Half-Life security hole shamefully ignored by Valve
Security firm releases fix following developer apathy
In amazing news announced by digital security consultancy PivX Solutions today, Valve has refused to attend to a serious security hole in Half-Life, as played by millions around the world.
The problem lies with three separate buffer-overflow flaws, which essentially make both servers hosting Half-Life and all end-users (ie - you) vulnerable to attacks that could see your machine taken over remotely.
"Due to the severity of these vulnerabilities, PivX waited much longer than the industry standard of 30 days for a patch to be created and distributed by the vendor," said the firm in a statement. "However, after 100 days and no patch or fix from Valve, despite repeated enquiries, PivX has decided to release these vulnerabilities with our free fix."
The seemingly light-hearted team released a patch this morning, described as "Preparation V(alve) Digital Ointment, for prompt cooling relief from painful itching and burning caused by defective and vulnerable Valve Half-Life server code."
Eager to stick the boot in some more, the firm continues, ""It's clear, cooling Digital Ointment medicine that reduces aggravation while it soothes and protects. It's FREE and it's not sticky or messy so it's easy to install. Preparation V Digital Ointment provides fast cooling relief of painful cracker attacks and reduces Half-Life Server Buffer Overflow exploitation. Remember, it's FREE, it is non-greasy, non-intrusive and has no unpleasant scent. The only unpleasant scent and effect you can expect is if you don't apply it quickly. Apply internally to the affected area one time and after each server installation."
Thanks PivX!
The problem lies with three separate buffer-overflow flaws, which essentially make both servers hosting Half-Life and all end-users (ie - you) vulnerable to attacks that could see your machine taken over remotely.
"Due to the severity of these vulnerabilities, PivX waited much longer than the industry standard of 30 days for a patch to be created and distributed by the vendor," said the firm in a statement. "However, after 100 days and no patch or fix from Valve, despite repeated enquiries, PivX has decided to release these vulnerabilities with our free fix."
The seemingly light-hearted team released a patch this morning, described as "Preparation V(alve) Digital Ointment, for prompt cooling relief from painful itching and burning caused by defective and vulnerable Valve Half-Life server code."
Eager to stick the boot in some more, the firm continues, ""It's clear, cooling Digital Ointment medicine that reduces aggravation while it soothes and protects. It's FREE and it's not sticky or messy so it's easy to install. Preparation V Digital Ointment provides fast cooling relief of painful cracker attacks and reduces Half-Life Server Buffer Overflow exploitation. Remember, it's FREE, it is non-greasy, non-intrusive and has no unpleasant scent. The only unpleasant scent and effect you can expect is if you don't apply it quickly. Apply internally to the affected area one time and after each server installation."
Thanks PivX!
Read More Like This