Steam does it again

[Schu]

Exactly.

I mean come on, they release an up-date that totally screwed up at least 3 older games that I know of
(VtM:Bloodlines, Titan Quest and FEAR), then came the complaints and the work arounds, including
the mention of no-cd hacks to fix the issue. Then they suddenly get their forums hacked (ain't that just
a little too convenient), so they shut down the forums to supposedly find out how, and see what
damage has been done?

Huh, yeah right. I dont think so, or Steam would be down too, and it's not.

They just want to prevent any further communication about how they fucked people and how to get
around it. Though it is possible that a pissed off customer found a way to put that message in the
reader board, but I dont remember seeing it.

[Schu]

Oh man, Steam is trying to blow smoke up peoples ass's 

They are claiming that they got hacked and information was compromised, yet the Steam service
was never shut down, not even for an hour, but the forums were down for days. They aren't even
telling people to change their passwords except for the forums. No emails, nothing, are they fucking
stupid or just think people will buy their bullshit. If you have a Steam account, you better protect
yourself, by pulling everything they have on you, CC numbers, Address, name, everything. Then dump
it all together.

[Ratcatcher]

Steam is trying to blow Steam up peoples ass's

Fixed that for you. 

[Seige911]

Figure you might find this of interest.

Yesterday, on November 10, 2011, the following message was sent to all users via a Steam message.

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Now for my two cents somewhat knowing what encryption is actually is on the credit card info (which by the way has to be done or the CC companies will not do business with you.. wow CISSP certification actually came in handy).  The credit card information should be safe as the encryption on that can only be broken in polynomial time, pretty much meaning it will be hundreds if not thousands of years.  In all honesty you face a bigger threat having your credit card swiped at a restaurant as they tend to use the Aloha System.  In my experience most managers are not IT guys nor do they keep these machines patched because you know they do not have a web browser and that is like the only way you can get hacked *sarcasm*, even though they do have an internet connection to process the payments.   

As for the forum passwords Steam did a much much better job than Sony, password salts make the polynomial time task of breaking hashes take even longer.  So provided you have a strong password odds are they were not broken as well.. at least not in the next few years.  Additionally, most corporations put views on databases, which determine what a particular person can see on a database.  For instance a HR person would see all PII like social security number etc, while a manager would simply see the persons first and last name.. all being read from the same database.  If they kept audit logs (which any system admin who is worth anything will do) then they should know which account accessed what, and more importantly what that account is allowed to view.  So for instance if they get some maintenance account that can only view the hashes, they can be sure that only that was viewed.. instead of if they got full root and were able to see everything.  Additionally, it seems to me Steam takes security a bit more seriously than Sony, all the mutual authentication, additional verifications etc that I have seen would denote that.

Now in contrast with what happened with Sony.  It took Sony 9 days to respond to the 4 of Steam.  Sony did not have salted passwords Steam did.  Sony's personal information was not encrypted unknown with Steam.  Sony just fired some security specialist before the hack, Steam has yet to fire anyone in the security field yet.  Sony was then hacked an additional 3 times later (other various services), Steam's additional services have yet to be hacked.  Sony amended their ToS in a stealth PSN update to retroactively prevent people from filing class action lawsuits against them and instead forces them into arbitration ( there are class action lawsuits against them however... so glad I did not take that update http://www.gamerslawsuit.com/lawsuit.html ), Steam has yet to do so. 

All and all I would have to say Steams response and security compared to Sony has been much better.  Quicker dis-closer, better password security, and lack of trampling peoples rights (at least for now...).  While I am not endorsing Steam, I am simply pointing out that they are no Sony.  Additionally, there is no such thing as a hacker proof system, Stuxnet and Duqu prove that even machines not connected to a network are vulnerable.  One can simply deter attackers, as a well funded, motivated person(s) who wants to gain entry to your network inevitably will. 

I await to see how this story continues to unfold.

[Schu]

I think you're missing the point.

This all started with Steam releasing an up-date that fucked up some older games. That up-date made those
games unplayable, and made it so you can not shut off automatic updates. Well within hours of that up-date
people went to the forums to complain and to find a way to fix the issue, then all of a sudden their forums get
defaced and shut down.

Yet the steam service itself never got shut down once. Now if this was a real attack, they would have shut down
the Steam service (even for a day) to check for corruption and any possible damage, along with making sure that
nothing was stolen as well as verifying accounts were intact. Then possibly sending out emails to explain why their
servers are down.

Now I do agree that the steam service is one of the most secure, but that does not excuse their lying to us, or not
sending out emails. They either learned nothing from the other attacks like what happened to Sony, or they are pulling
a con job to convince their "fanboy's" that they are the best.

[Kyon]

These days I am very happy because I hate Steam and they shitty forums are hacked . This is very good hacking . Thanks goes to the brillant hackers

[Tessera]

Well, none of this shit matters to me... because I don't have Steam installed on my computer anymore. Nor will I -ever- have Steam installed on my computer in the future.

Steam is a bullshit service... administered by grimy, greedy little sleazeballs, who behave exactly the same as every other corporation does these days: smug, selfish, intractable, amoral and dictatorial.

There have been numerous protests against corporate greed all over the USA and Europe lately. Occupy Wall Street would be one such example. Well, the very best thing that all of us can do to support that fight is to cancel as many of our subscriptions as possible. That would include Steam, WoW, and anything else of that nature.

You don't need Steam. You don't need to pay for WoW, either. You can get all of those games (and many more) for FREE, if you know where to look for them (HINT: TPB). You can play WoW for free, on emulated servers. You can play EQ for free too... likewise on emulated servers.

In short, you can punish the gaming industry for its long history of broken products, forced consumerism, draconian DRM schemes, bait-and-switch tactics, shitty console-to-PC ports, dumbed down and censored games (eg: Age Of Conan), lies, deceit, poor customer service and every other transgression on their parts... BY NOT GIVING THEM ANY MORE OF YOUR MONEY.

Download your games and play them for free. Cancel your subscriptions to online games and online gaming services. Encourage all of your friends to do the same.

If corporate greed needs to be punished, then the gaming industry is certainly no exception. So let's all do our part and hit the big gaming publishers where it hurts them the most: in their wallets.