EVE source code leaked - downloaders beware!

[kudos]

Slashdot | Eve Online Client Source Code Leaked

Quote:

An anonymous reader writes to tell us that the game client source code for the popular MMO, Eve Online, has been leaked via torrent. In addition to the source code the user also posted a lengthy chat transcript with someone from CCP customer support. While the end goal may have been to call attention to the continuing security issues within Eve (and ultimately themselves), there are probably better ways of getting through to support. Unfortunately, CCP seems to be responding with the usual knee-jerk reaction of banning everyone breathing a whisper of this incident. I wonder if any large MMO company will ever be brave enough to calmly address an issue rather than wielding the ban-hammer.

[Tyen]

Reminds me of:
ISN 2001/09: [ISN] Hacking of Web game EverQuest linked to loca

Quote:

For reasons unexplained, the hacker sent all of the proprietary files
that were hacked to a Sony executive

Quote:

Later, a Sony game master, Alan Crosby, was contacted anonymously
through a private e-mail system by one of the hackers.

[Hachima]

The story makes it sound like a big deal when it really isn't. It's not the full source code. It is just decompiled python. It isn't the original. Anyone that cared about looking at this portion of the source has done it ages ago with the free tools that are out there to decompile python.

Think of it like right clicking a web page to 'view source' and thinking you are some type of tricky hacker.

[Fogel]

wow thats a neat trick hachima infact i just haxored foh.org

[Hachima]

In fact, back in the day the EVE/script folder had the decompiled python in it . People did stuff like modify it to create merchant bots that would auto buy/sell stuff on the markets and whatever else they wanted to modify. Then CCP changed it to one compiled.code file instead of all the uncompiled python files, which is easier to manage and look for changes.

So you can still just take that 'compiled.code' file and decompile it to readable code. Which is what got 'leaked'

[AladainAF]

Hachima I agree its no big deal, and stuff, but really why is CCP so agressive on perma banning IPs of people that DL it from public trackers?

I mean, if people have been able to do this forever, I don't get what the deal is.

[Hachima]

Are they really doing that? I don't really trust any claims made on a torrent tracker.

[Itzena]

Quote:

Originally Posted by AladainAF

Hachima I agree its no big deal, and stuff, but really why is CCP so agressive on perma banning IPs of people that DL it from public trackers?

I mean, if people have been able to do this forever, I don't get what the deal is.

Because CCP are both lazy and stupid. Lazy because they think it'll be easier to ban people than fix the code, and stupid because they think banning people and deleting thread on their forum will make this go away.


Also: Don't use the in-game browser.

[cuervos]

I don't play EVE, but I feel like seeding the source just because of how they are handling it.

Doesn't mean I will, for fear of ruining the game for you guys : /

[Fog]

I don't see why banning people for seeding the torrent is lazy or stupid. It sends a clear message that they will aggressively go after people trying to fuck with their client, which should be the policy of any MMORPG admins.

[Tyen]

Quote:

Originally Posted by Fog

I don't see why banning people for seeding the torrent is lazy or stupid. It sends a clear message that they will aggressively go after people trying to fuck with their client, which should be the policy of any MMORPG admins.

^ concur

[Frax]

Except they don't really go to great lengths to protect their game or customers:

When my account was banned (I didn't exploit or hack, i was a noobie player who mined and did noobie pirate missions financed by som ISK a friend gave me when he quit), I was told it was for moving massive amounts of ISK through my account. I had something like 50,000,000 ISK, in total, which is not a lot of cash in game. When I inquired again a week later to see if they would reinstate me, I was told by CCP customer service that my account was banned as part of a large group of accounts that were banned as a result of SOMEONE GAINING ACCESS TO THE ACCOUNT DATABASE! They couldn't even give me the same story twice as to why I was banned.

EVE has many problems, enough to where I will never again trust CCP with my CC# or my email address. They are just not professional enough of a company to trust with your money.

[Wilfan]

CCP started as a bunch of amateurs and is proudly keeping that tradition alive, even in departments where it makes absolutely no sense, such as customer support and system-level programming.

[Hachima]

Official word about the incident

Quote:

We are aware that an individual claims to have access to the source code of the EVE client, but this access is not a security risk to CCP or our customers in any way. The Python scripting language that is used by the client can be easily decompiled to generate readable code, and we have designed our server-side systems with that understanding. Therefore, there is no reason to believe that the code was leaked by an employee and our internal investigations confirm that.

Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers billing information. The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to or from the EVE system.

Nothing the EVE client can do can affect the game state, a manipulated EVE client cannot affect the server, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client. The EVE client is signed with a security certificate registered to CCP. Hashes are available on our web site for those who wish to ensure the integrity of EVE client download files they may have received from a source other than direct download from CCP’s web site.

Finally, there have been no mass bannings, as reported in some news articles, though we do remove all message board posts regarding violations of our EULA and Terms of Service as per standard policy and procedures. We consider any alterations of the client software, including decompilation, or discussions thereof, to represent such a violation.

[Gamblor]

Quote:

Originally Posted by Hachima

Official word about the incident

Under the rug you go!

Just like they did with T20 for the first 3 days, hoping people would die down. "we need to investigate this matter guys, really, and you are jerks for outing a developer on his play account BTW and he had to stop talking to his friends". Oops they aren't buying it and the furor is getting louder "I mean yeah he was caught cheating six months ago and we didnt do anything to him then, so we can't do anything now that you know about it. Those 3 days weren't spent stalling really, and here's a powerless and useless IA department to prove how serious we are about our game state's integrity."

Oh yeah, and Aurora being corrupt as shit and BoB event kills dropping officer loot while events in other 0.0 space not even being tech 2? Now you're just being paranoid, the leader of Aurora being in BoB in no way represented a conflict of interest and I am insulted that you even implied it.