Guys and gals, the hacker isn't the problem.

[Mountain Man]

I was arguing against your claim that stupid people who leave their cars unlocked shouldn't be blamed when it gets stolen.

And I was merely stating that failing to adequately secure a car is not even in the same realm as stealing it.

But regardless, the analogy is faulty because Valve didn't do the equivelant of failing to lock a car door. Instead, it's like they put the car in a garage with a remote control door opener and the thief used a variable frequency transmitter to cause the door to open. In this case, it'd be like arguing that it was the owner's fault for not removing power from the door opener.

In other words, how far must someone go with precautionary measures before you would no longer consider criminal action against them their fault?

 

[iamironsam]

Originally posted by Mountain Man
And I was merely stating that failing to adequately secure a car is not even in the same realm as stealing it.

But regardless, the analogy is faulty because Valve didn't do the equivelant of failing to lock a car door. Instead, it's like they put the car in a garage with a remote control door opener and the thief used a variable frequency transmitter to cause the door to open. In this case, it'd be like arguing that it was the owner's fault for not removing power from the door opener.

In other words, how far must someone go with precautionary measures before you would no longer consider criminal action against them their fault?

I totally agree that Valve had a lot more security than most people give them credit for, my first post was all about that. I don't personally think Valve is to blame, like I said. The only thing they could have done differently is kept their workstations completely seperate from the internet, and that's not even 100% secure cause of disgruntled employees.

That's not what I responded to you about, it was when you stated that people who leave their cars unlocked shouldn't be blamed when their car gets stolen that I had to inform you that you're living in a fairy tale world (or Canada, you seen Bowling for Columbine? Hilarious).

Anyway, we've basically been in agreement about the topic of the thread all along, so I'll just quit here.

 

[KagePrototype]

is it really that hard to just say:

both parties are to blame?

Valve obviously didn't have enough security
The hacker knowingly stole property

There. Wasn't hard was it?

 

[Ahnteis]

Originally posted by iamironsam
Oh yah? Check my first post in this thread shmuck:

http://www.halflife2.net/forums/showthread.php?s=&threadid=13391&perpage=15&pagenumber=1

At least my ignorant ass reads through the threads before bashing people for crap read out of context.

Looks at thred. Oh - it's this thread. Ok - let's see how much you know about Valve's security and how they were hacked according to your own thread.

This wasn't even a hardcore hacker. This was a easy hack.

That's it. That's all the knowledge you profess right there.

You have shown *0* knowledge of how Valve was hacked, and grand total of *0* knowledge about their precautions against being hacked in the first place. Congratulations, you have so far shown that you know *NOTHING* about the situation other then the fact that they were hacked.

Claiming to be a network security expert, true or not, does not give you inside information as to how they were hacked or their own security precautions prior to being hacked.

So far the only information released by Valve is:
1) We were hacked.
2) We *SUSPECT* that the initial penetration was through outlook.

 

[The Mullinator]

Is it just me or are the majority of people that post bad things about Valve usually come once to post their feelings and then leave never to return, not even to support what they said.

 

[Chris D]

It is correct Mull...

They can just simply never back up their statements far enough.

 

[Saltpeter]

The only difference between Valve and the hacker is that the former made a mistake and the latter made a mistake on purpose.

Add to that that making that kind of mistakes on purpose is illegal and you got the reason why Anonymous is in fact the problem. No hacker, no problem.

 

[Peleus]

Its a girls fault for being raped, just because she didn't hire 3 bodyguards to follow her around everywhere.

How stupid is that, no matter how you look at it, its the hackers fault for hacking into valve, plain and simple.

 

[Kadayi]

If there was ever such an thing as a water tight security system then there wouldn't be the need for security advisers. People are ingenious and all forms of software defense arise in response to a software offense.

If a hacker discovers a way in which to exploit a loophole, and that exploit isn't known then there exists no way to prevent it until after it has occurred. I'll credit that Valves online security was probably of a reasonable standard no doubt similar to other games companies, because these aren't the sort of people who expect to be targetted in such a manner. I'll also credit that the perpertators of this crime were not only very determined, but also very smart. The truth is we will probably never know, but unfortunately we must live with the consequences (delays).

As regards the idea of Valve running everything game related over a secure intranet, lets just burst that idealists bubble with a few choice words:- Steam compatibility, Online net multiplayer testing.

 

[Typhon]

people need to stop using victimless crimes as examples.

this is not a victimless crime. Valve is the victim. That makes it not their fault.

OT: OMG, Chris_D is a mod. now we're all doomed. just kidding, chris. congrats.

 

[staddydaddy]

Originally posted by vitalsign0
Valve is solely to blame.

I am in charge of network security. Hackers frequently try to get through. If they do, I lose my job. My job is to protect my client's assets. If I don't, there is no one to blame but myself.

This wasn't even a hardcore hacker. This was a easy hack. Valve didn't pay much concern to protecting there product or the Havok 2.0 engine.

To blame this mess on the hacker is just removing the blame where it lies, on Valve. They weren't proactive in protecting their assets and made their product available on a nonsecured computer(s). This is unexcusable.

That's like saying that it's the polices fault that charles manson killed all those people. Just because the police cant be everywhere at once doesn't differ the blaim from charles manson. He killed those people and no one else did. Charles Manson = hacker, police = valve

 

[ookami]

Actually, I don't think it was ever proven that Manson killed ANYONE. He got his lackeys to do it.

 

[justice strike]

there is a very simple reason the insurance company wants YOU to lock your doors (any doors of a car etc..) it's not much different for software insurance companies. if you didn't have enough security they just ain't gonna pay you any money because it's YOUR fault (yup seriously that's what they going to say)

remember (computer) security is not about making it water tight. (Computer) Security is about making it hard enough to break in to discourage people from doing it. If they broke in and stole stuff security failed to discourage people from stealing.

 

[alco]

Originally posted by Typhon
OT: OMG, Chris_D is a mod.

...hold me

 

[Rift]

I dont think anyone wants to hear about this crap anymore, personally im sick of people blaming this hacker thing on anyone they can think of. And it's nearly always someone from Valve, or Valve itself. Get over it, it aint gonna make the game come out any quicker.

 

[Mountain Man]

Originally posted by iamironsam
That's not what I responded to you about, it was when you stated that people who leave their cars unlocked shouldn't be blamed when their car gets stolen that I had to inform you that you're living in a fairy tale world

No, I'm not living in a fairy tale world. I just think it's unfortunate that in a case like this, the victim is treated like the criminal.

(or Canada, you seen Bowling for Columbine? Hilarious).

I've not seen it yet, and while I'm sure it is very funny, you should keep in mind that Michael Moore is a shill and that his films should be considered fictional rather than the real life documentaries he tries to pass them off as. This article does an excellent job exposing him for the charade he really is.

 

[DimitriPopov]

I dont blame a criminal for robbing a liquor store , its the owners fault for leaving the door unlocked!!!

 

[JtM]

Actually Bowling for Columbine wasn't a work of fiction. Watch it and see.

 

[Mountain Man]

Originally posted by DimitriPopov
I dont blame a criminal for robbing a liquor store , its the owners fault for leaving the door unlocked!!!

That statement is so absurd, I can only assume you're being tongue in cheek.

 

[GhostValkyrie]

Originally posted by Mountain Man
No, I'm not living in a fairy tale world. I just think it's unfortunate that in a case like this, the victim is treated like the criminal.

I've not seen it yet, and while I'm sure it is very funny, you should keep in mind that Michael Moore is a shill and that his films should be considered fictional rather than the real life documentaries he tries to pass them off as. This article does an excellent job exposing him for the charade he really is.

Well said. He seems to enjoy pushing rhetoric, and making blind accusations, for his benefit. I agree completely. Now then, back to the topic at hand. The hacker may not be what delayed the game, but he is a problem. He's a criminal, not a hero.

-Ghost.

 

[Dhoco X]

Let's be friends ! ;(

 

[peoplesuc]

HACKERS ARE GAY! NOT ALL GAY PEOPLE ARE HACKERS.

That's like a serial killer saying that the cops didn't do enough to stop him.

That's like saying that the woman wanted to be raped because she dressed so sexy.

That's like saying JEWS wanted to be exterminated because they were being exterminated!

Come on people what kind of ****ed up logic is this? : Valve wanted to get anally raped because they didn't lock up their dev computers in a walk in safe and didn't hire Hell's Angles to guard that stash 24/7.

Was the game 100% complete a week or so before sept. 30? A true artist would say that his work is never complete and that he can always improve upon it. Valve probably was optimistic in june that they could pull it off. As the summer passed I'm sure that like all human endevors not everything that gets put on paper can be implemented at 100% effeciency.

Does the grand theft of the source code affect the time it will take to release the complete game? HELL YES!!! To say that the 'quacker' (qweer hacker) has no affect on the delay is a distortion of reality. Steam/online play/future licences of the engine have all been comprimised. If this
'quacker' had any respect for the company then at the VERY LEAST he/she/it sould have waited, at least a year AFTER the complete game was released, to leak the source code.

Personally if I ran the company I would have scraped the project completely and started on a new game. This would teach the hacking community to stop ****ing with working families that depend on each and every penny that a game brings in. Also the fanboy community could spend their money on clawhammers and plant the business end into the cranium of the bastard 'quacker' responsible for their misery.

Get real people. The game will be realeased in at most a year. The game will be about $50. There will be a little bit more new content produced because of the leak. The game will be kick ass!!!

 

[vitalsign0]

Originally posted by Chris_D
It is correct Mull...

They can just simply never back up their statements far enough.

Oh I can, but not against a full tide of irrationals.

We aren't talking about robbing a liquor store or Manson for Christ's sake.

We are talking about a computer, connected to the Internet.

For those of you who don't know about the Internet, let me explain it to you. As you sit here and read, your ports are being scanned and your packets are being sniffed all looking for holes. The script kiddies from IRC are running programs on top of programs for the hell of it.

The Internet is more like a battlefield with bullets constantly flying and if you sit in the middle of it unprotected, you are going to get hurt. That is what Valve did. Sat its ass in the middle of a field with bullets flying and it got hit.

I am sitting in front of a SQL server housing critical financial data and guess what, it is not nor has it every been on the Internet. The firewall is also further configured to where the ports are closed that would allow rouge attacks.

The server is further protected by 2 layers of users/passwords to even access the server, then another to access SQL, and another to access the program supplying the data.

Knowing how dangerous the Internet is and to have the Source code on a computer you are replying to emails from is just pure STUPIDITY.

 

[mrchimp]

Gabe Newell is not stupid, fat maby but not stupid.

 

[vitalsign0]

There are also ways to encrypt TCP/IP traffic through IPSec and a certificate server to where even if someone did hack into the system the hackers computer would be unable to read the data.

This is Network Security 101.

 

[Mountain Man]

Originally posted by vitalsign0
Knowing how dangerous the Internet is and to have the Source code on a computer you are replying to emails from is just pure STUPIDITY.

Whoever said the source code was on Gabe's computer? What little information we have on the matter suggests that Gabe's computer was only the entry point and the hacker used other means to gain access to the network and in turn the source code. It wasn't a random script kiddie attack but a specific and deliberate operation using custom software.

While you are no doubt proud of your little security set-up, it's not impossible that a determined individual with sufficient skill and motivation could fly right under your radar and root the network at will.

 

[mrchimp]

Mountain man is right.

BTW vital is your inner network of a star,bus or circle configuration and while your at it why don't you tell use what encyption algothrim you use and while we'r on the subject of encyption why don't you enlighten use to how and when it sends the key? also about this database, is it on a Unix server?

 

[Caminante]

Originally posted by Dedalus
it's not advisable to do this. you're gonna get a million 12 year olds raining fire down on you.

but how isn't the hacker a problem? even if everything was secure the hacker would still be present, and maybe he would eventually get through. how do you know it wasn't a hardcore hacker? how do you know it was an easy hack? how do you know Valve didn't pay much concern to protecting their product? as far as i know, Valve has not publicly blamed this on anyone. so who's been blaming the hacker apart from the community? how do you know they weren't proactive in protecting their assets?

don't state your opinion as fact, and more importantly, if you're going to make such rash statements back them up with proof for goodness sake. you can't be well educated if you don't know that simple fact. state your assumptions, then state the proof for those assumptions. think before you type please.

How do you know this, how do you know that? With the amount of data that was stolen, give us a pretty good idea of how stupid and incompetent were the Network admins and period.

 

[Nuclear_Gerber]

I just think that putting everything hl2 related out of the network, not connected to the internet, would be the smartest idea.

 

[Drazula]

There used to be a time when people didn't have to lock doors, or have firewalls. The more we lock ourselves in to protect ourselves, the more freedom we give up.

Valve was/is very open and close to the game community. This openness was cruelly used against them. How open will they be now?

 

[Non-Sequitur]

Originally posted by Drazula
There used to be a time when people didn't have to lock doors, or have firewalls. The more we lock ourselves in to protect ourselves, the more freedom we give up.

Valve was/is very open and close to the game community. This openness was cruelly used against them. How open will they be now?

You wouldn't happen to be the Drazula of the 3DRealms forums would you?

 

[ComradeBadger]

Pointless thread. Going nowhere... moved.