Since when is vBulletin part of Steam systems? On 9 November 2011 04:07, <gamead...@127001.org> wrote:
> Probably, but I have to assume some people in my community match that > criteria. I also have to hold as a possibility that the attackers were > able > to leverage their exploitation of the forum system into some kind of > possibly-successful intrusion into other parts of the steam system. > > > -----Original Message----- > > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- > > boun...@list.valvesoftware.com] On Behalf Of msleeper > > Sent: 09 November 2011 03:40 > > To: Half-Life dedicated Linux server mailing list > > Subject: Re: [hlds_linux] Valve Security Breach > > > > If you have the same password for your Steam forum account, for your > > Steam login, and for the email address that Steam is tied to (and by > > proxy, the same email address on file on SPUF) then - and I'm just > > gonna say it - you probably deserve to have something bad like this > > happen so you wisen up to better security practices. > > > > On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe <kugr...@gmail.com> > > wrote: > > > And as I said: > > > > > >>> > Steamguard works great if > > >>> > you have different passwords for your steam account and steam > > forums > > > and > > >>> > email, but I still know a lot of users both in gaming areas and > > real > > > life > > >>> > areas that use the same password for everything (despite how much > > I > > >>> > discourage it). > > > > > > If email address have been exposed and passwords have been exposed, > > then > > > all account details for anyone with no password management system > > have been > > > exposed. I don't run a service for computer security professionals - > > I run > > > a service for gamers. Until Valve release details as to the exposure > > of > > > this attack, neither you nor I fully know what credentials are out in > > the > > > wild, so is better to err on the side of caution. > > > > > > On 9 November 2011 02:09, msleeper <mslee...@ismsleeperwrong.com> > > wrote: > > > > > >> As I said: > > >> > > >> > Assuming that your SPUF login and password is the same as your > > Steam > > >> > login and password, 1.) that's not Valve's fault that you are > > >> > literally the worst at the password game, but 2.) it's only a > > problem > > >> > if you are in the 0.001% of people who don't use Steam Guard. > > >> > > >> So unless your "several hundred users" all some how fit both of > > those > > >> profiles, then I don't see what there is to be freaking out about. > > >> > > >> How many of you are aware that the forum is a completely separate > > and > > >> unconnected entity to every other Steam service? > > >> > > >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe <kugr...@gmail.com> > > >> wrote: > > >> > Feel free to suggest a better option. Should I ignore the still > > as yet > > >> > unknown (and unconfirmed by the company) security breach that has > > >> rendered > > >> > a major section of it's website offline for near on two days, or > > warn the > > >> > several hundred of my users that they should look over their > > account and > > >> > security details? > > >> > > > >> > On 9 November 2011 01:45, msleeper <mslee...@ismsleeperwrong.com> > > wrote: > > >> > > > >> >> Yes, panicking and being reactionary is always the best course of > > >> action. > > >> >> > > >> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe > > <kugr...@gmail.com> > > >> >> wrote: > > >> >> > Thinking the worst is the best thing to do in this situation. > > Until > > >> >> Valve > > >> >> > release some indication of what account details (if any) have > > >> >> > been compromised it's easiest to assume all details have been, > > and > > >> advise > > >> >> > all users to look over their account security. Steamguard > > works > > >> great if > > >> >> > you have different passwords for your steam account and steam > > forums > > >> and > > >> >> > email, but I still know a lot of users both in gaming areas and > > real > > >> life > > >> >> > areas that use the same password for everything (despite how > > much I > > >> >> > discourage it). > > >> >> > > > >> >> > Everyone is speculating because Valve have not released any > > details > > >> as to > > >> >> > what has been comprised. After nearly 48 hours that's pretty > > >> >> unacceptable > > >> >> > from a multi-million user company. > > >> >> > > > >> >> > On 9 November 2011 01:19, DontWannaName! > > <ad...@topnotchclan.com> > > >> wrote: > > >> >> > > > >> >> >> I think you are thinking the worst. All someone needs to post > > what > > >> they > > >> >> did > > >> >> >> is access to the VB admin CP which just requires an admin. My > > guess > > >> is > > >> >> it > > >> >> >> isnt as bad as people are making it out to be and right now > > everyone > > >> is > > >> >> >> speculating the worst. Just chill.... > > >> >> >> > > >> >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe > > <kugr...@gmail.com> > > >> >> >> wrote: > > >> >> >> > > >> >> >> > Correct, but where else should it be posted? On the forums > > maybe? > > >> >> It's > > >> >> >> > been nearly two days, and still no official press release. > > A few > > >> >> people > > >> >> >> > have reported receiving spam emails and I've seen > > unconfirmed > > >> reports > > >> >> of > > >> >> >> > password databases being leaked. > > >> >> >> > I don't have much doubt that most people on this list have > > good > > >> >> password > > >> >> >> > management, but I'm sure there's still millions of forums > > users > > >> >> unaware > > >> >> >> > that any hack happened, or if they are aware, how it may > > have > > >> effected > > >> >> >> > them. > > >> >> >> > > > >> >> >> > On 8 November 2011 20:05, msleeper > > <mslee...@ismsleeperwrong.com> > > >> >> wrote: > > >> >> >> > > > >> >> >> > > This is not relevant to server administration. > > >> >> >> > > > > >> >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob > > <ad...@m33crob.com> > > >> wrote: > > >> >> >> > > > Hello Valve, > > >> >> >> > > > > > >> >> >> > > > I'd like to request notification via these mailing > > lists > > >> once/if > > >> >> >> Valve > > >> >> >> > > > makes a statement about todays security breach and > > subsequent > > >> >> >> downtime. > > >> >> >> > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> > > >> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible- > > hacker-attack/ > > >> >> >> > > > _______________________________________________ > > >> >> >> > > > To unsubscribe, edit your list preferences, or view the > > list > > >> >> >> archives, > > >> >> >> > > please visit: > > >> >> >> > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > _______________________________________________ > > >> >> >> > > To unsubscribe, edit your list preferences, or view the > > list > > >> >> archives, > > >> >> >> > > please visit: > > >> >> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> >> > > > > >> >> >> > _______________________________________________ > > >> >> >> > To unsubscribe, edit your list preferences, or view the list > > >> archives, > > >> >> >> > please visit: > > >> >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> >> > > > >> >> >> _______________________________________________ > > >> >> >> To unsubscribe, edit your list preferences, or view the list > > >> archives, > > >> >> >> please visit: > > >> >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> >> > > >> >> > _______________________________________________ > > >> >> > To unsubscribe, edit your list preferences, or view the list > > archives, > > >> >> please visit: > > >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> > > > >> >> > > >> >> _______________________________________________ > > >> >> To unsubscribe, edit your list preferences, or view the list > > archives, > > >> >> please visit: > > >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> >> > > >> > _______________________________________________ > > >> > To unsubscribe, edit your list preferences, or view the list > > archives, > > >> please visit: > > >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> > > > >> > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list > > archives, > > >> please visit: > > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list > > archives, please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux