HL2 Source code Leak

1. NFS does suck
2. it is a Sun invention, not really a part of ‘unix’
3. Although NFS does suck, I would certainly take it over CIFS/SMB/netbios any day.
4. No sane admin would expose either to unfirewalled internet, but the default windows installation does exactly that.

Security has much more to do with proper policy and procedures than the particular software used. OTOH, Microsoft has produced, and continues to produce some of the most outragous security gaffs in the industry. Combine that with the fact that it is the most widely deployed desktop OS, and the fact that many of it’s users are completely clueless, you have a recipe for widespread security problems. Microsofts mail and web clients have repeatedly show themselves to be complete and utter trash from a security point of view. Not only are remote code execution exploits regularly found, often they are only small variations on exploits which were previously ‘fixed’.
For your enjoyment:
http://pivx.com/larholm/unpatched/

win2k and XP are an improvement over previous efforts, but the default installations are still hopelessly insecure. Many unix and linux distributions suffer from the same situation.

All the current situation with HL2 does is show how little attention even high profile developers pay to security. That fact that it was a windows exploit is not surprising, but, IMO, not particularly significant.

More oil for the microsoft vs linux fires …

http://www.overclockers.com/articles843/

Sock
:moo:

It’s not that they have to be “forced into paradise,” it’s that they’re locked up in chains, only allowed to see the shadows on the wall–they don’t even know that paradise is out there.

Oh, and by the way: Ed Stroligo is a jackass fanboy. I’m surprised Bill Gates can manage the walk from his office to the official “watch Ballmer do the monkey dance” ballroom with Stroligo crammed so far up his ass. Here, read this: http://www.overclockers.com/tips00376 and then try and refute his jackass-dom with a straight face. I mean, come on. This is SplashDamage–we know for a fact there’s going to be multiplayer in Doom 3. How can you of all people take this guy seriously, Sock?
;^)

For the apropos musings of somebody whose opinions might be more universally valuable than those of such a cretin as Stroligo, check this out: http://www.spack.org/index.cgi/InTheBeginningWasTheCommandLine#head-5e1cc52ee9dc9b01ec3e086a2ff90add329a43a7

From “In The Beginning Was The Command Line,” an essay on the state of affairs of operating systems (of all things), by Neal Stephenson (of all people). Yes, that Neal Stephenson–the Snow Crash guy.

[i]post-script:

From that same Stroligo article posted above ( http://www.overclockers.com/tips00376 ):[/i]

[i]
I could hardly have fabricated a more stereotypical uber-conservative, factually-ignorant (or perhaps “apathetic to the nature of fact” is more appropriate–if not simply “deviously dishonest”) soundbyte even if I put my mind to it. I mean, come on! It was a mathematician (you know, a guy who is interested in mathematics)–not some government or its military–that gave birth to computing.

I reiterate and abbreviate: Ed Stroligo is a jackass.[/i]

a rather desperate attempt to put the blame of hl2 source code theft onto linux users. pretty sad really :moo:

i’m beginning to think we need a new godwin, for 9/11 references.

btw I thought sock used a mac?

Amen.

I’ve hardly understood anything in this thread, just thought I’d mention it. :???:

No, but he can be often seen sporting a nice wooly fleece.

You’ve obviously never had the misfortune of using Pegasus mail.

:banghead:

I did say I was pouring OIL on to the debate and generally waving the wooden spoon, god forbid Im certainly not taking sides TBH I don’t care want OS people use and I’m surpised that people are arguing about OS preferences considering the topic was HL2 missing code. Oh well back to MS calculator and notepad on my Apple Mac running a PC emulation!

Sock
:moo:

so, what really is missing from this long and drawn out “ms vs. open source” debate is the fact that they were going to get hacked no matter which OS the had. Linux, Unix, M$ etc are ALL hackable. Some just take more time and (hopefully) longer attacks allow detection mechanisms to determine that an attack is under way. As we all have learned in computer security courses: Computer security is not absolute. There are holes.

As far as how much of the code was taken? I have been told that quite a bit of code was stolen. This will hurt the multiplayer community with all the hacks out there BUT most of them will just be variants of eachother really working on the same hole. Perhaps in good spirit of the open source mantra people have been chanting, you can look at the code and patch them?

I certainly hope some good manages to come from this incident–and while I value greatly the spirit of the Open Source community, I really doubt any of the potential “good” here will come from that direction. Instead, I bet that Valve may take this opportunity to rewrite some stuff that they may have considered publishing, for the deadline’s sake, even though they themselves knew it to be slightly half-assed. Any chance of theirs to make the game even better can only work out better for us as well. I mean, don’t you hate it when you buy a piece of software and you can tell that parts of it were rushed out the door? Maybe Valve will do the “right” thing, here, and remedy any such blemishes that were latent in the version of HL2 that got “phr33d.”

And, back to the much more important task of transmogrifying the SplashDamage forums into slashdot.org, let’s have a look at this, shall we? Here writes a fellow, Scott Granneman of SecruityFocus.com (you know, [i]the[/i] source for computer security issues), and he says: even if Linux/Mac OS X had Windows’ market share, there wouldn’t be nearly as many Linux/Mac OS X viruses as there are Windows viruses now–because both Linux and Mac OS X are intrinsicly safer and more secure than MS’s hole-ridden petri dish. (Get it? Petri dish? You know, how they grow viruses in petri dishes? Oh, never mind… I think I’m trying to hard with that one.)

Interesting article, shame it’s a load of crap.

The whole article bases itself around the premise of so called “social engineering” being easier on Microsoft systems because of the fact that it is a single shell system. All current versions of windows run the same underlying system and so are vulnerable to the same holes in it’s security. He then goes on to say that if everyone used linux this would not be a problem because linux is built around so many different architectures. Why do you think MS windows is the standard? Why do you think every tom, dick and harry choses it? The only people that run linux systems are those familiar enough with computer architecture and procedures to be able to understand the required usage methods. For linux to ever become a standard operating system, it too would have to merge into one standard architecture, with the same security holes on every linux system, otherwise 3/4 of computer users wouldn’t use it because they don’t have enough working knowledge to do so. With that in mind, the whole premise of his article is flawed.

The entire article is clearly biased towards linux by the way it goes on and on about linux’s plus points and the only negative it gets is a passing mention of “of course linux is not perfect, no system is”. Whereas MS get’s bitched about from the get go with not a single mention of it’s plus sides. Just because the guy works for a reputable security company does not mean he will be objective.

You should read that Neal Stephenson essay I linked to a few posts up–you’ll see the answer to that question is simply “because Tom, Dick and Harry don’t know any better.”

if they had kept their code development machines off the public internet, it wouldnt have happened – period. having such high stakes systems accessable through the internet was just a bad decision.

the other bad decision is, they discovered they got hacked, but took no action to secure their network once it was discovered. only AFTER the source code was stolen and posted on the internet did they do anything about it… :???: :???:

i just had to throw in on this one too.

to me it seems the main issue over all this is exactly what bani is talking about. SECURITY of your individual machine, your network, and your infrastructure. this is a lesson that everyone need to take to heart. the story even shows that high powered developers can be lulled into a false sense of “security”.

now a little build up for my main point–
as to the Micro$oft v. Linux/Unix/Mac debate, i personally used M$ products and IBM pc clones for years (starting around circa 1981ish for a point of reference, with a radio shack model 3 and trs-dos) so i have seen quite a bit of computer and systems advancement, i got out of the scene for several years, but got back in and discovered the wonders of open source.

after hearing all the hype about how microsoft has made XP the most secure windows ever and then seeing how the blaster worm took down hundreds of thousands, if not millions, of computers, one is amazed that they are still posting patches for more blaster type vulnerabilities. as a matter of fact they just released another patch for Internet Explorer (time to update again).

i installed linux for the first time about 2 years ago, and with a default install of redhat 7.1 after exposing the machine to the internet for
4 HOURS, it was hacked 3 times, it had even been set up as a packet sniffer. i was flabbergasted.

so to make a long story short (too late), i learned all kinds of valuable lessons that day, and what i did not know, i did research to find answers for what had happened to me. so i wiped and re-installed using what i had learned and my Linux machines have been more trouble-free than all my windoze boxes.

MAIN POINT:
But here is where i think the larger problem resides, most people don’t want to know anything about their OS, how to keep it secure, and what activities to be supicious of. they just want to be able to “surf the web” and “check email” (direct quotes from customers at the computer shop i work at). when i tried to explain a computer problem to a customer, this guy actually said that he really didn’t want to know anything about it. (my thought was why have a computer then?)

so rather than arguing about the OS (i have become a linux fan, but still use windows also) i think we should really be coming down on the computer users that are ignorant about really “using” a computer period.

now: to fan the Micro$oft vs open source debate:

open source generally finds bugs before they are exploited greatly.

microsoft only finds bugs after they have been exploited greatly.

:moo:

thanks to msblast, default installs of w2k/xp get hacked within 2 minutes of being put on the internet. put it on, and almost immediately it comes up saying its going to reboot in X seconds…

doing packet sniffing for our wan, we see roughly 20-30 msblast rpc worm scans per minute these days.

Hi!
Putting high stakes stuff on a computer with access to internet? Telling the public that the code has been stolen? Couldnt it be a market ploy? Or IS the code out there? Has anyone here had a chance to look at it? Does it look ilke the real thing? (Is it what the firm claims it is - a real game code?)
Some years ago, another firm: “We are going to withdraw the classic taste.” That got a lot of peoples attention. They never withdraw it. The threat was just a gas I think.
// Loffy

To be fair MS had a patch for that exploit weeks before msblast started spreading (but on the hand they have patched another RPC hole since then :disgust: ).

Wow, that’s a lot! It peaked at approximately 30 scans (30 unique IPs) per hour on my connection, but I think it’s down to 10-15 now.

Bad karma?

Or IS the code out there?

I assure you it most certainly is. I can also assure you that a lot of people will already have it. If it was fake, it would have been exposed as such already.