The importance of being secure...

J

Joovilhar

Guest
I've spent the last 20 minutes or so browsing this forum, having followed a link from theregister.co.uk.

Across several threads, I've read cries of "Oh my god, how terrible! The fiends must be caught!" and similar protests. But I must say that I'm appalled at the lack of security at Valve. Without which, I might add, the hackers would not have succeeded. If I were in the entertainment business, and had to worry about the security of a project with as high a profile as Half-Life 2, I would have outlawed MS Outlook (and probably even Windows, too - except for build and test machines) from the very beginning. Or at the very least isolated all machines with access to source code from the Internet. That's just common sense, duh. In the past, I have worked for govornment organisations - and they take security seriously. No external internet access if you don't have a business need for it - and you'd better ditch IE if you do, because Netscape is all you're using inside of company premises. That's common sense in the public and private sectors of IT.

What really amazes me is that Valve had a network that was so insecure that you even managed to have a hacker implant keystroke-monitoring software on several of your machines? Oh my god, it's a miracle you're still in business! If your network admin is so incompetent, how can you be sure that the source code is all you had leaked? If I had been in your shoes, I would have changed passwords and demanded a full audit on all machines at the slightest sign of suspicious activity.

Of course, hindsight is always 20/20 vision ... but some things have been known for a while. The Blaster virus and its variants have posed some of the biggest threats to Windows users recently, and as a high-profile developer, Valve, you should not have been so complacent. Mere firewalls are not enough to prevent hackers getting into your organisation - this has hardly been a secret. Thanks to the Microsoft Windows platform and the proliferation of Outlook and Outlook Express (both of which have had several known issues with security for MONTHS now), hacking into any organisation these days is child's play.

I'm probably going to get flamed for this, but to be truly honest I really don't care. I might appear unsupportive to Valve, but that would be a mistake in judgement on your part. I will be buying HL2 when it comes out, but I would hope that Valve makes sure that no trojans were implanted in the software (I just hope your software configuration management practices aren't as crap as your security practices) - because I can imagine a lot of hacked-off customers sueing Valve if an embedded virus started formatting all their hard discs. We live in an age where class-action lawsuits are a very real threat to any organisation. To Valve, this e-mail might seem like a kick in the teeth - but frankly, I am the least of your worries. You need to look after your customers' interests better.
 
We don't know what exactly happened but you do have a valid point, many others have also discussed this. But look at it this way: they will learn from their mistakes, and so will other major developers.

What was that Nofear t-shirt proverb: what doesn't kill us makes us stronger?... I think that's the jist of it : )
 
you must remember, this has never happened before. no one in gaming history has EVER hacked into a company and stole the game/source before.
 
Originally posted by Necro
you must remember, this has never happened before. no one in gaming history has EVER hacked into a company and stole the game/source before.
Click to expand...

Are you sure about that?

Just because groups have the source of some games, doesn't mean that they will release it.
 
Congratulations, you have passed internet security 101. Of course you FAIL comptuer programming. If everything was going to be A+ secure we'd all be using Linux right now and this would never happen. Sorry though, MS has a monopoly on the operating systems of the world and therefore, we all develop and work with MS products. They sure as hell did their best with security or you would've seen the leak months ago. So all your whining and bitching?

Pointless.

If someone wants to hack into your system badly enough, it's GOING TO HAPPEN. Regardless of what you do. This person or persons were obviously intent on hacking in through the various methods they applied to get through the security. So before you go off on a tirade of how much you know about hackers and how "weak" Valves security is, use a little more common sense and a little less "I've got my degree in XYZ".
 
Wow Joovilhar, I'm so glad you took the time to post this thread, because who knows who may have missed the other thousand threads with the exact same message?
 
Originally posted by corpheous
Congratulations, you have passed internet security 101. Of course you FAIL comptuer programming. If everything was going to be A+ secure we'd all be using Linux right now and this would never happen. Sorry though, MS has a monopoly on the operating systems of the world and therefore, we all develop and work with MS products. They sure as hell did their best with security or you would've seen the leak months ago. So all your whining and bitching?

Pointless.
Click to expand...
*raises an eyebrow* Whining and bitching? Where? For your information I couldn't care less how long Valve takes to develop HL2 or how many dollars they lose in the process of sifting through their code to make sure someone hasn't put an early Christmas gift in (let's face it, if they have had keystroke monitors in, it's a fair bet the hackers have most, if not all, of Valve's internal passwords). Let's get one thing straight from the start - I'm not THAT desperate to get my hands on HL2, as the time I spend playing computer games doesn't actually amount to much. This might come, uh, as a big shock to you ... but I actually have better things to do in my life than play computer games. Yeah, I'm talking to you.

If your dig at my computer programming was supposed to be clever, well, I'm afraid I probably have the last laugh. I come from a software engineering background (although mine is from the "real world", rather than that of entertainment). I am currently a software configuration manager, release engineer and system administrator, and I deal with software developers every day. Even though I have also developed on Windows and other platforms, including several variants of UNIX - and Linux. I'm afraid I must reject what you have to say about security getting in the way of programming. There are a lot of secure companies out there who simply do *NOT* connect secret development machines to the internet. Firewall or no firewall. Whether or not they develop on Windows. I know, because I've seen them.

Your idea of switching everything over to Linux was your idea, not mine. So don't tar me with the brush of your limited imagination, please. You could easily be secure enough with two machines for every developer with a business need to access the Internet (one Linux/UNIX box with mail client, browser, etc) - and a Windows box, completely isolated from the external internat AND any Linux boxes... For those with an absolute need to browse the net on a Windows machine, you can always set up either a couple of Internet-connected Windows PCs in a common area, or offer Windows over Citrix Metaframe. That's how the real world does it.

If someone wants to hack into your system badly enough, it's GOING TO HAPPEN. Regardless of what you do. This person or persons were obviously intent on hacking in through the various methods they applied to get through the security. So before you go off on a tirade of how much you know about hackers and how "weak" Valves security is, use a little more common sense and a little less "I've got my degree in XYZ".
Click to expand...
You know, I'm really glad you (seem, at least!) to work in the entertainment industry and not for something REALLY important like a nuclear power station, military installation or something similar. God help us all if you did. I suppose the words "mission-critical" and "must not fail" aren't that familar to you? Of course, the weakest point in any security is always the human element, but what surprised me in Valve's case was that it was done almost entirely with Microsoft's help (i.e. their bug-ridden products) and very little human interaction at all. For situations where the human element is unavoidably involved, even non-military employers do a check on your character and background these days. Those who don't either don't plan to put you anywhere near sensitive information or don't really care about their security in the first place. What disturbs me most though, is your "throw your hands up in the air and accept it" attitude. I'm afraid I don't, and can't, accept that. And if anyone had that kind of attitude where I work, they'd be unemployed very quickly. In case you hadn't noticed, there's a recession out there and a shortage of employment. Corporate espionage is as real and damaging a threat as ever, so idiots need not apply.

What's this about my degree, btw? You seem to know an awful lot about it, considering I can't remember mentioning it anywhere on this forum.

Originally posted by Dr-X
Wow Joovilhar, I'm so glad you took the time to post this thread, because who knows who may have missed the other thousand threads with the exact same message?
Click to expand...
Sorry, mate. Must have slipped me by. As I said, I only spent 20 minutes here because I followed a link - not my life. Again, that might come as a surprise to some folk here.

Since I don't want to get involved further (I've already spent WAY too much time on this topic) with what appear to be some extremely petty-minded indviduals, you'll excuse me if I take an extended leave of absence from this forum. I've made my point, after all - to those who can understand it. To those who can't, I'm afraid I'm out of patience.
 
You must log in or register to reply here.

Similar threads

Ennui
HL2 20th Anniversary Update + Documentary
Replies
8
Views
407
Xtremecherry95YT
Xtremecherry95YT
Teta_Bonita
I made contact with a DEMON?!
Replies
4
Views
263
Mr Stabby
Mr Stabby
Terminator
Long time...
Replies
16
Views
1K
Xtremecherry95YT
Xtremecherry95YT
Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
Lizardizzle
2019: The year of Half-Life SFX videos
Replies
4
Views
2K
Ennui
Ennui
Back
Top