Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security Entertainment Games

Team Fortress 2 Source Code Leak Raises Security Fears (techradar.com) 12

"The source code for Team Fortress 2 has apparently been leaked, leading to hackers reportedly able to deliver malware through Remote Code Execution to other players," reports TechRadar. However, Valve assures users that playing on official servers is perfectly safe. From the report: This leak was initially reported by @SteamDB on Twitter, with the source code in question dating back to 2017 and 2018, affecting Counter-Strike: Source and Team Fortress 2. According to a report on the issue from PCGamesN, several Team Fortress 2 server communities have advised players to avoid the game until further notice.

Valve has reached out with a comment, saying "We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security)." Valve goes on to clarify that it's investigating the problem and anyone who has any information can report it on Valve's security page, which will explain how to fix the issue.

This discussion has been archived. No new comments can be posted.

Team Fortress 2 Source Code Leak Raises Security Fears

Comments Filter:
  • Oh no! The Obscurity Field is down! The enemy might notice our many weaknesses and attack!

    I always suspected that game was just a Stargate Atlantis knockoff.

    • Stargate Atlantis? No. Just . . . no.

      And it's "fake news", apparently the sourcecode leak was for a build of CS:GO from 2017, NOT TF2. They do have some shared engine internals, so if there are RCE opportunities embedded in those code segments then TF2 might be affected. It's going to be a bigger problem for CS:GO though.

      Source-based games have had RCEs in the past, so yeah, there was some security-by-obscurity going on there. It's reasonable to assume that Valve just didn't want to put in the time to r

    • Oh no! The Obscurity Field is down! The enemy might notice our many weaknesses and attack!

      People who decry security by obscurity fail to realise that obscurity is a form of security, just not a mathematically solid one. Kind of like how closing the curtains prevents a would be thief from seeing the motions sensors installed in the room, obscurity is an additional hurdle that needs to be passed.

      The only time it makes sense to criticise security by obscurity is if that is the only form of security in place. It's a weak layer, but a layer none the less, just like a lock on the front door which won'

      • by tlhIngan ( 30335 )

        People who decry security by obscurity fail to realise that obscurity is a form of security, just not a mathematically solid one. Kind of like how closing the curtains prevents a would be thief from seeing the motions sensors installed in the room, obscurity is an additional hurdle that needs to be passed.

        The only time it makes sense to criticise security by obscurity is if that is the only form of security in place. It's a weak layer, but a layer none the less, just like a lock on the front door which won'

  • behind the person who leaked it and the SJWs who exposed him, and the hacker who gave him the code and tried to murder his girlfriend. There is a bigger story behind all of this.

    https://www.oneangrygamer.net/... [oneangrygamer.net]

  • by hcs_$reboot ( 1536101 ) on Wednesday April 22, 2020 @11:57PM (#59978774)
    Aren't these people using git, with nominative access, allowing someone to only view the code they are working on?
  • by DrMrLordX ( 559371 ) on Wednesday April 22, 2020 @11:58PM (#59978784)

    https://www.pcgamer.com/team-f... [pcgamer.com]

    Apparently the leak is predominantly a CS:GO build from 2017 or so. The TF2 code in the leak is allegedly much older.

    "Update: Valve says it has reviewed the code in question—which comes from CS:GO, but includes very old pieces of Team Fortress 2—and does not consider it dangerous. However, it will "continue to investigate.""

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...