Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Games

Valve Says It's Safe To Play CS:GO and TF2 After Source Code Leaked Online (zdnet.com) 27

Valve told ZDNet today that it's safe to play games like Counter-Strike: Global Offensive and Team Fortress 2 even after their source code leaked online this week on 4chan and torrent sites. From a report: The leak has caused panic in the two games' online communities. For most of the day, gamers have been warning each other that hackers may develop exploits based on the leaked source code that may be used to hack computers connecting to CS:GO and TF2 servers. Warnings have been circulating all day on Twitter and on the official /r/counterstrike and /r/tf2 subreddits.
This discussion has been archived. No new comments can be posted.

Valve Says It's Safe To Play CS:GO and TF2 After Source Code Leaked Online

Comments Filter:
  • Disassembler (Score:5, Insightful)

    by reanjr ( 588767 ) on Thursday April 23, 2020 @01:15PM (#59980918) Homepage

    Wait until these guys hear about disassemblers. They're gonna flip the fuck out and never play video games again.

    • Considering that TF2 was hit *very hard* by this leak.... essentially unplayable with all "official valve servers" getting creamed....

      ...I dont think disassemblers are a worry, since that was always possible. Its was only when the leaked source code went widespread that this happened.
      • Unplayable how?

        • Re: (Score:2, Funny)

          They took away all the grenades, killed conc jumping, made the fast classes slow, nerfed all the good weapons, made HWGuy too powerful, and gave it a comic book kind of theme. Basically, they gave in to 200% of the noobs' complaints about TFC.
          • As in they made a mod or they managed to find a way to hack servers outside of their control?
          • Basically all the things wrong with Team Fortress around 1999-2000. Medics on a CTF map dropping a conc grenade and jumping all the way across the map.

          • by Aereus ( 1042228 )

            What if I told you TFC was a poor man's TF1, and the term TFC was a misnomer?

        • Things like lag bots bringing down servers with messages such as "Overwatch is better" as the last thing you see....
        • Bots would join a server and if you attempted to kick it, it would crash the server. TF2 was practically unplayable for almost a week.
          • That was unrelated to the source leak. That's an old exploit in Source engine server software that has been used against CS:GO before. Valve patched that out.

      • Re:Disassembler (Score:4, Informative)

        by lgw ( 121541 ) on Thursday April 23, 2020 @03:10PM (#59981396) Journal

        ...I dont think disassemblers are a worry, since that was always possible. Its was only when the leaked source code went widespread that this happened.

        OPs point was that "having the source code" simply isn't that valuable to hackers. In general this is true: if an attacker can spot a bug by looking at the source code, the developer could have spotted and fixed the same bug, so source code is only useful to attackers where you expect the dilligence of the devs to be very low (at which point, you won't need the help of having the source code).

        Fuzzing attacks and just generally iterating through all commonly successful attack vectors is the normal strategy of both attackers and pen testers, because that's what works. Once you have a basic understanding of the protocol, which even if it's proprietary is usually pretty obvious, then just plugging in random values and known "people usually screw this up" values can be done very fast and efficiently by automation.

        So, for the same reason you should never feel confident just because you don't see any security bugs in your own source code, it's usually not that worrying when an attacker gets access to your source code. Sure, it does help the attacker a little, but compared to the usual set of tools available to find exploits and crashes, poring over the source code isn't all that great.

        • by tlhIngan ( 30335 )

          It's less about security bugs and more about cheats. Bugs in the source code that may potentially allow for bots and such to run undetected by VAC and other anti-cheat systems.

          Because really, that's the big problem with multiplayer games. If you want to load a bunch of malware onto someone's computer, it's a little easier to convince them to connect to a rogue server that serves up a malware mod - most games will download and run such mods blindly.

          But cheats are the big one - if you can see the source code,

          • This is where community run servers come into play, like they have since the inception of internet gaming. You see a problem, you report it in the community IRC, and someone validates and bans. Quake's source code has been out for ages
          • by lgw ( 121541 )

            Sure, that makes sense, but people weren't playing because they were worried about being hacked, which is a bit silly. Sure, the potential is there, as anti-cheat systems are typically rootkits already, so an attacker could get root through a game client, but the source code leak isn't a material additional risk.

            Of course, you never want to do anything financial on a gaming computer.

  • Of course (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Thursday April 23, 2020 @01:29PM (#59981006)

    I'm confident that any financial stake Valve has in keeping players subscribed to these games has no relationship with their statement that continuing to play these games is safe.

    • Re:Of course (Score:5, Informative)

      by Nidi62 ( 1525137 ) on Thursday April 23, 2020 @01:30PM (#59981010)

      I'm confident that any financial stake Valve has in keeping players subscribed to these games has no relationship with their statement that continuing to play these games is safe.

      Both games are F2P, especially as long as you don't care about cosmetic crap.

      • Neither game was F2P originally. A big "fuck you" to those that paid for them.
        • by Nidi62 ( 1525137 )

          Neither game was F2P originally. A big "fuck you" to those that paid for them.

          Well, TF2 came out in 2007 and CS:GO came out in 2014. So it's not egregious that they would be free at this point. Hell, I have 638 hours in CS:S (plus who knows how many in 1.6) and only just started playing CS:GO a week or 2 ago for a couple hours.

        • Are Stream sales a big "fuck you" to people who bought the game at the original price as well? I think TF2 launched well before the freemium model even really existed and was just packed in as a part of The Orange Box. I think it's pretty hard to attribute any kind of malice to Valve on this one.
        • by ftobin ( 48814 )

          Believe me, I got my money's worth from the Orange Box many times over. Half-Life 2 and TF2 in one package? That's a deal and a half.

        • Neither game was F2P originally. A big "fuck you" to those that paid for them.

          A "fuck you" for those people who got to enjoy the game for a full 5 years before those too tight to fork our $30? I don't feel fucked having played it for several hundred hours before the freeloaders came along.

    • BRB, gotta go register ReopenValve.com.
  • by Lohrno ( 670867 ) on Thursday April 23, 2020 @02:00PM (#59981168)

    CS:GO is still unplayable, but that has more to do with being CS:GO than source code leaks.

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...