Exactly, but seeing as how we're programmers, people who SHOULD be interested in computing, learning about computers, SHARING KNOWLEDGE ABOUT COMPUTERS...hiding away an exploit is an evil thing to do.
Besides, in most cases its even more of a problem....for example back in the days of Quake 2, a version of the dedicated server crashed if it was sent an info string that was too long (just a buffer overflow) The people that found it didn't publish the bug and it took id about 2 weeks to track down the problem and fix it..(since they had to attract the attackers to crash their server & generate debug info) david -----Original Message----- From: Kuja [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 28, 2002 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [hlcoders] Anti-cheat code in mods Importance: High Then you have astalavista, that releases the exploits before they are widely known, to help network admins and so on to fix them themselves. Releasing the source to an exploit is a double bladed knife ( see: dagger ). It may force people to fix the bug but it may also cause more harm in allowing users to take advantage of it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Flor Sent: Sunday, April 28, 2002 1:29 PM To: [EMAIL PROTECTED] Subject: RE: [hlcoders] Anti-cheat code in mods There's a difference in making people aware that an exploit exists and spoon-feeding the exploit to everyone. Take SecuriTeam, for example ( http://www.securiteam.com/ ). Yes, they post exploit code, but they usually do it months after the exploit has been acknowledged, and well after a patch has been made available. Providing an exploit to the public invites people to take advantage of it, irrespective of how long it takes the developer to fix. As for "...creating immense pressure on a company to fix their software immediately...", you've never been a corporate developer, have you? It's not like they can whip up a patch and distribute it to the world in an hour; it has to go through thorough investigation, go through respective Quality Assurance teams, and undergo a Beta deployment process. Now that it's been so thoughtfully released to the public, you now force the company to push this fix through the process as fast as is humanly possible. What kind of product quality can you expect from it then? If Microsoft released patches so quickly, the chaos they would cause with software not suffciently tested would be catastrophic. Not to mention that Microsoft is reportedly on a 24 hour development/testing schedule anyway (developers come in in the morning, the build takes several hours, and testing occurs later the same day, or something like that) and has twenty times the amount of programmers and testers that Valve has. Also, do keep in mind the Valve is actively working on the product. Stopping current development to fix something usually means they may have to roll back or disable new functionality so as not to cause further problems to the public. That, in and of itself, takes time as well. BTW: When you "...see all of the latest Microsoft cracks on CNN...", that's usually because Microsoft has already released a patch. If CNN posted details of an exploit that had no solution, they would get hit with multiple lawsuits the likes of which you cannot possibly imagine. I've found exploits, cheats and bugs before. I remember long ago the bug that typing a certain command would cause any Half-Life server to instantly crash. It wasn't common knowledge, and thank God for that, but Valve was made aware of the situation through private communications and the problem was subsequently fixed without any mention of it anywhere. Tnx & Rgds... David "Nighthawk" Flor - [EMAIL PROTECTED] Lead Programmer, "The Opera" - http://opera.redeemedsoft.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Miguel Aleman Sent: Sunday, April 28, 2002 12:30 AM To: [EMAIL PROTECTED] Subject: Re: [hlcoders] Anti-cheat code in mods Flor, thats usually how you get something fixed. One person finds an exploit, posts it somewhere. The community the spreads it around, creating immense pressure on a company to fix their software immediately. If we didn't see all of the latest Microsoft cracks on CNN, do you think that company would be so active in trying to fix them? -z80x86 ----- Original Message ----- From: "David Flor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 27, 2002 3:12 PM Subject: RE: [hlcoders] Anti-cheat code in mods > And now that the cheat code references have been posted on this thread > for all the world to see, I'm sure we can thank you for the wonderful > gaming experiences we will now have... > > Christ, people; if you've found an exploit, don't post it or links to > cheat sources on a PUBLIC LIST!!! > > "Common sense is not so common..." > > Tnx & Rgds... > David "Nighthawk" Flor - [EMAIL PROTECTED] > Lead Programmer, "The Opera" - http://opera.redeemedsoft.com/ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Tom > Sent: Saturday, April 27, 2002 4:56 AM > To: [EMAIL PROTECTED] > Subject: Re: [hlcoders] Anti-cheat code in mods > > > lol, another one of valves "great" systems bites the dust within a > week > > ----- Original Message ----- > From: "Jonah Sherman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, April 27, 2002 7:28 AM > Subject: Re: [hlcoders] Anti-cheat code in mods > > > > The "protection of client.dll" is nothing more than a RC4-hybrid > > which > > > is easy to find. entire loader: > > ... > > proof its not even a halfass fix: > > ... > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
