Half-Life 2 gold hoax: what really happened

[Varsity]

Apologies for the new thread, but it beats spamming this in every existing thread on the subject.

Earlier today, HL2 Fallout began puting out uncompiled PHP source code instead of web pages due to a server misconfiguration. This allowed anyone to see all the passwords on the site for all usernames, site databases and so on. The entire site was wide open.

The hole was closed, but not before someone downloaded the appropriate parts of the code and found Gabe's password (which incidentaly was not gaben, based on the fact that none of the millions of would-be script kiddies guesed it, and that all we have is the word of whoever stole the account in the first place). He then waited for the problem to be fixed, changed the password and posted with the account.

There was no guessing Gabe's password. Somebody simply went in and grabbed it.

Edit: HL2 Fallout is back up and makes no mention of a PHP leak. Seems odd, with the amount of the stuff I've seen flying around. I'll look further into it.

Second edit: DaCoOlNeSs has just pointed out that gaben is too short (min 6 chars), further discrediting the rumour.

Edited September 2, 2004 by Varsity

[kairon]

I hope that ###### burns eternally in hell getting raped by Ron Jeremy.

[lnmnky]

Cheers V.

[GodsHand]

That's a B.S. story. If that's what they're saying that happened, definitely bull. Gabe is probably telling them to make up a B.S. story so he doesn't look like an ass.

[SimplyPotatoes]

That's a B.S. story. If that's what they're saying that happened, definitely bull. Gabe is probably telling them to make up a B.S. story so he doesn't look like an ass.

not really, that and passwords were all over bad websites.

[S.MULLA]

at last a basic post that tells me what really happened.. :yes:

[LOC Veteran]

I hope that ###### burns eternally in hell getting raped by Ron Jeremy.

Dood, Ron Jeremy is a god. How dare you bring him down that low!

[kairon]

Sorry, I should have said Michael Jackson, but I figured as a straight person that I wouldn't want to be raped by that ugly mf'er or anyone so I put him .:p

[dray_04]

haha i told you!!!!!!!!!!

wait ill go get the quote

[+Fulcrum Subscriber¹]

I hope code leak never happens at Neowin!

I'm soo happy im not a registered member to many sites, Neowin makes me "feel" safe.

[daimon]

Sorry, I should have said Michael Jackson, but I figured as a straight person that I wouldn't want to be raped by that ugly mf'er or anyone so I put him .:p

Lol, you have some taste dude.

That is so lame with what happened to that web site. Thanks for letting us know. That was very first visit to hl2 source and I was shocked to see that.

[Argote]

Bah we knew it was BS

[dray_04]

Bah we knew it was BS

lol

yeh you guys did, but nearly everyone else in the world thort it was real

[GrandMaster]

funny guy.. :D

who wouldnt have done it?

[FM]

Man, I don't think anyone at Valve knows what "security" means. Was the pass really "gaben", or did the SQL database get out?

[aldo]

Oh comon, this is total bull**** and you know it.

They are using version 1.3.1 of IPB (the same one as Neowin has), and IPB has not posted any upgrades for it.

If this was the case, then nearly every site would of been 0wned by now.

Another thing - the database stores nothing more than MD5 hashes. Even if you know the password, it takes weeks to reverse engineer (or brute force) the password, unless it was really short, which 'gaben' is - but that would still take days upon days to reverse engineer.

This is 100% bull**** and I'd expect nothing more from our good friend gabe.

[SimplyPotatoes]

Oh comon, this is total bull**** and you know it.

They are using version 1.3.1 of IPB (the same one as Neowin has), and IPB has not posted any upgrades for it.

If this was the case, then nearly every site would of been 0wned by now.

Another thing - the database stores nothing more than MD5 hashes. Even if you know the password, it takes weeks to reverse engineer (or brute force) the password, unless it was really short, which 'gaben' is - but that would still take days upon days to reverse engineer.

This is 100% bull**** and I'd expect nothing more from our good friend gabe.

IPB can store text passwords and md5...a lot of websites do.

[Guest bartekpl]

Wait, I'm a little confused. So this was when HL2 was first leaked?

[FatCat]

Wait, I'm a little confused. So this was when HL2 was first leaked?

kairon were are youuuu? :p

[Guest bartekpl]

kairon were are youuuu? :p

your making me even more confused, and that does not help :no: :(

[Sn1p3t]

If HL2 Fallout is stupid enough to store clear-text passwords instead of MD5 hashes, it serves them right :p

I didn't hear anything about the gold hoax (been away for too long), so I can't offer any more comments.

[nX07]

Wow what a ride loL

[jackwanders]

Oh good god...

You guys are never gonna get this game, are you? it's a good thing I don't concern myself too much with PC gaming, considering that by now I'd have to drop close to a grand to get my PC in shape for games like Doom3 or HL2.

[Menge]

Another thing - the database stores nothing more than MD5 hashes. Even if you know the password, it takes weeks to reverse engineer (or brute force) the password, unless it was really short, which 'gaben' is - but that would still take days upon days to reverse engineer.

i always thought md5 hashes couldn't be de-hashed ;)

[Twisted.Raven]

so maybe gabe really did make that post and then denyed it as another publicity stunt? i sure do hope so.