Avant de parler renseignez vous… CE N’EST PAS UN FAKE / HAOX TOUT EST DE SOURCE OFFICIELLE ( TRACEROUTE VALVE CORP. )
"Normally something like this wouldn’t be considered news worthy, however we felt this specific situation called for a notice that was sure to grab attention.
There are hundreds of users on the HalfLife2.Net boards and elsewhere that are near convinced that Gabe Newell’s posts on this board are as fake as the e-mail that mislead thousands of fans less than a week ago. Many are at the very least skeptical about Gabe’s interaction on our boards, raising many questions and concerns about its authenticity.
Gabe has taken interest and posted on our forum previously, and quite honestly his relationship with this community is too often taken for granted. Unfortunately up until this point the staff here haven’t been able to give anyone any solid reasons as to why we actually know that it’s him. For peace of mind and to attempt to reassure those of you with doubts, we ran a traceroute on the IP that posted Gabe’s call for help and as expected, it originated from Valve Software’s offices in Seattle (the same details that appear in legitimate e-mail headers from Valve Software employees).
While we won’t post the IPs or hostnames here publically for obvious reasons, if you’re a member of the press and would like to see the traceroute for yourself, I have no problems with you taking the time to e-mail me." Source hl2.net
Valve s’est fait hacker. Mais ce n’est pas un hack banal, tout à été très planifié.
En effet, un trojan a été crée spécialement pour l’occasion (version modifiée de RemoteAnywhere, donc indétéctable par les meilleurs antivirus même updatés).
Des keystrokes recorders (spywares qui espionnent les touches tappées, de très petite taille) ont été introduits dans le network de Valve (pour récuperer les passwords) à l’aide d’une faille buffer overflow d’Outlook.
Les attaques DoS ne cessaient pas (dans le but de détourner l’attention de ceux qui gerent la sécurité du reseau).
Pour finir le code a été copié et volé simplement avec les passwords récupérés a l’aide des keystrokes recorders cela explique notament comment les hackers ont transferé 168 Mo rapidement. Le code source fait 32 Mo compréssé et 168 Mo décompréssé.
On y trouve divers bouts de sources/sources complêtes (vielle d’1 mois, mais admettons qu’ils ont bossé à fond pendant ce dernier mois et qu’ils ont bossé pendant 3ans, la source actuelle n’est que 1/36eme de fois differente à celle en libre download donc quasiment identique) tel que celle d’hl1, d’hl2, de cs, de tfc2 et de duke nukem forever (nan je déconne). Mais aussi, le fameux moteur Havok.
D’après ce que j’ai vu c’est une source immense pour tout programmeur amateur ou professionel (5ans de travail qui a couté surement des millions de $).
Donc on peut s’attendre à des similitudes des prochains jeux avec half-life2 (le moteur physique étant excellent j’espere qu’ils s’en inspireront ).
Le coup est dur pour Valve, Havok, Vivendi. Le plus interressant sera de voir si les problèmes qu’avait Nvidia avec hl2 étaient légitimes ou truqués, si Valve respectait la GPL, ou si Valve utilisait des spyware, backdoors, etc…
De plus, nous savons que la même mésaventure est arrivée à ID Software (doom3), et une partie du code source de doom3 a été volé. Ces vols, bien que ‘virtuels’, ont des valeurs immenses (millions de $). Logiquement, cette affaire est donc suivie par le FBI dans le cadre de la campagne américaine de lutte contre le piratage (du moin pour doom3, mais la news hl2 étant fraiche on peut s’attendre à les voir venir).
"I will say one thing. Whoever did this has gone a ‘step to far’.
Writing cheats is one thing. Reverse engineering out how to write them is another. But, breaking into a company to steal the code is not on. I work for the software industry myself, my sympathys are with the Valve team…
…if you know who did it… let them know on helpvalve@valvesoftware.com. I know we cheat/wreck their game. Without them, there is no HL/CS/HL2, is there?" Joolz createur de OGC (cheat pour cs), Source hl2.net
"Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
-
Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
-
Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
-
For the next week, there appears to have been suspicious activity on my webmail account.
-
Around 9/19 someone made a copy of the HL-2 source tree.
-
At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook’s preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn’t been seen anywhere else, and isn’t detected by normal virus scanning tools).
-
Periodically for the last year we’ve been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don’t know if these are related or independent.
Well, this sucks.
What I’d appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can’t imagine a better group of people to help us take care of these problems than this community.
Gabe" Gabe Newell Managing Director Valve Software, Source hl2.net
[i]http://www.halflife2.net
http://www.halflife2.net/forums/showthread…;threadid=10692
http://www.schroet.com/scenenews.php?id=2074
http://cgi.gamefaqs.com/boards/genmessage…;topic=10364670[/i]
Ce message a été édité par b0by le 03/10/2003