dioxholster
Gawd
- Joined
- Aug 11, 2010
- Messages
- 801
haha very funny, obviously someone wasted money on domain to have it re-direct.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Steam Hack Confirmed By Valve
- Thread starter HardOCP News
- Start date
haha very funny, obviously someone wasted money on domain to have it re-direct.
No Steam forum account, but I changed my Steam password anyway.
I'm not worried about my credit card any more than usual simply because most CC numbers are probably 'out in the open' anyway. I always assume that my card may have been compromised at any time (which it probably is) and check my transactions at least twice a week.
I'm not worried about my credit card any more than usual simply because most CC numbers are probably 'out in the open' anyway. I always assume that my card may have been compromised at any time (which it probably is) and check my transactions at least twice a week.
Bone_Enterprise
Enter in the Rear
- Joined
- Apr 21, 2006
- Messages
- 4,423
Can't we all get along and just wait for the Steam Christmas sales to come around, they are just around the corner afterall.
_PixelNinja
[H]ard|Gawd
- Joined
- Feb 12, 2011
- Messages
- 1,460
Stumbled upon this:
They can now. You narrowed it down for them.
I never got any emails either. I only saw this when I was loading up Steam to jump into MW3 (yes a night of bad news altogether)
The message mentioned salted hashed info did it not? As the previous poster with the Gmail pic showed, that is decent security. The issue with Sony was it exposed they didn't salt and/or hash anything.
The message mentioned salted hashed info did it not? As the previous poster with the Gmail pic showed, that is decent security. The issue with Sony was it exposed they didn't salt and/or hash anything.
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Hur-fucking-rah for posting a message on their forums which I never go to anyways. I could ALMOST excuse it if this was a big fucking banner on their main page... yanno the one where people go to click on games and give them money.
Shit like this is glad my Socialist Republic of California requires notification if your information gets yanked.... A FUCKING EMAIL IS ALL I ASK FOR, if I didn't read the news at this site, would I have known? Oh wait yeah if I actually go to read their message forums then I'd be notified...
Bone_Enterprise
Enter in the Rear
- Joined
- Apr 21, 2006
- Messages
- 4,423
Why don't you just tell us how you feel about it already.
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
I also remember a time with no cable ,internet, or cellphones.
Yea........the good old days.
B+M's are gone. You can't even find a used game anymore, and if you do, it's got an account tied to it that probably makes the game useless to you.
Progress!
The more technology gets integrated in our society, the more hacking problems you will see.
It comes with the package.
wait, why are people suddenly saying it was just a forum hack... and only effects <3% if it was just a forum hack i'd be even more pissed then I already am and asking why my CC info was tied a forum DB?
This hack effects everyone, it's just a question of how long until the botnets can crack the keys, just like they did to sony.
3 days to admit it, 1 week to admit it, both companies should of come clean immediately.
This hack effects everyone, it's just a question of how long until the botnets can crack the keys, just like they did to sony.
3 days to admit it, 1 week to admit it, both companies should of come clean immediately.
You obviously have not restarted your steam client then since they have a HUGE fucking window that pops up telling you what happened, which is even better then an email that you might or might not ever get.
AS PEOPLE HAVE ALREADY SAID OVER AND OVER AGAIN. IF YOU USE A POPULAR EMAIL SERVICE THEN CHANCES ARE IT GOT EITHER MARKED SPAM OR WAS BLOCKED IF THEY EXCEEDED THEIR WATERMARK ON REJECTED EMAILS FROM THAT ADDRESS.
So mister @yahoo, @hotmail, @gmail, @comcast or whatever your email address is chances are they did try to contact you.
Well it does take time to properly investigate, so 3 days seems to be a reasonable amount of time to me. They also say in their email that the steam DB which contained CC info was also compromised in addition to the forum DB, they didn't say that the CC info was linked to the forum DB.
klank
Killer of Killer NIC Threadz
- Joined
- Aug 22, 2011
- Messages
- 2,175
- Joined
- Feb 3, 2004
- Messages
- 25,321
I'm pretty sure Steam guard is only to protect your individual account from being stolen
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Have to say... I didn't... however having just opened up my steam client to see if I maybe need to eat a slice of humble pie, I see no window, no pop up, NOTHING that says anything about this. As a result I have a big shit pie for them.
O,k maybe someone who really knows about this kind of thing can advise us less educated brothers how serious this is with facts instead of opinions and emotions. Looking around the net you get conflicting views ranging from it is nothing to worry about to it's the end of the world. To say it confusing is an understatement.
MacLeod
[H]F Junkie
- Joined
- Jul 28, 2009
- Messages
- 8,280
That makes me feel a lot better. I don't want to have to cancel my card, too big a pain in the balls.
As for the emails, if you didn't get one, so fucking what? Its front page on every blog and tech website in the world. Its not like they were trying to keep it a secret and if you're on here bitching about it, you obviously know about it. I don't see the point to all the rage.
This is why you make long passwords with all sorts of dumb characters in them because those won't be in a rainbow table.
Well to me that is all that really matters to me. I used the Steam forums but the responses you get sometimes are from a bunch of raging idiots anyway. I know if I ever reinstall my OS or login from a browser I always have to put that code in. So even if someone has my password it shouldn't do them any good since they still need that code to complete the login. From what I have seen it is always random useless the algorithm on how the codes are sent was taken as well.
_PixelNinja
[H]ard|Gawd
- Joined
- Feb 12, 2011
- Messages
- 1,460
My knowledge and understanding in encryption is very basic but in this case, doesn't the use of salt make a rainbow attack infeasible?
Any site I have ever used only allows alphanumeric for passwords and no "dumb" characters.
So is mine but if what I remember from Steve Gibson's podcast not too long ago is relevant, the possibility of the bad guys setting up a computer to use a dictionary/rainbow table to constantly hammer a password (they need the exact password) they're a much greater chance of 'Monkey' to come up rather than '&^#$&*(#$*(omghackerssuck(*#$*()$()' If I am wrong, somebody please correct me.
Most sites limit it at 8 to 16 characters because CS is annoyed with too many people that forget their passwords. Technically with something like AES256 the password can be much, much longer then that. And they use any character. Chances are if you're restricted to 16 characters and only alpha/numeric then the site is literally saving the password in its database with some encryption (hopefully anyway!) and not being hashed/salted which doesn't care what you use.
_PixelNinja
[H]ard|Gawd
- Joined
- Feb 12, 2011
- Messages
- 1,460
I have a way of setting my passwords so that each is unique yet easy to remember and it bothers me when I can't use my technique. This is the case with EA/Origin for instance where I can only use alphanumerical characters...
dioxholster
Gawd
- Joined
- Aug 11, 2010
- Messages
- 801
dioxholster
Gawd
- Joined
- Aug 11, 2010
- Messages
- 801
We should worry about EA Origin, they are likely to be a target and man they dont give a damn about us.
AES256 encryption is the same type the gov't uses to share top secret info.
a brute force attack on it would take longer than the universe will exist.
AES256 encryption on Wikipedia is an eye full. Thats some seriously strong stuff.
Your CC info is safe.
a brute force attack on it would take longer than the universe will exist.
AES256 encryption on Wikipedia is an eye full. Thats some seriously strong stuff.
Your CC info is safe.
MacLeod
[H]F Junkie
- Joined
- Jul 28, 2009
- Messages
- 8,280
I've read that elsewhere (I've been scouring everything I can find on encryption the last 24 hours ). Apparently it would take like 150,000 years just to break a 8 character password so the time it would take to break a 16 digit CC number which has 9,999,999,999,999,999 possibilities should be enough to not worry about.
). Apparently it would take like 150,000 years just to break a 8 character password so the time it would take to break a 16 digit CC number which has 9,999,999,999,999,999 possibilities should be enough to not worry about.dioxholster
Gawd
- Joined
- Aug 11, 2010
- Messages
- 801
Steam doesnt use AES-256 encryption, the email saying that was fake: http://i.imgur.com/LW44c.png
i hope they give us an answer.
i hope they give us an answer.
NoEcho
2[H]4U
- Joined
- Aug 14, 2001
- Messages
- 3,250
Steam was never a saint. Valve used the supposed hack of HL2 in pre-beta as the excuse to force people to register with Steam to play the game they'd already paid for. It's become standard since then but it pissed me off no end then and still strikes me as invasive and unjustified.
My policy on all these sites is to lie. In my real life I am pathologically honest but when it comes to websites collecting demographics I try to make sure that no two of them have the same info about me and certainly none of them have my real info. They don't need it, they don't deserve it and they should stay the hell out of our business. That way - amongst many reasons - if the site gets hacked the hackers just have some BS too. GFL skiddies.
Important side note: you can get credit cards for your accounts with any damn name you want. Tigol Bitties? Sure. Let some skiddie from China or Romania - or heck, Pasadena - try to cross check that against your birthday.
My policy on all these sites is to lie. In my real life I am pathologically honest but when it comes to websites collecting demographics I try to make sure that no two of them have the same info about me and certainly none of them have my real info. They don't need it, they don't deserve it and they should stay the hell out of our business. That way - amongst many reasons - if the site gets hacked the hackers just have some BS too. GFL skiddies.
Important side note: you can get credit cards for your accounts with any damn name you want. Tigol Bitties? Sure. Let some skiddie from China or Romania - or heck, Pasadena - try to cross check that against your birthday.
TheOneKnownAsMe
[H]ard|Gawd
- Joined
- Jan 3, 2011
- Messages
- 1,730
Yeah, I read that entire Wiki entry just because of this entire ordeal and... holy shit that's some pretty cool stuff.
Acoustique
Gawd
- Joined
- Nov 1, 2007
- Messages
- 941
can someone explain how encryption works in more simplified terms, i'am very bad at under the more intricate aspects of computers, like coding
Shalafi
Fully [H]
- Joined
- Nov 6, 2009
- Messages
- 22,956
I'm willing to forgive Gabe Newell in exchange for a free copy of Dota 2
dioxholster
Gawd
- Joined
- Aug 11, 2010
- Messages
- 801
No one believes Dota 2 will ever be given free to all steam users.