Official Halflife2.net "We're going gold monday..." Annoucement

It is infact quite possible to snatch a MD5-crypted password.
At least. I know it is possible with the old 2.*** Vbulletin, so it might be possible with other forum software too.
The way I used to test Vbulletin, was the option to "link to other pictures".
In PHP you can make dynamic pictures, that respond to what info it gets from the User.
Example: I used my png.php (that appered as a picture) to grasp out for every cookie, the user had from THAT forum, for later to attack it with hashes.
So if we consider that was the way it was done, then our hacker now has all the login information from the cookies from the forum. Stil the password is md5-crypted. But if you have got enough time on your hands, you can attack it with hashes, until you get a match, and there you have his password.
I know that on my pc, a 4 numbered password takes 19 seconds to find. And 8 about 2 weeks, and so on. So if you have the time, it is possible.

Sorry for my bad english :)
 
The entire universe would collapse before someone could decipher an MD5 hash...

Correction. MD5 has already been cracked... :O

Use SHA1 instead.
 
No no no. You ofcause can't decrypt a md5. But that doesn't make it impossible.
The way it is done, is a program where you handle over the md5-hash, and then it crypts a to md5, then b, then c, the a1, b1, c1, the, ab, bb, cb and so on. My pc can make 19.899 different combinations per. sec. With time on your hands, it is NOT impossible.
 
lans said:
Why don't we wait for monday. I just send basically an email to everyone at valve asking if this is true or not. We'll see.
Click to expand...
:( last time I did that It didn't go over well with them.
 
Bullshit.

Dr. Shim said:
The entire universe would collapse before someone could decipher an MD5 hash.
Click to expand...

Guys who built Titanic said:
There will be raining snow in Hell before this baby sinks.
Click to expand...

Personally I think it's a fake. But, I sincerely hope that I'm wrong.
 
*gets out his crowbar*

Sounds like it's time for some of that time-tested vigilante justice.

Err, if it turns out to be a fake that is. Headcrabs or hoax making hackerheads... not a real big difference when it comes to the crowbar.
 
This should be called
'Official Halflife2.net "Were going gold monkey..." Announcement.
 
Gabe posting from his home compy? I think he is a bit cleverer than that, he would know that people would get suspicious when the IP was different and write a bit more than one sentence...or wait until he got his hands on a computer with the right IP.
 
Assuming what I've read is true, his home computer wouldn't resolve to a site for Jimmy Hendrix merchandise.

And even if it what I hear was not true, I'm pretty sure the Half-life Fallout guys would recognize one from his house. He's probably posted from there before.
 
Tork said:
Yeah its not hl2fallouts fault for all of this, could have happened to anyone if it does turn out to be a fake.
Click to expand...

Damn right, it's not possible for a news poster or moderator to check peoples IP's, so untill one of the Admins came online e.g MrBond, the posts authenticity could not be verified with the exception of e-mailing Valve.

As all of Gabe's previous posts had been real so there was no reason for Shadow or whoever posted it on the front page to believe it was fake other than it was a bit far fetched...

I just read the post myself (from a screenshot) and it doesn't look like Gabes style, but if you look at how many other people have been fooled by it (not least of all the major gameing news sites), it's unfair to blame Shadow. Not everyone is as cynicle as the HL2.net administration.

Of course we at HL2F are sorry to anyone who got there hopes up over this (if it is indeed fake), but we won't take any blame for it. Untill I saw Munro's post I didn't even think anyone would try blameing us. Although I personally I think Munro has got the wrong end of the stick:

Why was that post by “Gabe Newell” allowed to stay on the forums and reported on by your news team without confirmation that it was true and your belief that it could very well be a fake?
Click to expand...

I gather from that question you think that we have thought it might be a fake account for a while and just not told anyone untill now? If that was the case then your stance would be understandable.

As for the wording of the front page news post... it makes it sound like we were treating the Gold post as 100% real after concerns about the IP address were raised which is not true.

It also implys that we're not bothered about hurting Valves reputation by supporting the Gold post. Which once again is not true. Also how will this hurt Valves reputation? and how will you not treating it as the truth stop it being hurt?

For a very "official" sounding statement it hasn't been thought through very well. There are some very proffesional staff members on the HL2.net team, next time there's a sensitive issue let them deal with it. Atleast they don't give other fan sites backhanded insults (intended or not).
 
Id also like to know from Mr Bond what caused him/hl2fallout to say that this was a possible fake other then the ip's being different since he himself said that Gabe had used 3 different ip's after all this took place.
 
PlagueX said:
It is infact quite possible to snatch a MD5-crypted password.
At least. I know it is possible with the old 2.*** Vbulletin, so it might be possible with other forum software too.
The way I used to test Vbulletin, was the option to "link to other pictures".
In PHP you can make dynamic pictures, that respond to what info it gets from the User.
Example: I used my png.php (that appered as a picture) to grasp out for every cookie, the user had from THAT forum, for later to attack it with hashes.
So if we consider that was the way it was done, then our hacker now has all the login information from the cookies from the forum. Stil the password is md5-crypted. But if you have got enough time on your hands, you can attack it with hashes, until you get a match, and there you have his password.
I know that on my pc, a 4 numbered password takes 19 seconds to find. And 8 about 2 weeks, and so on. So if you have the time, it is possible.

Sorry for my bad english :)
Click to expand...

Thank you! I don't know why everyone on here seems to think MD5 is "uncrackable." Anyway, this seems like a moot point, because people are instantly assuming that someone guessed his password. What if someone had instead compromised the server and then, for example, added an if statement in the login script to check for a backdoor password that would in fact bypass all MD5 authentication and instantly log the user in?

But with Gabe Newell's track record of security mishaps, someone probably just got into his PC with some 2 year old exploit he never got around to patching and then installed a keylogger.
 
Revisedsoul said:
cheer up lads. he could be posting form his house :Dassuming gabe doesnt live at valve
Click to expand...
If i worked for Valve i would move in and live there for sure. :LOL:
 
Why would someone say going gold Monday? Why couldnt they just say its already gold Today? I dont understand why they would say monday, even tho I never herd of a gaming company announce that its going gold in a few days but sense HL2 is so hyped up I thought Gabe would still let us in. Also I noticed Gabe online before he posted that for acouple minutes he was checking out his profile or something...So I thought "Hey maybe hes going to post some new's" and I notice Gabe always online for a few minutes before he posts his Big Messages...
 
How come Valve aren't confirming if the post is legit or not?
 
Because it's the weekend.

---

If Gabe appeared as online before the post then the chances that somone hacked strait into our database and simply added it become less likely.
 
I'm sure someone from Valve will tell us this is a fake... on Monday!
 
mrchimp said:
Because it's the weekend.

---

If Gabe appeared as online before the post then the chances that somone hacked strait into our database and simply added it become less likely.
Click to expand...

Well, you have expected at least one of the Valve team to have come across this and informed Gabe. I guess we will have to see and wait. I hate waiting.
frown2.gif
 
Argh! I thought the news page said "Official half-life2.COM announcement"...Now I read again and it indeed says halflife2.net
 
Hmm, can't even connect to hl2fallout right now.
My two cents: no way gold on monday.

Element Alpha said:
Putain de salau de fils de putte de ta race va te faire sucer par un cannard espece de crotte de chamau moustiqueu en chaleur.
Click to expand...
Absolument. Je comprend pas pourquoi quelqu'un ferait ça. Mesemble qu`il y a d`autres choses à faire dans vie simonaque.
 
Hl2fallout is down, since any hours. I think, that was a fake, but i didn´t hope that.
 
It turns out HL2fallout's raw PHP files were up for grabs earlier that day wich contained the SQL passes. With those passes, some person has changed Gabes pass and used his account. I'm sorry to say, but it is indeed, fake.

I hope HL2F takes appropriate action (search through the database for inconsistencies and such, maybe even delete the user DB) before they get back up. As of now, every account there could be taken...
 
If it was legit the only way it could have happened is. gabe finding out his game is done so he went out with everyone else and got drunk and possibly other drugs involved, got home totally out of his head and posted on HL2Fallout forum not knowing what he was doing. Why else would he have done it. Thats if it was real though
 
DeltaBlast said:
It turns out HL2fallout's raw PHP files were up for grabs earlier that day wich contained the SQL passes. With those passes, some person has changed Gabes pass and used his account. I'm sorry to say, but it is indeed, fake.

I hope HL2F takes appropriate action (search through the database for inconsistencies and such, maybe even delete the user DB) before they get back up. As of now, every account there could be taken...
Click to expand...

I agree.

I tried going to fallout yesterday - and it said do you want to download the php files. Someone changed Gabe's pass.

This makes sense, it is indeed fake.
 
Thats at this point only a theory, it hasn't come from HL2F's staff and there's another far more likely theory ;)

EDIT: just ignore that lol
 
eh, not really big news anway. i belive it when VALVe says its gone gold, and not on just one forum ;)
 
You must log in or register to reply here.

Similar threads

B
Barking Dog Studios' work for Valve
Replies
0
Views
12K
Barnz
B
Omnomnick
The "Dota Major Championships" Announced
Replies
0
Views
3K
Omnomnick
Omnomnick
Hectic Glenn
Site Announcement: Munro Leaves ValveTime
Replies
26
Views
5K
Omnomnick
Omnomnick
Omnomnick
UPDATED: Half-Life 2 Coming to Nvidia SHIELD
Replies
9
Views
8K
Sidedraft
Sidedraft
Lobster
[UPDATED] Steam Machine Beta Specifications Released
Replies
8
Views
7K
User With No Name
User With No Name
Back
Top