lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200310051649.h95GnEHi081870@grenada.globat.com>
From: mvp at joeware.net (Joe)
Subject: Half-Life 2 source code stolen through IE exploit

The subject of this shouldn't be what it is... 

>From some of the other articles floating around on this only eWeek seems to
have really gone after the MS angle so they could use that subject to get
more attention. All of the other articles are a single line of the entire
article where Gabe states **we speculate** it might have been this but then
make statements that throw doubt on Valves security as a whole and the focus
absolutely isn't an IE hole. Just that it might have been and his Windows
machine was acting kwerky for a bit.

It might have been a hole in IE. It also might have been someone running
some random attachment from someone  or it might have been Colonel Mustard
in the Kitchen with the Candlestick or possibly an employee trying to
impress some chick to get laid or simply make a point. See bottom of
http://www.neowin.net/comments.php?id=14171&category=gamers.

Barring any "bad activity" from internal sources, if someone could get onto
Valve's internal network with info from a simple keylogger or even if given
a single password, Valve has some serious issues they need to work out
before ever attaching to the internet again. 

As someone else posted and I paraphrase, "how can you trust the software
from that company now?". It sounds like they have no understanding of who is
doing what with it. 


  joe
 


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Thor Larholm
Sent: Friday, October 03, 2003 4:20 AM
To: ntbugtraq@...tserv.ntbugtraq.com
Cc: full-disclosure@...ts.netsys.com

http://www.halflife2.net/forums/showthread.php?s=e6e7d0ce0abe19997425ef50fa7
fe1df&threadid=10692



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/unpatched - 31 Unpatched IE Security Vulnerabilities

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ