Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Steam Forums Hacked?

The Steam Users' Forums currently offer the following message: "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This may be just normal maintenance, but we have also seen an image suggesting they were compromised in some manner, and for a while were directing users to a site offering ways to cheat at games, so this may be what Valve is in the process of cleaning up. We'll pass on posting the screenshot to avoid advertising the site, and are waiting to see if Valve has a response to our questions about this (it's still early on the west coast). Thanks Joao.

View
47 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >

27. Re: Steam Forums Hacked? Nov 7, 2011, 17:54 Dev
 
Is this why friends list adding doesn't seem to work?

I would have thought valve would go anal and spend a ton of money on security after the hl2 source code leak. Thats about the WORST security breach that can happen to a game developer, getting an entire game's source code leaked.
 
Reply Quote Edit Delete Report
 
26. Re: Steam Forums Hacked? Nov 7, 2011, 17:48 Beelzebud
 
Satoru wrote on Nov 7, 2011, 15:36:
Beelzebud wrote on Nov 7, 2011, 13:38:
It's time for Valve to get their asses together when it comes to security. It doesn't sit well with me that I have a Steam account with a few hundred dollars of games on it, and I'm getting emails from webmaster@steampowered telling me to sign up for a warez/cheat site...

Time to wake the fuck up, Valve, goodwill doesn't last forever when you're dropping the ball.

You will note that I can send you an email that appears to be from anyone on the planet from any domain name without hacking the Steam forums at all.

And you will note that it's simple to see the real place an email was sent, I'm not an idiot. When I look at the meta-data I can see that this message was sent from vBulletin Mailer from wcmx3.valvesoftware.com, with references to bitbucket.valvesoftware.com, an an IP address of 216.207.205.110, which a whois returns as wcmx3.valvesoftware.com in seattle washington.

So unless you have a PC set up in their office, I highly doubt you can spoof their bulletin board system. Stop covering for their lame security.
 
Reply Quote Edit Delete Report
 
25. Re: Steam Forums Hacked? Nov 7, 2011, 17:46 CannibalBob
 
I'm not too concerned about this, since the forums are separate from account logins, and I'm not stupid enough to have the same password for forums and accounts, but it does bring security in question. I would definitely love to get a dongle for my Steam account. Sure, it'd be a bit more painful and there's the risk of it getting damaged/lost, but the value of my Steam account grows every month and I'd like better protection.  
Avatar 52745
 
"If you like it, they will stop making it" - Herblock's Law
Reply Quote Edit Delete Report
 
24. Re: Steam Forums Hacked? Nov 7, 2011, 17:26 MxxCon
 
Total-Khaos wrote on Nov 7, 2011, 15:02:
The problem here is that Valve uses vBulletin instead of writing and using their own forum software. To amuse yourself, just Google "vbulletin hacks" or "vbulletin exploits" and be amazed at how vulnerable this craptastic piece of software really is.
This is equivalent to opensource software. Just because it's proprietary and closed source doesn't make it any more secure.
Security through obscurity doesn't work.
Yes, there are a lot of hacks for vB, but that doesn't mean they are unpatched. If you are running the latest version of vB, you are as secure, if not more, than running your own custom software. Plus if anything, I'd expect Valve to be competent about running their service, and this hack wasn't just a simple 'exec()?' exploit.
 
Avatar 21874
 
Reply Quote Edit Delete Report
 
23. Re: Steam Forums Hacked? Nov 7, 2011, 17:14 Bhruic
 

The problem here is that Valve uses vBulletin instead of writing and using their own forum software.

It's not a problem, anything that Valve would write would likely have just as many exploits.

Plus the nice thing about using vB is that with password hashing, it's almost impossible for the hackers to have gotten any passwords. So at best they got some email addresses, and while minorly annoying, my spam filter is pretty damn good, so it's not a big deal.
 
Reply Quote Edit Delete Report
 
22. Re: Steam Forums Hacked? Nov 7, 2011, 15:54 Cutter
 
Satoru wrote on Nov 7, 2011, 15:36:
Beelzebud wrote on Nov 7, 2011, 13:38:
It's time for Valve to get their asses together when it comes to security. It doesn't sit well with me that I have a Steam account with a few hundred dollars of games on it, and I'm getting emails from webmaster@steampowered telling me to sign up for a warez/cheat site...

Time to wake the fuck up, Valve, goodwill doesn't last forever when you're dropping the ball.

You will note that I can send you an email that appears to be from anyone on the planet from any domain name without hacking the Steam forums at all.

Really? Even from Santa Claus at the North Pole? 'Cause I'm for thinking he wouldn't much care for that and put you on his naughty list. Which these days means informing on you to the FBI and seeing you shipped off to Camp X-Ray for a little interogation lovin' sans lube.
 
Avatar 25394
 
"The South will boogie again!" - Disco Stu
Reply Quote Edit Delete Report
 
21. Re: Steam Forums Hacked? Nov 7, 2011, 15:36 Satoru
 
Beelzebud wrote on Nov 7, 2011, 13:38:
It's time for Valve to get their asses together when it comes to security. It doesn't sit well with me that I have a Steam account with a few hundred dollars of games on it, and I'm getting emails from webmaster@steampowered telling me to sign up for a warez/cheat site...

Time to wake the fuck up, Valve, goodwill doesn't last forever when you're dropping the ball.

You will note that I can send you an email that appears to be from anyone on the planet from any domain name without hacking the Steam forums at all.
 
Reply Quote Edit Delete Report
 
20. Re: Steam Forums Hacked? Nov 7, 2011, 15:12 Elf Shot The Food
 
I want to post in the Steam forum and complain that the Steam forum is down, but I can't.  
Avatar 13955
 
Reply Quote Edit Delete Report
 
19. Re: Steam Forums Hacked? Nov 7, 2011, 15:02 Total-Khaos
 
The problem here is that Valve uses vBulletin instead of writing and using their own forum software. To amuse yourself, just Google "vbulletin hacks" or "vbulletin exploits" and be amazed at how vulnerable this craptastic piece of software really is.  
Reply Quote Edit Delete Report
 
18. Re: Steam Forums Hacked? Nov 7, 2011, 14:44 Jonny
 
the_culture wrote on Nov 7, 2011, 10:51:
Dear Hackers,

Go hack something useful, like terrorist or child porn websites.

Sincerely Yours,
Everyone in existence

I can't speak for anyone else, but if I had a burning need to hack into something and I had a choice between a site run by murderous lunatics, a site full of shit I don't ever want to see or Steam, it'd be soft non-mentally scarring target all the way.

Also, hacks, porn and free stuff? They're really trying to cover all the bases there aren't they?
 
Reply Quote Edit Delete Report
 
17. Re: Steam Forums Hacked? Nov 7, 2011, 13:38 Beelzebud
 
It's time for Valve to get their asses together when it comes to security. It doesn't sit well with me that I have a Steam account with a few hundred dollars of games on it, and I'm getting emails from webmaster@steampowered telling me to sign up for a warez/cheat site...

Time to wake the fuck up, Valve, goodwill doesn't last forever when you're dropping the ball.
 
Reply Quote Edit Delete Report
 
16. Re: Steam Forums Hacked? Nov 7, 2011, 12:47 DG
 
MxxCon wrote on Nov 7, 2011, 12:12:
Am I correct that there are 3 different logins: Steam itself, Steam forums and Steam support site?
Yes, though IIRC there's also Steam Community which is the Steam Itself login.

Steam Itself & Community are also protected by their monitoring your PC spec, though this does nothing really if they also break into the email account which Steam Itself is registered to.
 
Avatar 14793
 
Reply Quote Edit Delete Report
 
15. Re: Steam Forums Hacked? Nov 7, 2011, 12:32 Creston
 
avianflu wrote on Nov 7, 2011, 12:24:
it isnt clear what DRM skyrim uses -- does anyone know for sure? I ask because the Amazon listing shows nothing about requiring Steam and I'd much prefer a game not tied to logins, etc.

Oblivion was 100% DRM free -- ah those were the days.

Skyrim requires Steamworks.

Oblivion had a simple disc check.

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
14. Re: Steam Forums Hacked? Nov 7, 2011, 12:24 avianflu
 
it isnt clear what DRM skyrim uses -- does anyone know for sure? I ask because the Amazon listing shows nothing about requiring Steam and I'd much prefer a game not tied to logins, etc.

Oblivion was 100% DRM free -- ah those were the days.
 
Reply Quote Edit Delete Report
 
13. Re: Steam Forums Hacked? Nov 7, 2011, 12:12 MxxCon
 
Am I correct that there are 3 different logins: Steam itself, Steam forums and Steam support site?  
Avatar 21874
 
Reply Quote Edit Delete Report
 
12. Re: Steam Forums Hacked? Nov 7, 2011, 12:05 jimnms
 
They were definitely hacked. They used the forums to send spam too. I received this at the email address I registered on the forums with, which is different from my Steam account address. Here's the email, with headers (with email addresses and links removed):
Delivered-To: xxxxxx@xxxxx.xxx
Received: by 10.101.98.20 with SMTP id a20cs23050anm;
Sun, 6 Nov 2011 19:08:17 -0800 (PST)
Received: by 10.50.47.168 with SMTP id e8mr39668074ign.15.1320635295471;
Sun, 06 Nov 2011 19:08:15 -0800 (PST)
Return-Path: <bxxxxxxxt@valvesoftware.com>
Received: from wcmx3.valvesoftware.com (wcmx3.valvesoftware.com. [216.207.205.110])
by mx.google.com with ESMTPS id b2si13397774pbg.79.2011.11.06.19.08.15
(version=TLSv1/SSLv3 cipher=OTHER);
Sun, 06 Nov 2011 19:08:15 -0800 (PST)
Received-SPF: pass (google.com: domain of bxxxxxxxt@valvesoftware.com designates 216.207.205.110 as permitted sender) client-ip=216.207.205.110;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of bxxxxxxxt@valvesoftware.com designates 216.207.205.110 as permitted sender) smtp.mail=bxxxxxxxt@valvesoftware.com
Received: from web-03-02.cluster-03 ([10.2.3.35] helo=web-03-02.valvesoftware.com)
by wcmx3.valvesoftware.com with esmtp (Exim 4.71)
(envelope-from <bxxxxxxxt@valvesoftware.com>)
id 1RNFZH-0004s0-0p
for xxxxxx@xxxxx.xxx; Sun, 06 Nov 2011 19:08:15 -0800
Received: from www-data by web-03-02.valvesoftware.com with local (Exim 4.71)
(envelope-from <wxxxxxxa@web-03-02.valvesoftware.com>)
id 1RNFZG-0007pq-Tm
for xxxxxx@xxxxx.xxx; Sun, 06 Nov 2011 19:08:14 -0800
Date: Sun, 06 Nov 2011 19:08:14 -0800
To: xxxxxx@xxxxx.xxx
Subject: Come join [DOUCHEBACK SITE REMOVED], a gaming resource community
From: "wxxxxxxxr@steampowered.com" <wxxxxxxxr@steampowered.com>
Sender: wxxxxxxxr@steampowered.com
Message-ID: <20111107030814.258edc6d6f0b@forums.steampowered.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP

Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit [DOUCHEBAD SITE REMOVED]. It's safe, secure and undetected.

Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think.

Thanks again,
the [DOUCHEBAG NAME REMOVED] team.
 
Avatar 17277
 
Steam Profile
Reply Quote Edit Delete Report
 
11. Re: Steam Forums Hacked? Nov 7, 2011, 11:53 DangerDog
 
Come for the hacks, stay for the p0rn!

I figured something had happened. Hope our credit card info is stored in a separate database.
 
Avatar 6174
 
Reply Quote Edit Delete Report
 
10. Re: Steam Forums Hacked? Nov 7, 2011, 11:23 xXBatmanXx
 
Well, looks like it is time to change all of my passwords again - no biggie since I use a different one everywhere I go....  
Avatar 10714
 
In this present crisis, government is not the solution to our problem; government is the problem. / Few men have virtue enough to withstand the highest bidder.
Playing: New dad
Reply Quote Edit Delete Report
 
9. Re: Steam Forums Hacked? Nov 7, 2011, 11:22 Acleacius
 
Defiantly dangerous to go to their site, if they hacked Valve for redirects then they are most likely trying to hijack PCs with Trojans or Webbugs.  
The people can always be brought to the bidding of the leaders.That is easy.All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger.It works the same way in any country.
Reply Quote Edit Delete Report
 
8. Re: Steam Forums Hacked? Nov 7, 2011, 11:21 ASeven
 
El Pit wrote on Nov 7, 2011, 11:16:
I hope the hackers did not steal the Half-Life 2: Epsiode 3 source code.

4 years delay for HL3 now.
 
Reply Quote Edit Delete Report
 
47 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >


footer

Blue's News logo