⚠️ Is CS2 Safe To Play Again?
Vložit
- čas přidán 12. 12. 2023
- A couple of days ago, CS2 players woke up to countless posts urging them not to play the game. Why? Because massive exploits were found.
Ones that could involuntarily show you material you didn't want to see, remove items from your inventory, or even literally doxx you.
It's supposedly been fixed but is it really safe to play again?
Written & Hosted by: Devil Coull (@Fake_DevinCoull)
Edited by: Connor Dunn (@connordunn_)
Produced by: Danny Burke (@lurkeyburke)
All footage courtesy of: pastebin.com/WGe5X47T
Music used under license from Associated Production Music LLC (”APM”).
Follow us on Twitch: / thescoreesports
Follow us on Twitter: / thescoreesports
Follow us on Facebook: / thescoreesports
Follow us on TikTok: / thescoreesports
Follow us on Instagram: / thescoreesports - Hry
Valve definitely needs to let it’s community know. If there is things as bad as xss that could possibly hack your computer. Valve needs to let people know if it’s safe to play there game instead of fixing it in silence and letting users be unaware
expecting anything of valve when they've given a free pass to cheaters to run rampant for yrs now
Its surprising they even fixed it and you expect them to do any more 😂😂😂😂
As bad as it is in a case like this, Valve doesn’t communicate. But they listen and work. And they do it well.
Their motto is ‘no communication is better than bad communication’.
Critical cases like this should be communicated in my opinion tho
@@starstencahl8985 there is also a possibility of good communication. They should try it sometimes.
check the newest patch notes.
I love the fact that I can no search through social media to find out if my favourite game is even safe to play without the devs mentioning any word about this. Way to go Valve!
As a web developer you deal with the chance of XSS often. But these days it's very uncommon due to how robust input processing has become. So it's honestly quite embarassing for Valve to have such a simple exploit manifest in their game code, if SLIGHTLY understandable due to how they build everything bespoke.
It wasnt XSS
@@okiabetter okay, what was it?
@@nisem0no just display of html code but no script can be run
@@ashadowintime7305 an image tag that gets rendered on other clients is XSS. You can cause havoc with just an image. It's still injected code. Not sure what you mean.
@@ashadowintime7305 How would you know?
The thing that pisses me off about steam and their CS2 dev team is not that these issues are happening, shit happens all the time with every single game and I would argue something like this isn't new. The thing that really pisses me off is how quiet they are, everyone is demanding that they communicate and work with the community. They don't. They have zero desire to communicate or announce to anyone publicly.
twitter moment
Announcing security issues is a double edged sword, especially if they don't have a fix ready to go.
Which is exactly what they’ve consistently communicated to players for over a decade. They don’t want player feedback to influence the development of their games. It’s a big part of why their games are so successful. It’s why games developed prior to social media are still so good, and why every modern live service game is one bad content release away from being abandoned by its fickle, entitled payer base.
I'm really disappointed of valve since they don't ban cheaters but people with high dpi.. I lost 20k in skins
@@snareplug3872 Yeah I was warned by friends not to joke around with high sensitivity for a false positive. Although surely it'll get reversed? I heard that Valve is pretty good with reversing falsely given VACs?
People are fkn crazy. To go out if your way to ddos a strangers internet should be punishable with jail time and huge fines. I got DDOS back in csgo amd it lasted 2 weeks ffs. Had to get all new internet lines and the whole 9. I was pissed but i was more mad that these unhinged lunatics can go around doing it freely to whomever they cross paths with
In most areas, it is highly illegal
It's highly illegal, and if your smart, hard to track. The internet is a really hard place to monetize and control.
the mmo "new world" had this problem on release, though it was restricted to things native to the installed folder. but people found that you can crash peoples games by pointing to an image or file that just doesn't exist if they moused over the item.
The more entertaining part was that people used it to spam a GIANT version of the sausage item from the game.
You used OWASP to explain XSS.... i am impressed.
Good work theScore esports!
A statement from valve would have been necessary tbh.
They're not saying anything because 100% Valve are embarrassed. This is an elementary concept taught to anybody learning about anything involving APIs: sanitize your inputs. Not surprising they didn't want to acknowledge that this even was a problem and that they just want this to blow over.
Either that or they pulled a gigantic brain move and allowed this on purpose to make us believe that they can't be trusted with kernel access so they don't have to make a proper anticheat, when they're just too lazy to do so.
A kernel anticheat wouldn't do anything. Valve's mantra is to avoid the "treadmill" of work and this kernel thing wouldn't work for every machine (eg: Steam Deck/Linux) . You're also putting a potential security hole in your system, and people can just make kernel-level cheats. And on top of that, the "current" anticheat (is there even one?) is easily broken, and you're just taking the fight from somewhere that the OS and the like can reasonably guard against to something where you can brick someone's PC if there's a single exploit.
I think the reasonable system would be to properly return the Overwatch system, or really just how CSGO handled it; If the cheaters aren't banned, they'd at least be in low trust factor and would therefore end up away from most of the playerbase. Their AI ban thing (VACNet) is doing absolutely terrible at banning actual cheaters (look at all the false bans you can make) and they currently seem to just only be running that and the usual VAC stuff that games like TF2 ran (which can also be very easily bypassed).
Really, the entire state of CS2 is all on fault of Valve. They replaced a working game with a game that doesn't work as well (in this case, the anticheat side) and it's suffering hard. And the rushed as hell development makes it all the worse. Nothing else killed CS2 more than Valve themselves. The cheaters are always a problem, but Valve is seemingly done playing the fateful cat and mouse game, and the game's suffering as a result. If a kernel anticheat did come with CS2, it'd be bypassed, broke, and possibly exploited quickly if Valve doesn't stay at the ready. And it seems like TF2 was the writing on the wall for this. That game is more cheater infested than ever at the minute, and CS2 is seemingly right up there with it, with both games having a not very good outlook on being cheater-free anytime soon.
CS2 moment after CS2 moment :(
I've had this happen to me in CSGO as well. A hacker that landed up in my team got annoyed cause we team reported him and told me the exact location of my home somehow.
It’s impossible to get your full address from any steam information unless they had access to your shipping address. You were most likely doxxed in the past and didn’t know it.
@@DaBigSkidd By exact I meant within a 100m radius.
@@ShinAkuma 100 mile radius, so he grabbed your ip? If they joined your lobby that’s a known exploit that was patched in the last remaining year of CSGO
@@ShinAkuma csgo isnt p2p so I’m not too sure how he could have done it if it was in match
@@DaBigSkidd Meter, not mile.
I came back to CS after leaving in 2016. Played for a bit and quickly remembered why I left in the first place.
So why did u left?
@@Chavanun555 I'm going out on a limb here based on the time stated...
* Cheaters
* Lack of any movement from Valve on fixing basically anything, but especially the cheaters
@@krazed0451 cheaters have been around since csgo dont they? Also like csgo has been out since like 2010s and for over 10 years they never fix the cheaters problem while Valorant came out in 2020 but have very little problems with cheaters. I dont think the problem is gonna be fixed anytime soon lol
@@krazed0451cheaters must be more common in eu or somethn. ive been playing cs for years on n off and very rarely will i run into a cheater. i’m ranked like 15,000 right now and have yet to see one in premier but I do wonder if maybe trust factor is a big part of it considering i’ve been playing for so long.
bad in 2016 and bad now probs, understandable
I think the inventory thing is impossible, unless you gain access with the valve database first then sure the inventory delete is possible
I wasn't playing yesterday because i had no idea it's patched. Now that i read update notes i could play with relief
If your computer sends a plain request to any server or device; it is extremely like if not guaranteed for most users that your IP will be available to the receiving party of the request. A request can be for almost anything, ranging from text, ext assets, pictures, to your pc just pinging a server.
Valorant didn’t kill cs cs 2 kill itself
They're releasing patch notes late for some reason. The ones for the fix are out, but there's just been a 1+ gb update and no patch notes yet
Literally had TODAY a guy using the script bruh
2german guys were acting as if they hated each other, kept tryna vote kick each other, then i realised what their nicks were showing on the leaderboard and in the kick meniu were different, bro i dont think its fixed fully, on the kick screen it said txt something… and their nicks was different…
It's only showing a plain string. But that's literally it - anything else is fixed
This is like the Chicken incident in R6 Siege.
in recent patch notes they said "Fixed multiple exploits that allowed adding non-text data into UI labels". very cryptic way to say its patched
sounds cristal clear to me..
Csgo had a couple days once where a security exploit was found and we all didn't play for a few days lol, can't remember what it was tho
say something is cs2 fucking playable again? !!!!!!!! Yes or NO
At this point I'm just gonna quit. I'm tired of having to be paranoid every time I launch the game. It's been a fun 20 years, but I'm out.
Let's be honest, you aren't, and neither am I. This game is too fucking addicting. Valve probably is calling our bluff but real talk the community needs to actually stop playing this shit until it becomes playable
Man its hard, but until this game is fixed, im just playing valorant from time to time, it helps me to stay away from cs during this shitshow
@@jdwilliams4821the game is playable though idk what you on about
@@qwertyrewtywyterty premier and faceit rank?
@@jdwilliams4821 just official premier 19k
The thing of items being removed from an inventory is straight up incorrect and not possible the most they can do is force you to trade the items out.
Ive been playing this whole week and ive nothing seen out of the ordinary. Vote screens just looked normal and beside that the Ip adress they will probably gather is the location of the city my provider is based on. So i wish them goodluck.
literally just had a hacker in death match lmao
Valve is making riots spaghetti look good
Wait what? i have been playing without knowing anything about it till now 💀
They did release patch notes on 13.12.2023. Check them out
this game will never be safe
no regrets grinding valorant, I completely give up on cs2
yesterday morning.. or 2 days ago not sure... in the middle of the game.. cs started to minimzed and goin full screen in secunds so fast... needed to close the game...
it was after i reported someone for cheating
Ever worked with ppl who stays silent when they make a mistake?
I work with this kind of ppl every day
Same energy
How come Valve got away with making a "sequel" that was just a graphics update, but Blizzard didn't?
You guys are the GOATS
So is it safe to play right now or not? Or should we just wait until an official announcement from valve? Somone tell me please
Anomaly said something about applying stickers due to this exploit , is ok now ?
It's a hugely overblown issue, that didn't do much except giving random dudes your ip - oh no, how scary 😂
The real problem was the Workshop map issue, not the one we're discussing here.
Both got fixed within a day.
the thing that grinds my gears the most is the premier matchmaking. 5k against 13k? 5 matches in a row?? now thats some bs.
I'm just waiting for the new operation
I was playing the game during this time. Do I need to reset all my passwords or something now?
Yeah, the XSS is not that bad of a vulnerability, that's actually a sane take. 10 years ago nobody would've taken it seriously. Same as IP adresses, many hosts know your IP. But don't get me wrong, it's a good thing people are finally getting more sensitized. And this one caught me really off guard when I heard it the first time because that was the last place I'd ever expect to render HTML. But I guess everything is a webapp nowadays. EVERYTHING. I could imagine there aren't a lot of people who are good at gamedev and security at the same time but unfortunately they intersect in multiplayer games.
I think im getting ddosd but its ongoing… in my console i see random stuff that look like packeting.. i reinstalled steam and cs, and thought i was good but the 3rd match i played had up to 1.5k ping vs 9.. how do i fix this? Its been a couple days now maybe even a week
CS2 went from the long expected Source 2 upgrade, to the most disappointing release in a long time to litteral malware in less than a year!...
is right next to Overwatch 2 at this point
It is slightly better than overwatch 2 still.
Unfinished game with security exploits and bugs?
I think I can wait until this fiasko is completely over maybe next year.
Damn CS 2, what is HAPPENING?! 😮
I wonder if any ip grabbers were smart and make the picture look like it was just a normal vote to not arouse suspicion
Update just fixed this just now
There are patch notes mentioning this.
Good thing I blocked avatars since day 1 😂
"I started playing The Finals and that was more fun."
WELP, that aged like friggin milk my guy 😂
There's one thing that'll never change about valve - they will never fix their goddamn game
Valve attempting the Make a polished game challenge (They will never do it)
Why do people think that having their IP revealed is dangerous? You share it with every single website you visit and can change it in 5 seconds.
You do know that random people on the internet having my ip could cause problems? Most websites encrypt this kind of thing behind several layers.
@@speedforce8970 no they dont what are you talking about, yes in most modern games (except gta because they are stupid) players do not have access to your ip address but every website you access does and that is not encrypted. however someone having ur ip address isnt usually a big deal since most ips are dynamic so even if someone tries to ddos you, you can change ur ip pretty quick with a router restart. if you have a static ip you might wanna consider using a vpn
nah the other day buddy on my team litrally doxxer their top fragger. he admitted to it at the end of the game. all i could do was report him to steam 🤷🏼♂️
Cant you just find their IP address using the ` key when they join a community server?
I had no idea ._.
Is the New World sausage all over again
"i already changed it", Yes the public ip adress changes alot, because your isp does that, because most times you borrow ip adressen from your isp, if you have not bought or rented one actively. your private ip adress cant be changed, so this (i know it is a joke) statement is not true.
Do a story on the cs2 hacks that just came out
how can riot do such a good job and valve can't? I am not comparing the game, I am comparing the backend, how are 2 games so similar so different in terms of security and playability?
Because Riot believe it or not knows how to take care of their games, their community and everything else. VALVE on the other hand is like the father that goes for a pack of cigarettes and never comes back
And I thought I was crazy that my stickers were scraped..... this is insane. I'm guessing valve won't compensate for that . bullcrap company
Lol, they just dropped the update to fix multiple ways to implement stuff in their UI.
Where are the documentaries...
GTA V had the same problem but Valve cares unlike Rockstar. Also such problems (malicious exploit) has been common in Valve games due to open modding support and it's patched almost regularly after it was reported.
to be fair at this point I understand why valve does not want a kernel level anti cheat. they simply cannot handle the responsibility.
Short answer "NO"
This is why I just do private server by myself. Just having fun with own workshop and stuff
It's funny from the community who talking about the security of anti cheat, but their game is the one who is the most not save
LOL
I don't need posts to not play this game
a small indie company couldn't sanitise inputs haha
Ey look its me in the video
I GOT MY WEBCAM HACKED MID COMP GAME IN CS2 HAD TO REINSTALL WINDOWS
all that noise on twitter because of a html img tag? really?
valve is a billion dollar company how tf is this possible
cant do shit with an IP... Until they route 100k packets...
if someone gets your ip just restart your router
wait i didnt hear about this shit. i played a couple of days ago and that was my first time playing cs2... what are the devs doing atleast give me a notice when starting to play
Your IP address is basically public, non-issue. The RCE on the other hand...
Worst they can do is DDOS and try to extort you for money. The geolocation for my IP address ain't anywhere close to where I live.
ok
does anyone know if it has ben fixed yet?
valve cant get an anti cheat for the game in 20 years. good luck to this one
What's sad is that if CSGO was left as a standalone game we would have massive exodus back right now... This is why I don't understand how zoomers let companies like Blizz and Valve get away with the fake sequel gimmick.
If you think that's crazy I can get your real steam ID and copy it to a new account and be you and play with your skins without email and password and whatever I do is done under your ID so if I hack and get banned your main account will get the ban. I use to blackmail people in csgo for some of their skins. Also used it back in like Half Life deathmatch days to copy peoples accounts with lots of games so I had more stuff to play. You can still do this today even in CS2 when they add player hosted servers again. It's as easy as having someone connect to your server.
ok
"thousands of innocent ppl banned" they are called cheaters and that game is filled with them thats why ppl dont wanna play its 70% cheaters and teams with wallhacker
That has nothing to do with his statement. It is a fact that thousands of non cheaters got banned
Valve addressed the patches in the latest patch notes. Video is inaccurate now.
I don't remember most sprays being mostly porn, most where memes. Or pngs of player models
I got hacked right today. Just from playing
Maby Valve should start invest in som ANTI-HACKS as we players said for centuries, i mean Faceit have better anti cheat than Valve, so we already know its possible
Honest to God I dont like valorant's hero shooter style game but i respect them for kernel level anti cheat and the way they try to introduce new "agents with powers" to keep the game fresh, kudos to Valorant community whereas CS (the video summarises it 😢)
if you know nothing about computers then i guess getting your IP leaked is super scary in reality it doesn't matter
And yall just love value😂😂
1:56 that's Hidden:Source! Stop!😢
When are people going to admit that CS2's launch has been one of the most disastrous in history?
.... they are
does he answer the question is it safe now?
so is it safe 2 play now boss
That guy has been a hacker for 20 years? He looks like he’s 25
😎
nahhh this is hilarious. even riot has more communcation than valve.
You look like a young version of Gabe Newell
Rush B
nice video cs2 bouta update right neow