Look in title

felix hugo fraldarius eredeti hozzászólása:

Brockenstein eredeti hozzászólása:

Blind leading the blind...

By someone with more imagination than expertise.

so you think this is nothing to worry about then??????

Well think of it this way, all the software out on Github that anyone can view. And all that software is vulnerable and we shouldn't use it because someone can see the source code?

You may not want everyone seeing your source code because it's proprietary. But that's a property issue, or a financial issue. It's not necessarily a security issue. There's plenty of open sourced games, or games whose source code has been released. Those games aren't really more dangerous to play even though anyone can see that sweet sweet source code.

The fact most game company's keep their code private doesn't mean that privacy is for the benefit of player safety. And even if you want to argue that the sourcecode will enable a whole slew of cheats and whatnot. Well the game can still be patched as needed. We're talking about annoyances. Not dire danger...

Possible vulnerability allowing for remote code execution found in the source code, no idea why you assume unless you go checking.

Look in other thread.

Brockenstein eredeti hozzászólása:

felix hugo fraldarius eredeti hozzászólása:

so you think this is nothing to worry about then??????

Well think of it this way, all the software out on Github that anyone can view. And all that software is vulnerable and we shouldn't use it because someone can see the source code?

You may not want everyone seeing your source code because it's proprietary. But that's a property issue, or a financial issue. It's not necessarily a security issue. There's plenty of open sourced games, or games whose source code has been released. Those games aren't really more dangerous to play even though anyone can see that sweet sweet code.

The fact most game company's keep their code private doesn't mean that privacy is for the benefit of player safety. And even if you want to argue that the sourcecode will enable a whole slew of cheats and whatnot. Well the game can still be patched as needed. We're talking about annoyances. Not dire danger...

better way of looking at it
thank you for the info
helps me be less worried about this

TheMemeSniper eredeti hozzászólása:

Don't play Source engine based games!

Valve has apparently recently been hacked. Source code was leaked, turn off auto updates PLEASE.

E a r t h is c o l l a p s i n g.

Did the moon people hack valve and steal their pot of gold?! Find out next time on Dragonball Z!

Spawn made a pinned thread in the CS:GO forum about it...

https://steamcommunity.com/app/730/discussions/0/2263565217499529293/

i dont foking care...i got VAC

There won't be much clarity until Valve makes a say in it.

No one will believe right information, and in fact will value misinformation because of the fear that takes control of their peace of mind.

Get ready to deal with the gross amount of thread merging.

i can play csgo?

Did somebody say virus? eredeti hozzászólása:

davidb11 eredeti hozzászólása:

That would cause way too many problems. I don't think you get how that makes no sense to even suggest.

I don't care if people are freaking panicking over this, at the end of the day, this is nothing.

Guys let the people who started this fix it.Just wait for valves news network.

Steam news. .............heh hehheh

The Open Source Movement[en.wikipedia.org] is a growing group of programmers who feel that the source code should always be made available to end users so that they can learn from, improve on and expand on the software as-is.

Ever heard of Linux[en.wikipedia.org]? It's a Unix-like operating system which has a very specific aspect to it: the full source code to the entire OS is available for anyone who wants to have it. And just to satisfy the nerd in me: FreeBSD[en.wikipedia.org] is also an operating system which source code is fully available and which is also a direct ascendant from BSD Unix, a true Unix version which was used back in the 80's.

Yet despite the fact that both operating systems can be fully dissected they have a reputation of being extremely secure. Heck... OpenBSD[en.wikipedia.org] is a BSD variant which solely focuses on security and data protection and despite its source code being fully out in the open it hasn't been compromised in years.

Or better... what to think about data security software such as GPG - the GNU Privacy Guard[en.wikipedia.org]?

If the availability of source code would automatically result in a less secure setup then projects such as GPG and OpenBSD wouldn't exist today, not to mention that OpenBSD wouldn't have the impressive record that it has: Only 2 remote holes (backdoors) in ages....[www.openbsd.org].

Of course... these projects were set up with the sole intend of sharing the source code, the so called "code quality" more or less relies on the fact that "many eyes" go over the source code which can (and usually does) lead to better improvements. This concept also more or less implies to GitHub.

And that's where the nastiness comes into play... I don't necessarily share the optimism shown above. Because, once again, these projects were build upon sharing code. If source code which has been kept private leaks then that also means that there is definitely a reasonable chance that people will be able to find and exploit bugs.

See, the main difference between open source & closed source is that with the latter you can most likely forget about the community giving back, they will simply take for themselves.

Is this reason for panic?

And this is the real deal: if you haven't seen or studied the source code yourself there's no way to tell. THAT's the real answer here. Once again: GitHub projects were set up with the intend to share code, this project obviously wasn't. So it's like comparing apples & oranges.

It's also not uncommon for programmers and admins to rely on the shady "security through obscurity" concept. In other words: as long as people don't know about a backdoor then there's no issue... and they won't find out because your code is safely locked up... So the security "model" if you will relies on keeping your code hidden away. "Security" build on people being unaware ("obscurity").


In my opinion it's better to assume that foul play can emerge from this. But I sincerely doubt that this will extend beyond in-game problems. So don't expect evil hackers to take over your computer because they have seen the source code for the game you're playing. Even if there was a huge gaping security hole then you normally don't run games as administrator, meaning that the game process is limited to the things it can do.

But in the end... there's no way to be sure. ...unless you study the code yourself. Which is a lot harder than it may sound.

Well more text equals more expertise right?

If someone wants to believe leaked source code might make them vulnerable and say there's no way to be sure unless you study it yourself. I'll say sure.... but if you believe those risks exist in the current code, those issues can be found and exploited without the source code. And why are you running any software you haven't personally vetted if that's what you're preaching now?

I mean that's where that sort of "you can't be too careful" hyperbole falls apart. There's always "some" risk running programs if you want to get pedantic about it. But it's not practical to treat every bit of software like a serious risk. A shoddy insecure and vulnerable program is so regardless of whether its source code is visible or not. Does being able to view the source code make you more vulnerable? Maybe, I guess. If you think that's the only way bugs and exploits are ever found.

I don't think the security through obscurity idea applies here though because if there's one thing source based games aren't is obscure. They are so popular and so visible and opportunists and cheat makers are beating on the gates hard, constantly, that relying on that sort of thinking would be madness. And if you believe that's what Valve is doing, what are you doing running their software?

I think for a lot of people, un-compiled source code is this magical thing and anything is possible once magic gets involved. The reality is a little more mundane though.

Brockenstein eredeti hozzászólása:

but if you believe those risks exist in the current code, those issues can be found and exploited without the source code. And why are you running any software you haven't personally vetted if that's what you're preaching now?

Once upon a time players believed that their data was safe with Sony, the Playstation network in specific. After all: such a multi-million dollar company running a private console network for gaming should have all the financial means to ensure that their setup was in tip top shape.

And then we had the Playstation network break-in[en.wikipedia.org] which learned us that Sony kept a lot of data, including passwords, in unencrypted files.

And this is just one out of dozens of examples where huge companies ended up seeing their ICT infrastructure getting compromised which learned us that their promised security measures were "inadequate" to put it mildly.

So yes... There definitely can be a danger here, depending on the state of said source code. Never underestimate the stupidity levels some companies can steep too.


Over here in Holland they're trying to get "Corona apps" launched because this is said to help stop the virus or something. I won't go into those details but surprise surprise... one of the apps had a small issue: thousands of personal records were found in their source code... source[nos.nl] (an official Dutch news outlet I might add....).

Yah, this topic happens to cross my profession and if there's one thing I learned in the past 30 years it's to never assume yet also never to underestimate the amount of stupidities that may be involved with "professional" ICT projects.