lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: ALudwig at Calfingroup.com (Andre Ludwig)
Subject: Semi OT, Half Life 2 source code leaked due to Outlook flaw.

All I can say is I hope that EVERYONE takes note of this hack.

>From the description of the official mouthpiece of Sierra software it sounds
like his machine was root kitted.  Any thoughts on this?

Ever have one of those weeks? This has just not been the best couple of days
for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my
email account. This has been determined by looking at traffic on our email
server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on
executables would crash explorer). I was unable to find a virus or trojan on
my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my
webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at
Valve. Our speculation is that these were done via a buffer overflow in
Outlook's preview pane. This recorder is apparently a customized version of
RemoteAnywhere created to infect Valve (at least it hasn't been seen
anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of
denial of service attacks targetted at our webservers and at Steam. We don't
know if these are related or independent.

Well, this sucks. 
What I'd appreciate is the assistance of the community in tracking this
down. I have a special email address for people to send information to,
helpvalve@...vesoftware.com <mailto:helpvalve@...vesoftware.com>. If you
have information about the denial of service attacks or the infiltration of
our network, please send the details. There are some pretty obvious places
to start with the posts and records in IRC, so if you can point us in the
right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community,
and I can't imagine a better group of people to help us take care of these
problems than this community.

Gabe


http://games.slashdot.org/games/03/10/02/1547218.shtml?tid=126&tid=127&tid=1
56&tid=186

http://www.shacknews.com/onearticle.x/28619

Andre Ludwig, CISSP

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ