Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Multiplayer exploit found, can be used to hijack steam accounts. Which games still have this exploit? All of them, including Team Fortress. The emphasis from Valve being to try to fix TF first and leave the others playing catch-up. This is why in the past I was very adamant about getting at-least

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

hopefully valve removes sprays all together, my downloads folder is filled with hentai 2015-09-03 22:59 GMT+03:00 Refeek Yeglek : > Hi, I'm one of the developers for Team Fortress 2 Classic, a source mod > project. Recently, someone abused a bug present in Source SDK 2013

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

> Which games still have this exploit? All of them, including Team Fortress. The emphasis from Valve being to try to fix TF first and leave the others playing catch-up. This is why in the past I was very adamant about getting at-least the OrangeBox games (240 especially) sync'd, if not for the

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

  Hope it will be fixed today. Sent: Thursday, September 03, 2015 at 9:59 PM From: "Refeek Yeglek" <iamgoofb...@gmail.com> To: hlds@list.valvesoftware.com Subject: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts. Hi, I'm one o

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Valentin Puscoi Sent: Friday, September 04, 2015 7:41 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

ds-boun...@list.valvesoftware.com] On Behalf Of Valentin Puscoi > Sent: Friday, September 04, 2015 7:41 AM > > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts. > > > &

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

..@list.valvesoftware.com [mailto: > hlds-boun...@list.valvesoftware.com] On Behalf Of Valentin Puscoi > > Sent: Friday, September 04, 2015 7:41 AM > > > > To: Half-Life dedicated Win32 server mailing list > > Subject: Re: [hlds] PSA: Severe Source SDK 2013 Mul

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

You can tell if sv_allowupload does anything on your engine by checking engine.dll for the presence of the string "ignored. File uploads are disabled!" in engine.dll. If it appears, sv_allowupload is effective. On Thu, Sep 3, 2015 at 1:32 PM, Nathaniel Theis wrote: >

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Note that, depending on the engine version you're on (and even SDK 2013 may not do this, I haven't checked), setting sv_allowupload 0 may do literally nothing; on older versions, sv_allowupload just tells the client not to upload anything to the server. The client can ignore it and do it anyways.

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Actually, it looks like that only affects very old versions, (pre-2009 / aluigi) which have much worse exploits anyways. Sorry for the confusion. On Thu, Sep 3, 2015 at 1:28 PM, Refeek Yeglek wrote: > I'll let the guys on my sourcemod's team who are looking into it know,

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Our guys who decompiled the copy when they got infected figured out it was a very very bad script kiddie thing designed for doing exactly what is going on right now. Lemme go find the name of it, someone posted the name and feature list in the FP thread when we were trying to figure out what the

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

That exploit was fixed long time ago. Someone even made a tempfix: https://forums.alliedmods.net/showthread.php?t=100958 On 3 September 2015 at 21:57, Refeek Yeglek wrote: > 1. we have permission from valve to use it > > 2. this isn't a problem with our code, this is a

[hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Hi, I'm one of the developers for Team Fortress 2 Classic, a source mod project. Recently, someone abused a bug present in Source SDK 2013 MP to distribute viruses to quite a few of our players and developers. The way they did it was by abusing a spray exploit present in the SDK 2013 MP edition to

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

I'll let the guys on my sourcemod's team who are looking into it know, thanks. On Thu, Sep 3, 2015 at 1:26 PM, Nathaniel Theis wrote: > Note that, depending on the engine version you're on (and even SDK 2013 > may not do this, I haven't checked), setting sv_allowupload 0 may

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

How do you know that this is the spray exploit being used? The spray issue is exceedingly difficult to exploit. There's another, very practical RCE exploit I'm aware of, but it requires control of the server. Do you have any samples of the malicious sprays? Thanks, Nate On Thu, Sep 3, 2015 at

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

If, and that's a big if... hold on IF it's the VTF exploit I reported, yes. I'm skeptical that it is, just because of how difficult it is to exploit in practice. It would require very advanced Windows exploitation skills, and suggest a well-motivated, targeted attacker. My hunch is that it's

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Okay, so, going by this forum post ( http://facepunch.com/showthread.php?t=1483571=48603565=1#post48603565) this is a thing called LuminosityLink, which is supposedly some beefy shit in the script kiddie community. On Thu, Sep 3, 2015 at 1:45 PM, Refeek Yeglek wrote: >

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

​I wonder how long it is until some script-kiddie figures-out how to exploit the built-in Streaming (ala https://github.com/ValveSoftware/steam-for-linux/issues/3990). Valve's response when I mentioned it was, effectively "expected behavior"). On Thu, Sep 3, 2015 at 1:45 PM, Refeek Yeglek

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Someone give this man an unusual Finder's Fee On Thu, Sep 3, 2015 at 3:59 PM, Refeek Yeglek wrote: > Hi, I'm one of the developers for Team Fortress 2 Classic, a source mod > project. Recently, someone abused a bug present in Source SDK 2013 MP to > distribute viruses to

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

You'd know if that'd been done as there would be announcements on the various hlds lists about updates for Counter-Strike: Source, Day of Defeat: Source, and Half-Life 2: Deathmatch. However, what he's actually asking is that Valve update the Source SDK 2013 with these fixes so that game

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

I'm not the guy who found it either, I'm just letting you guys know because this is some bad shit and we've already had account hijacks. On Thu, Sep 3, 2015 at 1:06 PM, N-Gon wrote: > Someone give this man an unusual Finder's Fee > > On Thu, Sep 3, 2015 at 3:59 PM,

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

1. we have permission from valve to use it 2. this isn't a problem with our code, this is a problem with the Source SDK Base 2013 Multiplayer that is being distributed on Steam itself. If this was TF2C specific I wouldn't be letting server hosts know to take steps to prevent it happening in shit

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

He is basically saying that the exploits Nathaniel found and reported have only been fixed in Valve's main titles. He hasn't found or reported a new exploit. I think it has been mentioned by KyleS on one or multiple of these mailing lists that these exploit fixes should be ported onto other

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Yeah. The big games have it fixed, sourcemods are at risk here. On Thu, Sep 3, 2015 at 1:34 PM, E. Olsen wrote: > So, to confirm - Team Fortress 2 has already had this exploit fixed, > correct? > > On Thu, Sep 3, 2015 at 4:32 PM, Nathaniel Theis wrote:

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

I don't have a sample, sorry. We're like 99% certain they're using the spray exploit however. On Thu, Sep 3, 2015 at 1:34 PM, Nathaniel Theis wrote: > How do you know that this is the spray exploit being used? The spray > issue is exceedingly difficult to exploit. There's

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

What did you expect, this leaked and illegal version of the Source Engine you're talking of has years of unfixed exploits, obviously such thing was going to happen one day. I'm sure there are lot more exploits that Valve has already fixed. Le 3 sept. 2015 22:47, "Refeek Yeglek"

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

No, just TF has these Remote Code Execution patches. CS:S and friends are still completely vulnerable for the public issues. Don't kid yourself, there's definitely other vulnerable code paths. Personally, I'm disgusted as this has been public knowledge for a year now, the exploits being back from

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

So, to confirm - Team Fortress 2 has already had this exploit fixed, correct? On Thu, Sep 3, 2015 at 4:32 PM, Nathaniel Theis wrote: > Actually, it looks like that only affects very old versions, (pre-2009 / > aluigi) which have much worse exploits anyways. Sorry for the

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

Well you don't have to run valves code. On Sep 3, 2015 9:45 PM, "Refeek Yeglek" wrote: > I shouldn't have to install 3rd party software to secure my servers from > problems with valve's code. > > On Thu, Sep 3, 2015 at 4:32 PM, Kyle Sanderson > wrote:

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

I shouldn't have to install 3rd party software to secure my servers from problems with valve's code. On Thu, Sep 3, 2015 at 4:32 PM, Kyle Sanderson wrote: > No, just TF has these Remote Code Execution patches. CS:S and friends are > still completely vulnerable for the

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

It's not just Valve games. They've also not disclosed any of these issues nor fixes to at least some developers of third-party Source games, leaving those completely vulnerable as well. -- Nicholas Hastings Developer GameConnect http://www.gameconnect.net/ >

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

So, ok wait. Now I am more confused than when the thread started. Which games still have this exploit? - TF2? = No/fixed? - DoS:S = ? - CS:S = ? - HL2MP: = ? - Mods like FoF, etc. = ? Is that old "exploit fix" SourceMod plug-in a fix or not? (it seems old from 2009). On Thu, Sep 3, 2015 at 6:55

Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts.

It's not just Valve games. They've also not disclosed any of these issues nor fixes to at least some developers of third-party Source games, leaving those completely vulnerable as well. -- Nicholas Hastings Developer GameConnect http://www.gameconnect.net/ >