76 Replies. 4 pages. Viewing page 2.
< Newer [ 1 2 3 4 ] Older >
 |
| 56. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 21:53 |
Tanto Edge |
|
|
Shitty. Had to happen eventually.
Too bad it took them as long as it did to realize that their databases were stolen. |
|
|
|
|
|
|
|
| |
|
| 55. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 21:52 |
Prez |
|
|
StingingVelvet wrote on Nov 10, 2011, 18:42:
Prez wrote on Nov 10, 2011, 18:37:
I had a suspicion that this may have gone beyond just the forums, so I changed the security credentials on all of the Steam accounts in my household (4) as soon as word of this got out. Glad I did now.
If you have Steamguard they literally couldn't do anything with your account even if they can crack the encryption on the passwords.
Well, in truth I found Steamguard to be an inconvenience since I change my hardware so often in the 4 or 5 different computers I use my account on (and in my kids' computers that have Steam accounts as well) so I actually had it disabled.
With this news, I not only changed all of the passwords and secret questions, but enabled Steamguard as well. Having to enter a code from an email in order to log in on different PC configurations is less inconvenient than having any of our accounts hijacked.
EDIT: Oh, and welcome back to the Bluesnews resident Steam hater, Riley Pitz, who keeps changing his identity but not his ways. 
This comment was edited on Nov 10, 2011, 21:58. |
|
|
|
|
|
|
|
| |
|
| 54. |
Re: Waiting to warn is irresponsible. |
Nov 10, 2011, 21:40 |
CJ_Parker |
|
|
Mordecai Walfish wrote on Nov 10, 2011, 21:29:
Please don't expect such poppycock from Valve. They have shown enough respect for the gamer community in the past to not assume this is the case so blindly, and I for one will give them the benefit of the doubt they deserve here.
Say what? Granted... things have improved a lot and Steam has come a long way but let's not forget the very past you mentioned. And in that regard what do you mean with "respect"? You mean "respect" as in forcing a sluggish, buggy, unstable, unresponsive, plain fucking annoying, intrusive piece of shit client down our collective throats? Yeah. That's some really great 'spect they showed us right there. I'm still in awe. No, really. I am  .
|
|
|
|
|
|
|
|
| |
|
| 53. |
Re: Waiting to warn is irresponsible. |
Nov 10, 2011, 21:29 |
Mordecai Walfish |
|
|
I've Got The News Blues wrote on Nov 10, 2011, 20:45:
DrEvil wrote on Nov 10, 2011, 18:36:
Giving details before they could confirm what happened would have been irresponsible. Absolutely not! The responsible thing to do when you suspect a breach has occured is to alert those customers who may be affected immediately so that they can take precautions. It is much better to err on the side of caution because there is no harm done to the customer for being wrong. Protecting customers first NOT a company's reputation should be the priority.
Four days to properly assess the situation, ensure all systems were secure again, and to determine exactly what caused the damage does not seem unreasonable. Of course it is unreasonable because first, it gave the crooks a four day headstart to exploit the information they stole. Waiting does nothing to help customers protect themselves in the meantime. Second, it is highly likely that Valve will never fully know the scope of the breakin especially after only four days time. So again waiting doesn't help customers and puts them at further risk. In addition expecting that everything is safe and secure after only four days is absolutely laughable especially when the people making that pronouncement are the same incompetent or irresponsible fools who didn't prevent or stop the breakin in the first place.
These are problems that you can't just throw a huge amount of people at to solve; it takes time. Sure, it takes time to fix, but NOT to warn. Waiting to warn customers so they can take steps to protect themselves is irresponsible, and it is only done so that a company can keep from looking bad in case it was wrong about a breach.
This is simply rubbish. Alerting and sending into a fervor millions of customers *IMMEDIATELY* is a short-sighted and amateur response. If a security breach were ever so severe to warrant this it would entail the developer having a great deal of certainty that crucial personal data is at risk of potentially being decrypted and manipulated.
Please don't expect such poppycock from Valve. They have shown enough respect for the gamer community in the past to not assume this is the case so blindly, and I for one will give them the benefit of the doubt they deserve here. |
|
|
|
|
|
|
|
|
| Playing: MechWarrior Online, Natural Selection 2, PlanetSide 2, NFS: Hot Pursuit, Torchlight 2, Sine Mora, GTAIV, River City Ransom(NES), Final Fantasy IV Complete(PSP), Patapon 2(PSP), Dariusburst(PSP) |
|
|
|
|
| |
|
| 52. |
Thank Gabe for limited liabiility agreements! |
Nov 10, 2011, 21:21 |
I've Got The News Blues |
|
|
Dades wrote on Nov 10, 2011, 19:13:
You'd think after the HL2 code theft and security problems that they would be on top of this. Actually you'd think that PC gamers would have looked at the recent Playstation network hack and subsequent outage and realized that they shouldn't have all of their games tied to a similar network which is a single point of failure especially when it is run by a company which has a history of security problems.
At least the liability is relatively limited in this case unlike the Sony hack awhile ago. Yes, it's a damn good thing that Valve protected itself with its wonderfully restrictive and liability-limiting Steam Subscriber Agreement because it would certainly be a shame for Valve to have to bear responsibility and pay a price for its security failings and failure to protect customers' payment and personal information. |
|
|
|
|
|
|
|
| |
|
| 51. |
Re: Gabe's ass is well covered by your head. |
Nov 10, 2011, 21:21 |
nin |
|
|
Assley! I can't believe you took this long to show up! How's things at monolith?
|
|
|
|
|
|
|
|
|
RollinThundr Apr 17, 2013, 12:25: Eh really tossing stuff like that in there only to get your panties all bunched up. If you really want to call that trolling sure.
Mr. Tact Apr 17, 2013, 12:33: Pretty sure that's the definition of trolling... |
|
|
|
|
| |
|
| 50. |
Gabe's ass is well covered by your head. |
Nov 10, 2011, 20:59 |
I've Got The News Blues |
|
|
Creston wrote on Nov 10, 2011, 19:21:
Btw, just out of curiosity. When he says "We don't have evidence that the protection on credit card numbers or passwords was cracked."
How would they know that anyway? Valve wouldn't which is why it is just another case of Gabe trying to pull the wool over your eyes. The truth is that Valve doesn't know and most likely won't ever know, but "we don't have evidence" sounds a whole lot better doesn't it?
Gabe is just trying to cover his ass, and he has a huge ass to cover. Fortunately for him he has so many fanboys with their heads up his ass, that it is well covered. |
|
|
|
|
|
|
|
| |
|
| 49. |
Waiting to warn is irresponsible. |
Nov 10, 2011, 20:45 |
I've Got The News Blues |
|
|
DrEvil wrote on Nov 10, 2011, 18:36:
Giving details before they could confirm what happened would have been irresponsible. Absolutely not! The responsible thing to do when you suspect a breach has occured is to alert those customers who may be affected immediately so that they can take precautions. It is much better to err on the side of caution because there is no harm done to the customer for being wrong. Protecting customers first NOT a company's reputation should be the priority.
Four days to properly assess the situation, ensure all systems were secure again, and to determine exactly what caused the damage does not seem unreasonable. Of course it is unreasonable because first, it gave the crooks a four day headstart to exploit the information they stole. Waiting does nothing to help customers protect themselves in the meantime. Second, it is highly likely that Valve will never fully know the scope of the breakin especially after only four days time. So again waiting doesn't help customers and puts them at further risk. In addition expecting that everything is safe and secure after only four days is absolutely laughable especially when the people making that pronouncement are the same incompetent or irresponsible fools who didn't prevent or stop the breakin in the first place.
These are problems that you can't just throw a huge amount of people at to solve; it takes time. Sure, it takes time to fix, but NOT to warn. Waiting to warn customers so they can take steps to protect themselves is irresponsible, and it is only done so that a company can keep from looking bad in case it was wrong about a breach. |
|
|
|
|
|
|
|
| |
|
| 48. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 20:18 |
I've Got The News Blues |
|
|
Aero wrote on Nov 10, 2011, 17:50:
Let's hope they really honored the selection to not save credit card details when you purchase something Regardless of this setting Steam does save your credit card information in your Steam account. That is the reason why you cannot have more than two Steam accounts which use the same credit card number. Regardless of that setting if you try to make a purchase on a third Steam account using a credit card number that has been used for purchases on two other Steam accounts, it will be declined regardless of the amount of purchase or the credit limit of the card. This is one of the unreported restrictions of Steam.
That creadit card setting only determines if you can make a purchase without reentering the credit card information. The credit card information is stored in the Steam account regardless.
The bottom line is your credit card information is at risk due to this breach regardless of whether you checked that box or not.
This comment was edited on Nov 10, 2011, 21:03. |
|
|
|
|
|
|
|
| |
|
| 47. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 20:12 |
bfg9000 |
|
|
Beelzebud wrote on Nov 10, 2011, 19:48:
There are cultists everywhere, friend. Well put, you busta. |
|
|
|
|
|
|
|
| |
|
| 46. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 20:12 |
shihonage |
|
|
Steam has been very stale as an application. They haven't even fixed the 2-year-old bug where your download speed HALVES when you're downloading both "Call of Duty Modern Warfare X" and ""Call of Duty Modern Warfare X Multiplayer" which are 99% the same thing with overlapping data files.
And then the retail users can play the game several hours earlier than the digital copy you paid full price for.
And when you leave Steam on overnight, its downloads may be stalled by your other traffic and fail to auto-resume, with just the "working" icon active.
And if it does resume, it won't unlock the game automatically while you sleep. It will wait until you come from work and dealing with your horrible manager, and want to play the damn thing, only then activating the "Decryption" process.
And after that, it will wait until you try to launch it again, before installing VC++ runtime and DirectX for no reason.
Steam stagnated. It needs some serious competition. In that sense, it's a pity that Origin has proven to be a piece of shit. |
|
|
|
|
|
|
|
| |
|
| 45. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 20:06 |
HorrorScope |
|
|
Flatline wrote on Nov 10, 2011, 19:40:
HorrorScope wrote on Nov 10, 2011, 18:25:
In general: I still sit here and wonder exactly how many holes are actually in MS O/S's. To me is seems infinite. As Sony would say "How can this be?". How can top companies even afford to use MS products at all? Security and Safety first, lol. Hope and pray is more like it.
Err... you're assuming that this was a MS product to begin with.
But let's set that aside. Every large program/OS has an incredible number of bugs/conflicts that are constantly patched. Even Linux, Apple, and the other "bulletproof" offerings come full of bugs and exploits. They all get discovered and patched.
I'll post a challenge to you. Please get, say, 100 people together, and write a story, let's say 1 million sentences in length. All of you work on it simultaneously, and then deliver it with no grammar, spelling, or logic inconsistencies. You have, say, 2-3 years to come up with your story, write it, proof it, correct it, and deliver it.
I doubt you'd ever be able to eliminate all the "bugs" even if you worked on it for 10 years, and it's easier to proofread written language than code and how code interacts with itself.
I doubt it is a MS O/S behind this. But I just wanted to state in general that I don't get how such open architectures are created and used by companies that live and die by security well beyond Valve. How do industries think it's ok for a company to come out with a monthly security patch from yesteryear to the end of time it seems? Can they simply not get control of this? If not, a total rebuild of O/S's is in need. Probably being a bit utopian, but when you use O/S's like MS you can never really be that serious nor feel that safe, and as you say the others probably aren't too much better. It's like companies giving us PR about safety first. It's always money first. Stop the charade. |
|
|
|
|
|
|
|
| |
|
| 44. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:54 |
Mashiki Amiketo |
|
|
Creston wrote on Nov 10, 2011, 19:21:
How would Valve ever see that it was cracked?
No evidence in accounts linked with cards being revoked/or they keep the hash and salt tables on a different and more secure server. Which makes breaking the salted hash almost impossible if it was done right.
edit: Did someone let the crazies out tonight? |
|
|
|
|
|
|
|
|
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken |
|
|
|
|
| |
|
| 43. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:51 |
Wildone |
|
|
| *think of a coming "9/11" of the internet...allowing something big to happen so they can step in and 'save us' of course, restrictions will apply in the name of security;) |
|
|
|
|
|
|
|
| |
|
| 42. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:50 |
Mordecai Walfish |
|
|
| IS THERE NOTHING SACRED ANYMORE!?!? (besides my capslock..) |
|
|
|
|
|
|
|
|
| Playing: MechWarrior Online, Natural Selection 2, PlanetSide 2, NFS: Hot Pursuit, Torchlight 2, Sine Mora, GTAIV, River City Ransom(NES), Final Fantasy IV Complete(PSP), Patapon 2(PSP), Dariusburst(PSP) |
|
|
|
|
| |
|
| 41. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:49 |
Wildone |
|
|
You dont think they cant find these guys? If we leave people alone long enough they will destroy themselves so why bother stopping them when they can provide a nice alternate solution, that will just happen to serve their interests very nicely! Im sure the government LOVES Wikkileaks and such spilling their guts all over the place, its a well known fact they have a plan for the net 2.0 and total freedom aint part of it.
Take your ignorant tin foil hat and shove it, at least till you do your research;) |
|
|
|
|
|
|
|
| |
|
| 40. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:48 |
Beelzebud |
|
|
| There are cultists everywhere, friend. |
|
|
|
|
|
|
|
| |
|
| 39. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:42 |
Icewind |
|
|
Wildone wrote on Nov 10, 2011, 19:35:
This whole recent spate of LulzSec hacking drama is just one huge blackop designed to bring fear into the 'open' internet, guess who will come out with a solution?! A tightly controlled safe & government locked down new net 2.0. Just wait.
Ladies and gentleman, we have a winner.
Exactly, and the kiddie basement dwellers at lulzsec were actually aiding the very same people they sought to make fun of. They were punishing legit customers while helping the government.
I see this new internet as coming very soon.
/tinfoilhat |
|
|
|
|
|
|
|
| |
|
| 38. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:40 |
Flatline |
|
|
HorrorScope wrote on Nov 10, 2011, 18:25:
In general: I still sit here and wonder exactly how many holes are actually in MS O/S's. To me is seems infinite. As Sony would say "How can this be?". How can top companies even afford to use MS products at all? Security and Safety first, lol. Hope and pray is more like it.
Err... you're assuming that this was a MS product to begin with.
But let's set that aside. Every large program/OS has an incredible number of bugs/conflicts that are constantly patched. Even Linux, Apple, and the other "bulletproof" offerings come full of bugs and exploits. They all get discovered and patched.
I'll post a challenge to you. Please get, say, 100 people together, and write a story, let's say 1 million sentences in length. All of you work on it simultaneously, and then deliver it with no grammar, spelling, or logic inconsistencies. You have, say, 2-3 years to come up with your story, write it, proof it, correct it, and deliver it.
I doubt you'd ever be able to eliminate all the "bugs" even if you worked on it for 10 years, and it's easier to proofread written language than code and how code interacts with itself. |
|
|
|
|
|
|
|
| |
|
| 37. |
Re: Steam Forum Downtime Follow-up; Steam Also Breached |
Nov 10, 2011, 19:35 |
Flatline |
|
|
Creston wrote on Nov 10, 2011, 19:21:
Btw, just out of curiosity. When he says "We don't have evidence that the protection on credit card numbers or passwords was cracked."
How would they know that anyway? Wouldn't a hacker just download the data, then crack it "at home", so to speak?
How would Valve ever see that it was cracked?
Creston
Well, he earlier says that there's no evidence that the information was even taken to begin with.
I suppose with the proper logging you could determine that. |
|
|
|
|
|
|
|
| |
76 Replies. 4 pages. Viewing page 2.
< Newer [ 1 2 3 4 ] Older >
|
|
Twitter 
