Google gets nuts

[Pierre-Marie Baty]

well doing a Google search can sometimes yield unpredictable results it seems...

I was scouring the net for the source code of a metamod plugin for CS that I knew was available somewhere and my eyes were caught by that URL...



now I really wonder if CS could be the solution to sexual problems in marriage, gotta try that out someday



(oh BTW before you ask, I was *NOT* looking for the leaked HL2 or CS source code, so don't bother offer to send it to me, I don't have any illegal stuff on my PC.)

[botmeister]

I found this on http://server.counter-strike.net/ Their internet security can't be that incompetent - can it?

CS:CZ Leaked
Posted By Kik :Jan 12, 2004, 18:36
» »

Rizzuh from csnation.net has just posted regarding the latest news on the CS:CZ leak. It's a dire shame some people are more than content to ruin such a brilliant game, before it's even officially released.

Here's a little preview on the post:

"Counter-Strike: Condition Zero has been leaked, for the second time in its life. Technically, the first leak was of Ritual Entertainment's version of the game back in October when the HL2 source code was leaked. This latest leak is of the Turtle Rock Studios version of the game which we previewed in October. There's no telling how old or new this leak is, but I will say that I previewed CS:CZ the day after the big HL2/CS:CZ leak was discovered, so it's quite possible that the intruder had the Turtle Rock files on hand and had been waiting to release them."

Read the full post on csnation.net

[HangFire]

It could have been leaked by someone at Turtle Rock. Isn't it made up of former Westwood employees?

[botmeister]

Quote:

Originally Posted by HangFire

It could have been leaked by someone at Turtle Rock. Isn't it made up of former Westwood employees?

There's mention of an "intruder" which indicates that the code was stolen from the outside, but perhaps the post is inaccurate and it was an inside job. If it was a break in, I wish we could find out how it happened so we can avoid making the same mistakes.

No matter, it must be a big mess for those who invested their money and time in the product.

[Austin]

Quote:

Originally Posted by botmeister

I wish we could find out how it happened so we can avoid making the same mistakes.

No matter, it must be a big mess for those who invested their money and time in the product.

I would have a separate LAN for the developers The source would NEVER be on any machine that was physically connected to the internet.

I would add software firewalls such as Sygate on all PCs in addition to the hardware firewalls. Email attachments would be filtered, decoded and scanned for viruses, and in addition to this they would also be checked for certain key operating system calls every virus needs to connect to the net, just to be sure we catch the newest ones not yet in any virus checker database.

I would also work out something I have been thinking about that I have not seen any where. I would develop a program that monitors processes. It would work like the software firewalls that watch every program trying to get to the net, but instead , this one would watch every process starting up. Once everything was configured it would easily catch weird new process trying to run that were not previously approved.

It really is a shame they were hacked so badly. We probably would have HL2 by now. It is infuriating to get hacked. No one should be involved with this STOLEN source code or game in any way….

[botmeister]

There are preview releases of the code, like they do with movies, and that could be the source of the leak - unless the source code was included. If there's source code, then it could of been a disgruntled employee doing the leak and no amount of network security will fix that.

Quote:

this one would watch every process starting up. Once everything was configured it would easily catch weird new process trying to run that were not previously approved.

This seems like an obvious thing to add to any operating system, makes me wonder why it has not been done. I'd add one more thing. Every process should be identifiable and tagged with security settings stating who is allowed to run them.

At the moment, I periodically do a manual scan to see what processes are running to make sure everything is normal. However, I don't see those nasty DLL's anywhere, and they can contain viruses.

Anyway, I'm moving forward with Linux, so soon I'll be dealing with a totally different set of problems, and hopefully viruses won't be one of them.

[Onno Kreuzinger]

Hi,
sercirity is not done in soft or hardware (which is just unflexible software). security is a question of concept, they simply don't want to make it the save way.
i worked for some sw companies, they all got pissed when i told them that buying some hardware would just make other people rich, but instead they would have to stop doing silly stuff: M$ internet software [allow me to i'm in within 14 days]; unrestricted phone access (every laptop has a modem); fully filtered and analysed http proxy only suitable for google (http tunnels are avail under GPL), a dictionary and other non-script inforation pages; no storage outside the personal liable IT admin's controll (no cdr/floppy, no lap top's); all remote work done using terminal services;...

and at position 50+ you will find things like better use DES3 instead of DES, since hacking DES is far more trouble some that building a trojan with a win32 kit, make it encrypted and compressed. put up a website some developer will have intresst in (does he like ducati, moutainbiking ar aleik); lead him there with spam or postings on his favourite board and GOTTCHA

i think you now can imagine how easy it is to do bad things, and having a second firewall is useless, it won't filter http on per request base, and wont stop your employees to fall in love with cheap social engeneering i can buy for less than a security concept...

cheers