CorruptedPolygon
Club 4000 Member
don't you want to be someone forever?
Posts: 4,549
| Likes: 1,999
IGN: CorruptedPolygon
Old IGN: ChaotixSuccs, ResidentMemelord, Chaotix_, UltimaTheHawke, transformas12345
Discord: Chaotix#3215
Birthdate (MM/DD): 08/03
|
Post by CorruptedPolygon on Apr 22, 2020 18:43:38 GMT
Team Fortress 2 and Counter-Strike: Global Offensive's source codes from 2017/2018 have been leaked online. Supposedly they've been leaked by an associate of Tyler McVicker (you may know him as Valve News Network). With the source code being leaked, a remote code execution vulerability could be discovered allowing the hacker to gain access to your game (and possibly PC, though there's currently a lot of misinformation out there so I couldn't verify this). Since this is a vulnerability regarding Source itself, it's advised to stay away from playing any Source games online. This includes, but not limited to:
- Team Fortress 2
- Counter-Strike: Global Offensive
- Counter-Strike: Source - Left 4 Dead - Left 4 Dead 2 - Portal 2 - Garry's Mod - Insurgency - Day of Defeat: Source - Fistful of Frags
Some of these games may have it patched, some might not have. Either way, it's better safe than sorry. Source games played offline should be perfectly safe (such as Portal).
Dota 2 and Dota Underlords need not apply, since they run on Source 2.
Here's a good Twitter thread detailing the situation about how the source codes were leaked:
[UPDATE | 10:54 PM] The CS:GO Twitter account has responded to the source code findings and have concluded that there is currently nothing to worry about in the official build. This does not apply for Team Fortress 2 and there is currently no response from either their Twitter account or an official blog post.
So far however, it's very unlikely that an RCE has been discovered. If there is one, there's more incentive to report it to Valve's HackerOne bug bounty program.
[UPDATE | 8:46 AM]
The TF team have finally responded, basically repeating what the CS:GO team had to say on Twitter. In short, you'll be fine.
Apologies for any misinformation caused by this thread.
|
|
square
Veteran Member
Asst. Creative Designer
Posts: 1,294
| Likes: 1,291
|
Post by square on Apr 22, 2020 18:46:00 GMT
that's what happens when you are transphobic and dislike when you're kicked out by a trans person /shrug
|
|
|
Post by Polaris Seltzeris on Apr 22, 2020 18:56:36 GMT
Valve's fault for any exploits, that's why you don't let the client run arbitrary code from the server.
|
|
tozzit
Veteran Member
Posts: 2,329
| Likes: 1,709
|
Post by tozzit on Apr 22, 2020 19:01:06 GMT
source games ded
|
|
Super
Veteran Member
Retired Senior Admin
Posts: 2,322
| Likes: 1,197
|
Post by Super on Apr 22, 2020 19:16:42 GMT
Valve's fault for any exploits, that's why you don't let the client run arbitrary code from the server. Talking about the VAC system?
|
|
CorruptedPolygon
Club 4000 Member
don't you want to be someone forever?
Posts: 4,549
| Likes: 1,999
IGN: CorruptedPolygon
Old IGN: ChaotixSuccs, ResidentMemelord, Chaotix_, UltimaTheHawke, transformas12345
Discord: Chaotix#3215
Birthdate (MM/DD): 08/03
|
Post by CorruptedPolygon on Apr 22, 2020 19:21:17 GMT
Valve's fault for any exploits, that's why you don't let the client run arbitrary code from the server. Talking about the VAC system? VAC is a fucking joke before this whole source code thing you'd see a cheater in nearly every game (they would be kicked though) and earlier this month they crashed servers before valve finally patched it
|
|
|
Post by Polaris Seltzeris on Apr 22, 2020 19:29:03 GMT
Valve's fault for any exploits, that's why you don't let the client run arbitrary code from the server. Talking about the VAC system? I'm referring to basic client-server security, there should not be remote code execution vulnerabilities in the client. This is a negative of security through obscurity because it's awful to know that all of this time such an exploit existed where presumably the client is evaluating code sent from the server, which can be manipulated by people who know what they're doing.
|
|
CorruptedPolygon
Club 4000 Member
don't you want to be someone forever?
Posts: 4,549
| Likes: 1,999
IGN: CorruptedPolygon
Old IGN: ChaotixSuccs, ResidentMemelord, Chaotix_, UltimaTheHawke, transformas12345
Discord: Chaotix#3215
Birthdate (MM/DD): 08/03
|
Post by CorruptedPolygon on Apr 22, 2020 20:14:37 GMT
[EDIT 09:13 PM] Crossed out a bunch of misinformation. At the moment it should theoretically be fine to play on other Source games online as the source code for Source has not been leaked, only the source code for TF2 and CS:GO (which was the main point of the thread). I originally thought that since all those games use the same engine that they could've been affected indirectly because of the leak but after talking with a few friends that might not be exactly correct.
|
|
CorruptedPolygon
Club 4000 Member
don't you want to be someone forever?
Posts: 4,549
| Likes: 1,999
IGN: CorruptedPolygon
Old IGN: ChaotixSuccs, ResidentMemelord, Chaotix_, UltimaTheHawke, transformas12345
Discord: Chaotix#3215
Birthdate (MM/DD): 08/03
|
Post by CorruptedPolygon on Apr 22, 2020 21:54:59 GMT
[UPDATE | 10:54 PM]
The CS:GO Twitter account has responded to the source code findings and have concluded that there is currently nothing to worry about in the official build. This does not apply for Team Fortress 2 and there is currently no response from either their Twitter account or an official blog post.
So far however, it's very unlikely that an RCE has been discovered. If there is one, there's more incentive to report it to Valve's HackerOne bug bounty program.
I have also reworded the thread a little bit as there is no RCE exploit currently. There may be one in the future though.
|
|
CorruptedPolygon
Club 4000 Member
don't you want to be someone forever?
Posts: 4,549
| Likes: 1,999
IGN: CorruptedPolygon
Old IGN: ChaotixSuccs, ResidentMemelord, Chaotix_, UltimaTheHawke, transformas12345
Discord: Chaotix#3215
Birthdate (MM/DD): 08/03
|
Post by CorruptedPolygon on Apr 23, 2020 7:46:17 GMT
[UPDATE | 8:46 AM]
The TF team have finally responded, basically repeating what the CS:GO team had to say on Twitter. In short, you'll be fine.
I'm requesting a lock since there's no more risk involved playing TF2 or any other Source game for that matter..
|
|
Premintex
Club 4000 Member
Coward
Posts: 5,408
| Likes: 2,485
|
Post by Premintex on Apr 23, 2020 7:53:14 GMT
Docking
|
|