CCP plays down EVE leak News

You'd better not even mention it on their forums, they're banning left, right and centre!

what about the rumours that the In-Game Browser features a way to launch files on your PC?

I heard it's not the entire sourcecode - just some de-compiled Python scripts. I guess if the client knows more than it displays, an altered client with injected Python could give advantaged to malicious individuals. Might make it more susceptible to automation, too.

I also heard CCP are monitoring the source downloads... and ban accounts with corresponding IP adresses. Proceed with caution. :)

(Note: these are slashdot rumours. I'm not an EVE player.)

This article is based off of an unconfirmed source. The slash-dot article that contains the "official response" is quoted to be from a CCP employee named Ryan S. Dancey. That is the name of a major american pencil-and-paper dev. Does anybody but me think that it sounds like a fake?

Heh, there's already been a huge vunerability exposed: the in-game browser redirect exploit. It's actually been possible since the IGB was introduced but only looking at the code revealed it. Suffice to say, any EVE players out there should NOT under any circumstances look at any pages in the IGB until that is fixed (if it ever will be).

Also not that according to the guy who got the code, in a publicly released conversation with a CCP employee, any macro exploits that were discovered when the code was last leaked 2 years ago, have not been addressed in any way and macro farming has essentially been 'allowed' by CCP despite the info all being in the public domain for the last 2 years. Any exploits regarding this were discussed and analysed years ago but still remain in the current source code. Sad to see CCP really doesn't care about macro-miners. I suppose it's all profit for them.

Also note that CCP are seeding the piratebay torrent themselves (quite canny I must say) so that anyone downloading it will have their IP tagged and then be automatically banned from the game. As is usual with a leak of this sort, it is often best to not download it at all but simply revel in the drama. It is EVE after all which is powered by the ever turning wheels of the great Drama Llama in the Sky.

Any posts from CCP in the near future will more than likely just be damage control, so I wouldn't expect any honest answers from them. Remember, the boot.ini issue? Yeah, that was identified and CCP were alerted to it on the test servers weeks before the patch was launched. They still went ahead and trashed peoples computers anyways. Any issues raised in this leak will therefore be very unlikely to be resolved anyhow no matter what the source students uncover.

All this information has been garnered by just being an EVE player and reading the EVE forums, I don't have the code myself (I'm not a fool) just in case CCP want to extend their Iron Grip anywhere here. Sad that I have to put that disclaimer, but CCP are a ban first, ask questions never kinda company.

Please guys, can we stop the tinfoil hattery here

Firstly Ryan Dancy is a CCP employee. In fact more than that, he is the chief marketing officer.

Check out the CCP website

Secondly - CCP were not "informed" about the boot.ini issue weeks before. Somebody made a post in the wrong bit of the forums a few days before the patch came out and it wasn't spotted by the Dev's.

Now the Boot.ini issue should have been picked up by CCP's in house QA processes. I have no idea why they failed but as the old saying goes, "never attribute an incident to malice when it may just as easily be explained by incompetence". To me the suggestion that CCP deliberately trashed their customers PC's is total madness, they screwed up, no more, no less.

Going back to this client leak, to me this looks like a storm in a tea cup. The clients for all MMO's are pretty dumb and the server side does most of the clever stuff (I think in the early days somebody did release a peer-to-peer MMO and quickly found it was made unplayable with vast numbers of cheaters).

As for the guy who released it, even if we believe his claims about his motives, its a despicable way to behave with somebody else's property.

Well I apologize about my paranoia, hadn't seen that part of the site. Also, i'm a little bit confused as to what was actually leaked. Was it the source code for the client or the server?

Sorry for jumping on your back.

Apparently a small part of the client code was leaked, I haven't seen it for my self but I heard it was around 2 MB of python code. To put this in context, the EVE classic installer program is 603 MB.

AFAIK none of the server code has been leaked. I would imagine CCP keeps it under armed guard!

OMG PLANET!

Seriously though, good luck to CCP getting through this, although I'm sure we all understand that the majority of that 600+ MB is artwork adn the real executable is never as large as you expect it to be :p

"Access to the source code for the EVE client exposes no security vulnerabilities.."

Wow, do we have the first piece of software ever written with zero vulnerabilies? B.S. However much code was really available, thats just a dumb statement. Oh I forgot, it was a marketing person who gave the statment, explains it all.

because

a) they wrote it in python knowing full well it can easily be decompiled by even commercial tools so they would have done a risk assessment.
b) on top of a, server > client systems (mmos, gambling games etc) rely so much on the server doing anything sensitive that the client really ends up being a husk of logic processing -> execute logic result rather than have any power to do anything specific.