Well thats what MD5 and SHA160 is for (amongst many others).

So as you can check that you have an unhacked version of the binarys.

A matter of moments to calculate and a web download for the hash value calculator.

Kilby...

Right, right.

My suspicion isn't that any encryption routines would be the issue. I would think that you could change up the keyset and possibly even methods. People might have to reinstall a new Steam client. A pretty big deal, but not a what, six month delay?

So it's your last paragraph that makes me wonder. Did Valve have holes in their software that they were assuming nobody but the coders would know about? Actually, it doesn't even have to be that sinister - Valve could take six months just to do a thorough code review to find what vulnerabilities might exist and fix them. It might not be that they're hiding something, they might just be making sure there's nothing hidden/unknown from them.

now there's a term from cryptography.

I assume that because you've used the term, you're familiar with it, and hopefully we can discuss from there. Security through obscurity does not work in cryptography because historically those with enough resources and determination can always reverse engineer the process eventually, either by capturing an encryption machine to understand it, or by working it out methodically and slowly using a number of very mathematical methods. A key example would be the Enigma machine (ignoring the numerous iterations and versions of it). Relying solely on obfuscation with encryption is very bad practice because once they find out, all of your communications past and present are an open book.
This is why encryption relies on another very important bit of information, a key. The enigma had this too, in the form of codebooks at one point in time.
Of course, this doesn't work for a computer game. You can't really store a codebook on the computer without it being available to a hacker [especially after the code is presented that might show them exactly how you've been storing it], and if you don't have a secure channel to send new codes by (which you dont if steam is compromised too by the same argument I'm about to put forward) then you're up the creek.
So you get to the quandary of trying to use encryption without having a second secure channel, which is mirrored in the case of Enigma by the germans when at one point they sent the key to the enigma codes twice preceding the message (very very very very bad).
So in terms of encryption, from my admittedly not expert knowledge, this is a very bad thing since there's absolutely no way around the way that in this case, the user holds all the keys, and without the obscurity, there's no way of stopping them from copying the client responses exactly. [and that goes for the responses of hacked clients pretending to be ok clients in the eyes of steam]
Of course, the real issue is probably more likely to be things like the simple possibility that someone will uncover an issue like a buffer in the netcode that can be overrun, and start using HL2 to execute illegal code on other clients. Perhaps they'll use that vulnerability to change steam so that it accesses their own steam master server (which they now have some of the information for how to write, if not the exact code) and can start quietly downloading other trojan software onto your machine using that lovely intelligent (and automatic) download system. Of course, the modified steam client might not show you visibly everything that it's downloading, might not actually allow you to turn it off, and you might now be rather paranoid about the possibilities of the whole thing.

Steam could still be optional - it would just be more of a drag for people who download their patches manually than have Steam do it automatically.

People keep talking about Steam like it's the wonder drug against cheating. It's not. It will speed things up and be more efficient, but the hack-patch cycle is still there.

I'm also curious as to why the stolen code would cause such an enormous delay - it kinda begs that Valve had some security through obscurity going on.

being able to quickly react to specific problems is not the same as having the code available for people to look through to try and find problems. Try this: it's like having a car with an engine that is designed to be possible to very easily disconnect, slide out and replace parts from it. Normally, your competitor (the hackers) are trying to sabotage bits of the engine blindfolded, and have to work by touch on your design. When they find something they can abuse, you can slide the engine out and very quickly fix the problem they're abusing. Having the source leaked is like the hackers being able to see your original engine designs. They can much more easily find the weak spots than simply by feeling for them with their fingers.

By the way, I believe that even distributing / downloading /possessing the stolen sourcecode and other resources is illegal. I refer everyone to: http://www.usdoj.gov/criminal/cybercrime/ipmanual/08ipma.htm

The only contestable part as far as I can see is that it requires it to be done knowing the economic benefit of another or harm of the owner. I think any reasonable lawyer could argue this [harm] in court, regardless of what anyone here personally thinks about how Valve was or was not harmed - lacking moral judgement is only a defence in court if you're psychologically incompetent as far as I know.

PS. Source code is not the same as compiled code, which is what would have been accessible for Steam to change.

This comment was edited on Oct 13, 11:38.

The thing that gets me about this, is the one reason why Steam was touted as a required item for multiplayer play was so that it could change the source code to prevent cheating. That was one of their main arguements -
"Why do you have to have Steam runnign while playing HL2?"
"Becuase with Steam being able to constantly touch the source code, we can make changes on the fly to make sure any cheats that are developed do not work"

If they were planning on changing the source to make cheating a lot harder, why would the theft of the source code result in a 5 month delay? I mean presumably, Steam would update everyone's installation the first time they went to play HL2 and make whatever changes need to be made.

So, anyhoo, I wonder if anyone from the outside of the company that visited Valve's studios is somehow directly or indirectly behind this? I'd assume that a lot of websites and gaming magazines went to Valve to cover Halflife 2 over the past few years. I mean, wouldn't something like this take somewhat of an inside job? I'm no hacker, but wouldn't this be easier if you knew more about what development is like at Valve? Hmmm... they use such and such a brand for a firewall. Hmmm... they use Windows 2000. Their code lies in Source Safe/CVS/PVCS... Someone could gather this and probably more useful information by just doing an interview.

No I'm not implicating Blue. Let me just get that straight in everyone's head.

No one has said anything about how the break-in was done. Why is that? Is the hole still out there? Could we have this same hole on our own systems?

Here's another question. Do these hackers have a much broader reason for taking the code? Maybe the code isn't the real thing they were after.

Or perhaps they were a bunch of geeks who really wanted to get their hands on Halflife2 so that they could make Valve look bad because they weren't done with the game when they said they were going to be done.

I suppose I'm not helping very much by throwing out more conspiracy theories. But it's better than my posts about cheese.

This comment was edited on Oct 13, 00:39.

yeah but 'people' are stupid, i think thats all that needs to be said, the fact that these hl2 threads get over 180 posts should be enough evidence of that.
gg

"If you honestly believe Valve would release what is effectively the entirety of the work product they have developed since their company was FOUNDED, for free, at risk of losing millions of dollars in game sales and business partnerships (i.e. ATI) you're just an idiot. An idiot that needs to take a business course.

IF this was a publicity stunt it would be the most money-losing advertising gimmick in the history of marketing. HL2 already had a huge mind-share and was going to sell millions upon millions anyway. They had very little to gain and a whole LOT to lose by having their source code stolen. Now they've suffered a huge blow to the ability to license out their engine technology to other developers. Yeah, it's was a 'marketing gimmick'. Wake the fuck up and use a little logic."

Yeah, yeah, just wait until the game comes out & it has generated so much hype and sympathy that parents will know Half-Life 2 is a game made by Valve. It will be purchased by everyone alive. Some people will have 2 copies. You think it's the worst PR that could happen, I think it is a calculated risk to make it a PR carnival of money & happiness for Valve.

We won't know who's right until HL-2 comes out & the sales numbers start to hit. But I'm betting that it will outsell Myth & become the #1 purchased game of all time. People remember stuff. You'll see.

There are no weapons of mass destruction in IRAQ. Bush and his buddies at the White House thought for sure they'd find something. But nothing has been found. Not one weapon of mass destruction.

The Bush Administration notices a lot of people are climbing on the "Bush was wrong about the weapons of mass destruction" bandwagon. And let's not forget about the stoned, "Heh. You said 'Bush'" bandwagoneers either.

So some members of Bush's cabinet decide they need to do some damage control. They look to see what other bandwagons these Bush haten, sandwich eaten bandwagoneers like to ride on.

Hmmm... Lots of them like HalfLife 2.

I think you know where I'm going with this.

This comment was edited on Oct 10, 22:39.

LOL - im a gimp, take out the word "online" frmo the end of that post, that's what happens when you are msn'ing with a colleague while trying to post from work..

Ok, well, maybe I was exagerating Fine, I'd have a NIC in the machines, but only to work on a completely isolated network between DEV machines online..

Frank Totonto, while in premise you have a good idea, not having nics in the dev pcs is litterally impossible. There is a live sourcecode repository that needs to be available via a lan, else you could not have multiple people develop the software. But, there are different routes that could be taken. For example, no network monitoring, as well as a fully open outbound internet connection was part of the issue. Physically segmenting the dev PCs from the internet is also something that should be looked at. Relatively speaking, this sounds like a network setup by a someone not versed in securtiy aspects, and it sounds like there were no policies-procedures to prevent this.

Valve re-invested most of the cash from half-life sales back into the creation of HL2, and have spent the last 5 years working on this game. that makes me feel bad for the potential losses coming their way. Too bad they didn't spend some of that dough on a firewall. If it were me, any machine that had source, or even bits of source on it would never even have a network card in it.

Selfish prick who stole this code, now making demands of Valve to "stop lying to the public" or whatever about release dates... reality check: It's their product, their work, their money and *their decisions*, asshole. If they want to delay the game another week or 2 years, that's *their* decision, not yours. The game does not belong to you or anyone else. Valve, makes a good product, some of you sneer at that saying: "yah, only one product" have maybe forgotten that, it was *the best fuckin' game* that most of us have ever played. I like the company, they seem to have good values and we know they can make kick ass product, so stop hating. I think the efforts they made to bring us the first half life and the waves it created in the gaming world in general, and then having the dedication to channel all of their resources into creating "the next big thing" in the gaming industry means that everyone and their fuckin dog should buy this game when it comes out so that everyone that works at Valve can retire as millionaires.

"Grow up people its all just a P/R gimic .....think for once on your own, rather than take bits and peaces of other peoples ideas and call them your own"


Oh Christ, if there's one thing I can't stand on the Internet it's the endless supply of know-it-alls that think the're the only ones who have got it "all figured out". They're more annoying than furries.

If you honestly believe Valve would release what is effectively the entirety of the work product they have developed since their company was FOUNDED, for free, at risk of losing millions of dollars in game sales and business partnerships (i.e. ATI) you're just an idiot. An idiot that needs to take a business course.

IF this was a publicity stunt it would be the most money-losing advertising gimmick in the history of marketing. HL2 already had a huge mind-share and was going to sell millions upon millions anyway. They had very little to gain and a whole LOT to lose by having their source code stolen. Now they've suffered a huge blow to the ability to license out their engine technology to other developers. Yeah, it's was a 'marketing gimmick'. Wake the fuck up and use a little logic.

This comment was edited on Oct 10, 15:12.

Joke, muppet.;)

This comment was edited on Oct 10, 11:12.

"Could it not have been a certain video card manufacturer seeking revenge."

No, that's stupid. It doesn't even begin to compute.

Could it not have been a certain video card manufacturer seeking revenge.

DO you then suggest that the piles of shit being typed in this forum have any more truth to them than mine?

If so then run down to the local clinic and get your head xrayed and check for content.

Grow up people its all just a P/R gimic .....think for once on your own, rather than take bits and peaces of other peoples ideas and call them your own

"I for one don’t believe the crap about the engine being snatched from under Valves nose"

So what does your infinite wisdom tell you about why the entire source code and a large portion of the game content is now spreading like cancer on the net.

Valve did it on purpose? Sure, something that is probably going to cost them millions, just for an excuse the delay the game? publicity? Are you on crack. This is valve we are talking about, second to only 3drealms when it comes to delaying games and broken promises, why in the hell would anyone think they would do something this screwed up on purpose for a delay. Get real.

If you're going to develop conspiracy theories come up with something remotely believable.