[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Half-Life 2 source code stolen through IE exploit

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Half-Life 2 source code stolen through IE exploit
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Sat, 04 Oct 2003 05:59:17 +1200

"Brown, Rodrick" <rbrown@doitt.nyc.gov> wrote:

> This is really sad there development network under all circumstances
> should not be connected to the internet. This is just lapse security on
> Valves part. Most big development shops have too workstations on
> separate networks just for this reason one network will be used for
> development only and the other for email/internet etc..

Indeed.

How much worse that instead of stealing the source and publicly posting 
it, the attacker had simply inserted a few backdoors into the code and 
checked that into the CVS?  Given that Valve is as careless about 
security as to alow the theft to happen, have you any confidence they 
would detect such a change anytime soon?

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Half-Life 2 source code stolen through IE exploit
  - From: "Brown, Rodrick" <rbrown@doitt.nyc.gov>

Prev by Date: [Full-Disclosure] Has Verisign time arrived ?
Next by Date: Re: [Full-Disclosure] Potential denial of service bug in Cisco Pix Firewall IOS 6.2.2 a nd 6.3.(3.102)
Previous by thread: Re: [Full-Disclosure] Half-Life 2 source code stolen through IE exploit
Next by thread: RE: [Full-Disclosure] Half-Life 2 source code stolen through IE exploit
Index(es):
- Date
- Thread