hell?
Oct 2, 2003, 18:03
19.
Re: What the hell? Oct 2, 2003, 18:03
Oct 2, 2003, 18:03
 
Looks like Valve has an excuse to delay HL2 another year. Hey fanboys, whatever happened to that brilliant idea of announcing a game a few months before release so as not to have a long drawn out hype machine? Hilarious.

Avatar 15920
20.
 
cripes
Oct 2, 2003, 18:03
20.
cripes Oct 2, 2003, 18:03
Oct 2, 2003, 18:03
 
"We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community."

You have got to be kidding me. You ran one of the most exploited applications on one of the least secure operating systems ever, and you want advice on what went wrong from us]?

Considering you guys are this lax about security, I wonder if we can expect to be able to trust any HL2 releases to be trojan-free.

This comment was edited on Oct 2, 18:04.
329 Replies. 17 pages. Viewing page 1.
Older [  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  ] Newer