***Gabe Newell needs our help, HL2's source is in the wild.***

I think nVidia is busy re-writing their n35 code path!

"Derek Wildstar" wrote in message
news:Vd4fb.671954$uu5.109452@sccrnsc04...
This is a serious matter, please spread this information to people you
think
can be of assistance.

Ever have one of those weeks? This has just not been the best couple of
days
for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing
my
email account. This has been determined by looking at traffic on our email
server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on
executables would crash explorer). I was unable to find a virus or trojan
on
my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my
webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at
Valve. Our speculation is that these were done via a buffer overflow in
Outlook's preview pane. This recorder is apparently a customized version
of
RemoteAnywhere created to infect Valve (at least it hasn't been seen
anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of
denial of service attacks targetted at our webservers and at Steam. We
don't
know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this
down. I have a special email address for people to send information to,
. If you have information about the denial of
service attacks or the infiltration of our network, please send the
details.
There are some pretty obvious places to start with the posts and records
in
IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community,
and I can't imagine a better group of people to help us take care of these
problems than this community.

Gabe


__________________
Gabe Newell

On Fri, 3 Oct 2003 08:10:12 -0400, "iggy" wrote:


You're the one, pardon my french, who needs to get a F...ing clue Mr. Wildstar (LOL)

Spanked, and yet strangely unaware.

I've always said the completely clueless have a much easier row to
hoe. Life can be completely miserable, but they haven't the sense to
realize it.

On Fri, 3 Oct 2003 12:50:00 +0100, Stoneskin wrote:

spamtrap@localhost left a note on my windscreen which said:

Not saying it's definatly a hoax but I'm inclined to think it is.

I think its the real deal, it would have been refuted by now if it
wasn't, and it was quoted by Gabe himself on the halflife2.net forum.

After I posted this I found the Gabe posting you mention. Certainly
adds alot of validitidy to it, I agree.

I find it pretty negligent and downright stupid to have critical stuff
like this on an internet enabled PC.


I agree. That was my first thought when I read about this.
Valve is not a small, struggling software company. I'd think they'd be
able to keep their code on a closed LAN with no access to the outside.

You might want to get out and read a bit here and there. This is the real
deal. It's not just HL2, but Team Fortress 2 as well. It's possible to
compile this stuff to .exe's using Visual Studio .Net. All that's needed to
play are the textures. I suggest going to http://www.warp2search.net/ and
doing a search on this stuff.

I can just imagine that when the game comes out someone can just upload the
textures somewhere and it will be possible to play, although I suspect just
copying the CD's will be easier...

Chris Smith

"Stoneskin" wrote in message
t...
Derek Wildstar left a note on my windscreen which said:

This is a serious matter, please spread this information to people you
think
can be of assistance.

Anything which says spread this info I'm suspicious of. It's the first
smell of something not quite right.

Ther is nothing about this on the Valve site. Why isn't this reported
there?

Not saying it's definatly a hoax but I'm inclined to think it is.
--

Stoneskin

[Insert sig here]

"ho alexandre" wrote in message
...
Derek Wildstar wrote:

5) At some point, keystroke recorders got installed on several machines
at
Valve. Our speculation is that these were done via a buffer overflow in
Outlook's preview pane. This recorder is apparently a customized version
of
RemoteAnywhere created to infect Valve (at least it hasn't been seen
anywhere else, and isn't detected by normal virus scanning tools).

That's what happens when you live dangerously. They could have installed
a firewall, they could have updated their antivirus's definitions, they
could have patched Outlook, they could have not used Outlook too.

They have enough work to do for a living, to add challenges like that.


You might want to go read up on what happened before you type this crap
because you have absolutely no idea what you are talking about. Everything
was up to date. Somehow, they used vulnerabilities in Outlook to install
keyboard recorders and such without anyone knowing it. This was custom
stuff that no virus scanner was going to find. Whoever did this did a damn
good job.

Chris Smith

"who be dat?" wrote in message
...
You might want to go read up on what happened before you type this crap
because you have absolutely no idea what you are talking about.
Everything
was up to date. Somehow, they used vulnerabilities in Outlook to install
keyboard recorders and such without anyone knowing it. This was custom
stuff that no virus scanner was going to find. Whoever did this did a
damn
good job.

Chris Smith



No matter what, I can usually count on you to be up to date and informed
Chris, unlike most of these readers...this was indeed a very sophisticated
black-bag job.

Without turning on the conspiracy amplifier, either this was an inside job,
or the work of the best Corporate spies money can buy.

who be dat? wrote:
You might want to go read up on what happened before you type this crap
because you have absolutely no idea what you are talking about. Everything
was up to date. Somehow, they used vulnerabilities in Outlook to install
keyboard recorders and such without anyone knowing it. This was custom
stuff that no virus scanner was going to find. Whoever did this did a damn
good job.

Well in that case they shouldn't have used a software that has serious
vulnerabilities.

Moreover there are official patches that prevent attachments to be
interpreted while using the preview pane. And it is possible to not
interpret HTML in mails, even in Outlook.

Moreover, once the keylogger is in the place, it still has to send the
result back. A firewall can prevent those things from happening. I doubt
the keylogger is only VBS !


--
XandreX
/I'm that kind of people your parents warned you about/

who be dat? wrote:
because you have absolutely no idea what you are talking about. Everything
was up to date.

How do you know that ? Who are you ?



--
XandreX
/I'm that kind of people your parents warned you about/

ho alexandre wrote:
who be dat? wrote:
because you have absolutely no idea what you are talking about.
Everything was up to date.

How do you know that ? Who are you ?

Chris Smith admitted to being an ATI employee some months ago. But
regardless if that entitles him to inside knowledge from valve or not, the
claim from Newell is that everything was up to date.

However, something smells. There isn't an IT department on earth that isn't
aware of the dangers of keeping mission critical data or code on any
internet enabled computer. There is no excuse for such sloppiness -
especially when they say they've been DOS'd a few times and have experienced
other attacks over the last few months. Either they are completely
incompetent about their own security, or this is bull****.

Perhaps someone from valve leaked a CD full of engine code at the last trade
show. Perhaps Newell left a portable drive behind at the last European
convention or at some interview. Perhaps anything. I would certainly think
that crying "Hackers!" might take some attention away from whatever really
might have happened. Someone is trying to avoid losing their job or maybe
even being criminally prosecuted. It wouldn't be the first time in history
that crying "Thief!" (or in this case, "Hacker Thief!") saved some
incompetent fools' job.

"i'm_tired" wrote in message
. net...

It wouldn't be the first time in history
that crying "Thief!" (or in this case, "Hacker Thief!") saved some
incompetent fools' job.


That's a wonderful theory, except it makes absolutely no sense: Gabe Newell
himself is reporting the loss, and he has the most to lose.

Why would he make this report, unless it was the truth?

I assure you, they understand security, and how important their data is.
Think more, type less.