Re: [hlds_linux] Valve Security Breach

[Bacon Cat]

At least they didn't pull a Sony.

On Fri, Nov 11, 2011 at 3:38 PM, Eric Riemers  wrote:

>
> mistakes happen, valve is only human too. Lets keep the list back to server
> administration again..
>
> On Fri, 11 Nov 2011 23:13:38 +0800, "dmex"  wrote:
> > What is there to 'clear up', they did gain access to the steam database.
> >
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com
> > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael
> > Johansen
> > Sent: Friday, 11 November 2011 11:10 PM
> > To: hlds_linux@list.valvesoftware.com
> > Subject: Re: [hlds_linux] Valve Security Breach
> >
> >
> > The Norwegian newspaper "VG" announced that VALVE had been compromised
> and
> > that they gained access to the master-Steam database, where everything is
> > stored.http://www.vg.no/spill/artikkel.php?artid=10015971
> > Anyone clear this up?
> >
> >> Date: Fri, 11 Nov 2011 04:50:43 +0200
> >> From: i...@ics-base.net
> >> To: hlds_linux@list.valvesoftware.com
> >> Subject: Re: [hlds_linux] Valve Security Breach
> >>
> >> If you do a lot of Steam purchases, it's a conviniency issue. Few
> >> clicks and you are done. After entering the stuff 360 times you really
> >> rethink twice but being security paranoid, you don't fill anything in.
> >> Steam however still has your account information that you entered on
> >> first time creating account. Only the credit cart part will not be on
> >> record, except for past purchases so it's still there even if you do
> >> not leave it there to be ready.
> >>
> >> I'm but surprised that if the Steam database was compromised, why is
> >> the Steam service still running? No one said that the hole is fixed or
> >> whatever method that was being used is now blocked.
> >>
> >> -ics
> >>
> >> 11.11.2011 4:22, Chris Brunelle kirjoitti:
> >> > Seriously, who the hell fills all that information in?
> >> >
> >> > On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
> >> >
> >> >> Don't worry, He'll be fine after his nappy gets changed  ;)
> >> >>
> >> >> I am a bit annoyed Gabe didn't mention all the unencrypted personal
> >> >> information stored on the same Steam database the hackers now have,
> >> >> It's more than enough to pull off really good social
> >> >> engineering/phishing attacks and maybe even some ID theft.
> >> >>
> >> >> At minimum your Steam account contains the following unencrypted
> >> >> personal
> >> >> details:
> >> >> First&  Last name, Date of birth, Billing address, City, State,
> >> >> Zipcode, Country and telephone number.
> >> >>
> >> >> -Original Message-
> >> >> From: hlds_linux-boun...@list.valvesoftware.com
> >> >> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of
> >> >> msleeper
> >> >> Sent: Friday, 11 November 2011 8:59 AM
> >> >> To: Half-Life dedicated Linux server mailing list
> >> >> Subject: Re: [hlds_linux] Valve Security Breach
> >> >>
> >> >> Never has a more irrational or reactionary mail been posted to this
> > list.
> >> >>
> >> >> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> >> >>> On 10/11/2011 23:55, DontWannaName! wrote:
> >> >>>> If you haven't noticed, most credit card companies have very good
> >> >>>> fraud prevention now. What's the worst they can do? I mean it's
> >> >>>> bad, but really not the end of the world. You guys are just
> >> >>>> causing unneeded drama about an issue that they are handling
> > internally.
> >> >>> It's not the end of the world, no. That was May 21st. And again in
> >> >> October.
> >> >>> The end of the world I can handle, I've lived through enough, but
> >> >>> it is the end of steam as a viable service I can trust.
> >> >>>
> >> >>> It wasn't that long ago Gabe was giving away his password with a
> >> >>> kind of "hack me if you can" bravado to advertise Steam Guard (and
> >> >>> clearly from myriad internet posts many think Steam is secure
> >> >>> be

Re: [hlds_linux] Valve Security Breach

[Eric Riemers]

mistakes happen, valve is only human too. Lets keep the list back to server
administration again..

On Fri, 11 Nov 2011 23:13:38 +0800, "dmex"  wrote:
> What is there to 'clear up', they did gain access to the steam database.
> 
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael
> Johansen
> Sent: Friday, 11 November 2011 11:10 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> 
> The Norwegian newspaper "VG" announced that VALVE had been compromised
and
> that they gained access to the master-Steam database, where everything is
> stored.http://www.vg.no/spill/artikkel.php?artid=10015971
> Anyone clear this up?
> 
>> Date: Fri, 11 Nov 2011 04:50:43 +0200
>> From: i...@ics-base.net
>> To: hlds_linux@list.valvesoftware.com
>> Subject: Re: [hlds_linux] Valve Security Breach
>> 
>> If you do a lot of Steam purchases, it's a conviniency issue. Few 
>> clicks and you are done. After entering the stuff 360 times you really 
>> rethink twice but being security paranoid, you don't fill anything in. 
>> Steam however still has your account information that you entered on 
>> first time creating account. Only the credit cart part will not be on 
>> record, except for past purchases so it's still there even if you do 
>> not leave it there to be ready.
>> 
>> I'm but surprised that if the Steam database was compromised, why is 
>> the Steam service still running? No one said that the hole is fixed or 
>> whatever method that was being used is now blocked.
>> 
>> -ics
>> 
>> 11.11.2011 4:22, Chris Brunelle kirjoitti:
>> > Seriously, who the hell fills all that information in?
>> >
>> > On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
>> >
>> >> Don't worry, He'll be fine after his nappy gets changed  ;)
>> >>
>> >> I am a bit annoyed Gabe didn't mention all the unencrypted personal 
>> >> information stored on the same Steam database the hackers now have, 
>> >> It's more than enough to pull off really good social 
>> >> engineering/phishing attacks and maybe even some ID theft.
>> >>
>> >> At minimum your Steam account contains the following unencrypted 
>> >> personal
>> >> details:
>> >> First&  Last name, Date of birth, Billing address, City, State, 
>> >> Zipcode, Country and telephone number.
>> >>
>> >> -Original Message-
>> >> From: hlds_linux-boun...@list.valvesoftware.com
>> >> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of 
>> >> msleeper
>> >> Sent: Friday, 11 November 2011 8:59 AM
>> >> To: Half-Life dedicated Linux server mailing list
>> >> Subject: Re: [hlds_linux] Valve Security Breach
>> >>
>> >> Never has a more irrational or reactionary mail been posted to this
> list.
>> >>
>> >> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
>> >>> On 10/11/2011 23:55, DontWannaName! wrote:
>> >>>> If you haven't noticed, most credit card companies have very good 
>> >>>> fraud prevention now. What's the worst they can do? I mean it's 
>> >>>> bad, but really not the end of the world. You guys are just 
>> >>>> causing unneeded drama about an issue that they are handling
> internally.
>> >>> It's not the end of the world, no. That was May 21st. And again in
>> >> October.
>> >>> The end of the world I can handle, I've lived through enough, but 
>> >>> it is the end of steam as a viable service I can trust.
>> >>>
>> >>> It wasn't that long ago Gabe was giving away his password with a 
>> >>> kind of "hack me if you can" bravado to advertise Steam Guard (and 
>> >>> clearly from myriad internet posts many think Steam is secure 
>> >>> because of it)
>> >>>
>> >>> But it isn't.
>> >>>
>> >>> There's only one game dev / publisher that has a database that has 
>> >>> my name, address, CC info and anything of value attached to it.
>> >>> That one is Steam.
>> >>>
>> >>> So, one by one, as other developers have been hacked, I've been 
>> >>> thinking "At least it's not 

Re: [hlds_linux] Valve Security Breach

[dmex]

What is there to 'clear up', they did gain access to the steam database.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael
Johansen
Sent: Friday, 11 November 2011 11:10 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Valve Security Breach


The Norwegian newspaper "VG" announced that VALVE had been compromised and
that they gained access to the master-Steam database, where everything is
stored.http://www.vg.no/spill/artikkel.php?artid=10015971
Anyone clear this up?

> Date: Fri, 11 Nov 2011 04:50:43 +0200
> From: i...@ics-base.net
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> If you do a lot of Steam purchases, it's a conviniency issue. Few 
> clicks and you are done. After entering the stuff 360 times you really 
> rethink twice but being security paranoid, you don't fill anything in. 
> Steam however still has your account information that you entered on 
> first time creating account. Only the credit cart part will not be on 
> record, except for past purchases so it's still there even if you do 
> not leave it there to be ready.
> 
> I'm but surprised that if the Steam database was compromised, why is 
> the Steam service still running? No one said that the hole is fixed or 
> whatever method that was being used is now blocked.
> 
> -ics
> 
> 11.11.2011 4:22, Chris Brunelle kirjoitti:
> > Seriously, who the hell fills all that information in?
> >
> > On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
> >
> >> Don't worry, He'll be fine after his nappy gets changed  ;)
> >>
> >> I am a bit annoyed Gabe didn't mention all the unencrypted personal 
> >> information stored on the same Steam database the hackers now have, 
> >> It's more than enough to pull off really good social 
> >> engineering/phishing attacks and maybe even some ID theft.
> >>
> >> At minimum your Steam account contains the following unencrypted 
> >> personal
> >> details:
> >> First&  Last name, Date of birth, Billing address, City, State, 
> >> Zipcode, Country and telephone number.
> >>
> >> -Original Message-
> >> From: hlds_linux-boun...@list.valvesoftware.com
> >> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of 
> >> msleeper
> >> Sent: Friday, 11 November 2011 8:59 AM
> >> To: Half-Life dedicated Linux server mailing list
> >> Subject: Re: [hlds_linux] Valve Security Breach
> >>
> >> Never has a more irrational or reactionary mail been posted to this
list.
> >>
> >> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> >>> On 10/11/2011 23:55, DontWannaName! wrote:
> >>>> If you haven't noticed, most credit card companies have very good 
> >>>> fraud prevention now. What's the worst they can do? I mean it's 
> >>>> bad, but really not the end of the world. You guys are just 
> >>>> causing unneeded drama about an issue that they are handling
internally.
> >>> It's not the end of the world, no. That was May 21st. And again in
> >> October.
> >>> The end of the world I can handle, I've lived through enough, but 
> >>> it is the end of steam as a viable service I can trust.
> >>>
> >>> It wasn't that long ago Gabe was giving away his password with a 
> >>> kind of "hack me if you can" bravado to advertise Steam Guard (and 
> >>> clearly from myriad internet posts many think Steam is secure 
> >>> because of it)
> >>>
> >>> But it isn't.
> >>>
> >>> There's only one game dev / publisher that has a database that has 
> >>> my name, address, CC info and anything of value attached to it.
> >>> That one is Steam.
> >>>
> >>> So, one by one, as other developers have been hacked, I've been 
> >>> thinking "At least it's not steam, if they get that, I'm outta here"
> >>>
> >>> But I see nowhere to go forwards. Gabe's "we'll reopen the forums 
> >>> asap" I find almost unbelievably trite as though he's hoping so 
> >>> long as we can argue about how overpowered the heavy is/isn't next 
> >>> week we'll carry on regardless as though nothing happened :/
> >>>
> >>> The way I see it, either Valve were incompetent (unlikely since 
>

Re: [hlds_linux] Valve Security Breach

[Michael Johansen]

The Norwegian newspaper "VG" announced that VALVE had been compromised and that 
they gained access to the master-Steam database, where everything is 
stored.http://www.vg.no/spill/artikkel.php?artid=10015971
Anyone clear this up?

> Date: Fri, 11 Nov 2011 04:50:43 +0200
> From: i...@ics-base.net
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> If you do a lot of Steam purchases, it's a conviniency issue. Few clicks 
> and you are done. After entering the stuff 360 times you really rethink 
> twice but being security paranoid, you don't fill anything in. Steam 
> however still has your account information that you entered on first 
> time creating account. Only the credit cart part will not be on record, 
> except for past purchases so it's still there even if you do not leave 
> it there to be ready.
> 
> I'm but surprised that if the Steam database was compromised, why is the 
> Steam service still running? No one said that the hole is fixed or 
> whatever method that was being used is now blocked.
> 
> -ics
> 
> 11.11.2011 4:22, Chris Brunelle kirjoitti:
> > Seriously, who the hell fills all that information in?
> >
> > On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
> >
> >> Don't worry, He'll be fine after his nappy gets changed  ;)
> >>
> >> I am a bit annoyed Gabe didn't mention all the unencrypted personal
> >> information stored on the same Steam database the hackers now have, It's
> >> more than enough to pull off really good social engineering/phishing
> >> attacks
> >> and maybe even some ID theft.
> >>
> >> At minimum your Steam account contains the following unencrypted personal
> >> details:
> >> First&  Last name, Date of birth, Billing address, City, State, Zipcode,
> >> Country and telephone number.
> >>
> >> -Original Message-----
> >> From: hlds_linux-boun...@list.valvesoftware.com
> >> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
> >> Sent: Friday, 11 November 2011 8:59 AM
> >> To: Half-Life dedicated Linux server mailing list
> >> Subject: Re: [hlds_linux] Valve Security Breach
> >>
> >> Never has a more irrational or reactionary mail been posted to this list.
> >>
> >> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> >>> On 10/11/2011 23:55, DontWannaName! wrote:
> >>>> If you haven't noticed, most credit card companies have very good
> >>>> fraud prevention now. What's the worst they can do? I mean it's bad,
> >>>> but really not the end of the world. You guys are just causing
> >>>> unneeded drama about an issue that they are handling internally.
> >>> It's not the end of the world, no. That was May 21st. And again in
> >> October.
> >>> The end of the world I can handle, I've lived through enough, but it
> >>> is the end of steam as a viable service I can trust.
> >>>
> >>> It wasn't that long ago Gabe was giving away his password with a kind
> >>> of "hack me if you can" bravado to advertise Steam Guard (and clearly
> >>> from myriad internet posts many think Steam is secure because of it)
> >>>
> >>> But it isn't.
> >>>
> >>> There's only one game dev / publisher that has a database that has my
> >>> name, address, CC info and anything of value attached to it.
> >>> That one is Steam.
> >>>
> >>> So, one by one, as other developers have been hacked, I've been
> >>> thinking "At least it's not steam, if they get that, I'm outta here"
> >>>
> >>> But I see nowhere to go forwards. Gabe's "we'll reopen the forums
> >>> asap" I find almost unbelievably trite as though he's hoping so long
> >>> as we can argue about how overpowered the heavy is/isn't next week
> >>> we'll carry on regardless as though nothing happened :/
> >>>
> >>> The way I see it, either Valve were incompetent (unlikely since I'm
> >>> sure Gabe said in interview they'd looked at their systems after the
> >>> other companies were hacked like Sony and so on) or you cannot secure
> >>> a system no matter how competent you are.
> >>>
> >>> Either way, I may as well just take cash to the store or find a
> >>> different hobby.
> >>> If I get mugged on the w

Re: [hlds_linux] Valve Security Breach

[Saint K .]

This a serious question??

From: hlds_linux-boun...@list.valvesoftware.com 
[hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob 
[ad...@m33crob.com]
Sent: 11 November 2011 10:28
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

Hey VALVe,

Why isn't there an option of resetting ones' password outside of the Steam
client itself?

On Thu, Nov 10, 2011 at 7:50 PM, ics  wrote:

> If you do a lot of Steam purchases, it's a conviniency issue. Few clicks
> and you are done. After entering the stuff 360 times you really rethink
> twice but being security paranoid, you don't fill anything in. Steam
> however still has your account information that you entered on first time
> creating account. Only the credit cart part will not be on record, except
> for past purchases so it's still there even if you do not leave it there to
> be ready.
>
> I'm but surprised that if the Steam database was compromised, why is the
> Steam service still running? No one said that the hole is fixed or whatever
> method that was being used is now blocked.
>
> -ics
>
> 11.11.2011 4:22, Chris Brunelle kirjoitti:
>
>> Seriously, who the hell fills all that information in?
>>
>> On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
>>
>>  Don't worry, He'll be fine after his nappy gets changed  ;)
>>>
>>> I am a bit annoyed Gabe didn't mention all the unencrypted personal
>>> information stored on the same Steam database the hackers now have, It's
>>> more than enough to pull off really good social engineering/phishing
>>> attacks
>>> and maybe even some ID theft.
>>>
>>> At minimum your Steam account contains the following unencrypted personal
>>> details:
>>> First&  Last name, Date of birth, Billing address, City, State, Zipcode,
>>>
>>> Country and telephone number.
>>>
>>> -Original Message-
>>> From: 
>>> hlds_linux-bounces@list.**valvesoftware.com
>>> [mailto:hlds_linux-bounces@**list.valvesoftware.com]
>>> On Behalf Of msleeper
>>> Sent: Friday, 11 November 2011 8:59 AM
>>> To: Half-Life dedicated Linux server mailing list
>>> Subject: Re: [hlds_linux] Valve Security Breach
>>>
>>> Never has a more irrational or reactionary mail been posted to this list.
>>>
>>> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
>>>
>>>> On 10/11/2011 23:55, DontWannaName! wrote:
>>>>
>>>>> If you haven't noticed, most credit card companies have very good
>>>>> fraud prevention now. What's the worst they can do? I mean it's bad,
>>>>> but really not the end of the world. You guys are just causing
>>>>> unneeded drama about an issue that they are handling internally.
>>>>>
>>>> It's not the end of the world, no. That was May 21st. And again in
>>>>
>>> October.
>>>
>>>> The end of the world I can handle, I've lived through enough, but it
>>>> is the end of steam as a viable service I can trust.
>>>>
>>>> It wasn't that long ago Gabe was giving away his password with a kind
>>>> of "hack me if you can" bravado to advertise Steam Guard (and clearly
>>>> from myriad internet posts many think Steam is secure because of it)
>>>>
>>>> But it isn't.
>>>>
>>>> There's only one game dev / publisher that has a database that has my
>>>> name, address, CC info and anything of value attached to it.
>>>> That one is Steam.
>>>>
>>>> So, one by one, as other developers have been hacked, I've been
>>>> thinking "At least it's not steam, if they get that, I'm outta here"
>>>>
>>>> But I see nowhere to go forwards. Gabe's "we'll reopen the forums
>>>> asap" I find almost unbelievably trite as though he's hoping so long
>>>> as we can argue about how overpowered the heavy is/isn't next week
>>>> we'll carry on regardless as though nothing happened :/
>>>>
>>>> The way I see it, either Valve were incompetent (unlikely since I'm
>>>> sure Gabe said in interview they'd looked at their systems after the
>>>> other companies were hacked like Sony and so on) or you cannot secure
>>>> a system no matter how competent you are.
>>>>
>>>> Either way, I

Re: [hlds_linux] Valve Security Breach

[gameadmin]

Just to clarify, unless you told valve to save your payment information, your 
full credit card details should NOT be there, even encrypted. storing anything 
more than card type and a few digits for past transactions is a big no-no from 
a credit card compliance point of view.

ics  wrote:

If you do a lot of Steam purchases, it's a conviniency issue. Few clicks 
and you are done. After entering the stuff 360 times you really rethink 
twice but being security paranoid, you don't fill anything in. Steam 
however still has your account information that you entered on first 
time creating account. Only the credit cart part will not be on record, 
except for past purchases so it's still there even if you do not leave 
it there to be ready.

I'm but surprised that if the Steam database was compromised, why is the 
Steam service still running? No one said that the hole is fixed or 
whatever method that was being used is now blocked.

-ics

11.11.2011 4:22, Chris Brunelle kirjoitti:
> Seriously, who the hell fills all that information in?
>
> On Thu, Nov 10, 2011 at 6:26 PM, dmex wrote:
>
>> Don't worry, He'll be fine after his nappy gets changed ;)
>>
>> I am a bit annoyed Gabe didn't mention all the unencrypted personal
>> information stored on the same Steam database the hackers now have, It's
>> more than enough to pull off really good social engineering/phishing
>> attacks
>> and maybe even some ID theft.
>>
>> At minimum your Steam account contains the following unencrypted personal
>> details:
>> First& Last name, Date of birth, Billing address, City, State, Zipcode,
>> Country and telephone number.
>>
>> -Original Message-
>> From: hlds_linux-boun...@list.valvesoftware.com
>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
>> Sent: Friday, 11 November 2011 8:59 AM
>> To: Half-Life dedicated Linux server mailing list
>> Subject: Re: [hlds_linux] Valve Security Breach
>>
>> Never has a more irrational or reactionary mail been posted to this list.
>>
>> On Thu, Nov 10, 2011 at 7:52 PM, Dan wrote:
>>> On 10/11/2011 23:55, DontWannaName! wrote:
>>>> If you haven't noticed, most credit card companies have very good
>>>> fraud prevention now. What's the worst they can do? I mean it's bad,
>>>> but really not the end of the world. You guys are just causing
>>>> unneeded drama about an issue that they are handling internally.
>>> It's not the end of the world, no. That was May 21st. And again in
>> October.
>>> The end of the world I can handle, I've lived through enough, but it
>>> is the end of steam as a viable service I can trust.
>>>
>>> It wasn't that long ago Gabe was giving away his password with a kind
>>> of "hack me if you can" bravado to advertise Steam Guard (and clearly
>>> from myriad internet posts many think Steam is secure because of it)
>>>
>>> But it isn't.
>>>
>>> There's only one game dev / publisher that has a database that has my
>>> name, address, CC info and anything of value attached to it.
>>> That one is Steam.
>>>
>>> So, one by one, as other developers have been hacked, I've been
>>> thinking "At least it's not steam, if they get that, I'm outta here"
>>>
>>> But I see nowhere to go forwards. Gabe's "we'll reopen the forums
>>> asap" I find almost unbelievably trite as though he's hoping so long
>>> as we can argue about how overpowered the heavy is/isn't next week
>>> we'll carry on regardless as though nothing happened :/
>>>
>>> The way I see it, either Valve were incompetent (unlikely since I'm
>>> sure Gabe said in interview they'd looked at their systems after the
>>> other companies were hacked like Sony and so on) or you cannot secure
>>> a system no matter how competent you are.
>>>
>>> Either way, I may as well just take cash to the store or find a
>>> different hobby.
>>> If I get mugged on the way there or back, at least I might get a
>>> description of who did it.
>>>
>>> --
>>> Dan
>>>
>>>_

>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>_

>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>_

>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>


_

To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[m33crob]

Hey VALVe,

Why isn't there an option of resetting ones' password outside of the Steam
client itself?

On Thu, Nov 10, 2011 at 7:50 PM, ics  wrote:

> If you do a lot of Steam purchases, it's a conviniency issue. Few clicks
> and you are done. After entering the stuff 360 times you really rethink
> twice but being security paranoid, you don't fill anything in. Steam
> however still has your account information that you entered on first time
> creating account. Only the credit cart part will not be on record, except
> for past purchases so it's still there even if you do not leave it there to
> be ready.
>
> I'm but surprised that if the Steam database was compromised, why is the
> Steam service still running? No one said that the hole is fixed or whatever
> method that was being used is now blocked.
>
> -ics
>
> 11.11.2011 4:22, Chris Brunelle kirjoitti:
>
>> Seriously, who the hell fills all that information in?
>>
>> On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:
>>
>>  Don't worry, He'll be fine after his nappy gets changed  ;)
>>>
>>> I am a bit annoyed Gabe didn't mention all the unencrypted personal
>>> information stored on the same Steam database the hackers now have, It's
>>> more than enough to pull off really good social engineering/phishing
>>> attacks
>>> and maybe even some ID theft.
>>>
>>> At minimum your Steam account contains the following unencrypted personal
>>> details:
>>> First&  Last name, Date of birth, Billing address, City, State, Zipcode,
>>>
>>> Country and telephone number.
>>>
>>> -Original Message-
>>> From: 
>>> hlds_linux-bounces@list.**valvesoftware.com
>>> [mailto:hlds_linux-bounces@**list.valvesoftware.com]
>>> On Behalf Of msleeper
>>> Sent: Friday, 11 November 2011 8:59 AM
>>> To: Half-Life dedicated Linux server mailing list
>>> Subject: Re: [hlds_linux] Valve Security Breach
>>>
>>> Never has a more irrational or reactionary mail been posted to this list.
>>>
>>> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
>>>
>>>> On 10/11/2011 23:55, DontWannaName! wrote:
>>>>
>>>>> If you haven't noticed, most credit card companies have very good
>>>>> fraud prevention now. What's the worst they can do? I mean it's bad,
>>>>> but really not the end of the world. You guys are just causing
>>>>> unneeded drama about an issue that they are handling internally.
>>>>>
>>>> It's not the end of the world, no. That was May 21st. And again in
>>>>
>>> October.
>>>
>>>> The end of the world I can handle, I've lived through enough, but it
>>>> is the end of steam as a viable service I can trust.
>>>>
>>>> It wasn't that long ago Gabe was giving away his password with a kind
>>>> of "hack me if you can" bravado to advertise Steam Guard (and clearly
>>>> from myriad internet posts many think Steam is secure because of it)
>>>>
>>>> But it isn't.
>>>>
>>>> There's only one game dev / publisher that has a database that has my
>>>> name, address, CC info and anything of value attached to it.
>>>> That one is Steam.
>>>>
>>>> So, one by one, as other developers have been hacked, I've been
>>>> thinking "At least it's not steam, if they get that, I'm outta here"
>>>>
>>>> But I see nowhere to go forwards. Gabe's "we'll reopen the forums
>>>> asap" I find almost unbelievably trite as though he's hoping so long
>>>> as we can argue about how overpowered the heavy is/isn't next week
>>>> we'll carry on regardless as though nothing happened :/
>>>>
>>>> The way I see it, either Valve were incompetent (unlikely since I'm
>>>> sure Gabe said in interview they'd looked at their systems after the
>>>> other companies were hacked like Sony and so on) or you cannot secure
>>>> a system no matter how competent you are.
>>>>
>>>> Either way, I may as well just take cash to the store or find a
>>>> different hobby.
>>>> If I get mugged on the way there or back, at least I might get a
>>>> description of who did it.
>>>>
>>>> --
>>>> Dan
>>>>
>>>> _

Re: [hlds_linux] Valve Security Breach

[ics]

If you do a lot of Steam purchases, it's a conviniency issue. Few clicks 
and you are done. After entering the stuff 360 times you really rethink 
twice but being security paranoid, you don't fill anything in. Steam 
however still has your account information that you entered on first 
time creating account. Only the credit cart part will not be on record, 
except for past purchases so it's still there even if you do not leave 
it there to be ready.


I'm but surprised that if the Steam database was compromised, why is the 
Steam service still running? No one said that the hole is fixed or 
whatever method that was being used is now blocked.


-ics

11.11.2011 4:22, Chris Brunelle kirjoitti:

Seriously, who the hell fills all that information in?

On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:


Don't worry, He'll be fine after his nappy gets changed  ;)

I am a bit annoyed Gabe didn't mention all the unencrypted personal
information stored on the same Steam database the hackers now have, It's
more than enough to pull off really good social engineering/phishing
attacks
and maybe even some ID theft.

At minimum your Steam account contains the following unencrypted personal
details:
First&  Last name, Date of birth, Billing address, City, State, Zipcode,
Country and telephone number.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
Sent: Friday, 11 November 2011 8:59 AM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

Never has a more irrational or reactionary mail been posted to this list.

On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:

On 10/11/2011 23:55, DontWannaName! wrote:

If you haven't noticed, most credit card companies have very good
fraud prevention now. What's the worst they can do? I mean it's bad,
but really not the end of the world. You guys are just causing
unneeded drama about an issue that they are handling internally.

It's not the end of the world, no. That was May 21st. And again in

October.

The end of the world I can handle, I've lived through enough, but it
is the end of steam as a viable service I can trust.

It wasn't that long ago Gabe was giving away his password with a kind
of "hack me if you can" bravado to advertise Steam Guard (and clearly
from myriad internet posts many think Steam is secure because of it)

But it isn't.

There's only one game dev / publisher that has a database that has my
name, address, CC info and anything of value attached to it.
That one is Steam.

So, one by one, as other developers have been hacked, I've been
thinking "At least it's not steam, if they get that, I'm outta here"

But I see nowhere to go forwards. Gabe's "we'll reopen the forums
asap" I find almost unbelievably trite as though he's hoping so long
as we can argue about how overpowered the heavy is/isn't next week
we'll carry on regardless as though nothing happened :/

The way I see it, either Valve were incompetent (unlikely since I'm
sure Gabe said in interview they'd looked at their systems after the
other companies were hacked like Sony and so on) or you cannot secure
a system no matter how competent you are.

Either way, I may as well just take cash to the store or find a
different hobby.
If I get mugged on the way there or back, at least I might get a
description of who did it.

--
Dan

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux







___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Chris Brunelle]

Seriously, who the hell fills all that information in?

On Thu, Nov 10, 2011 at 6:26 PM, dmex  wrote:

> Don't worry, He'll be fine after his nappy gets changed  ;)
>
> I am a bit annoyed Gabe didn't mention all the unencrypted personal
> information stored on the same Steam database the hackers now have, It's
> more than enough to pull off really good social engineering/phishing
> attacks
> and maybe even some ID theft.
>
> At minimum your Steam account contains the following unencrypted personal
> details:
> First & Last name, Date of birth, Billing address, City, State, Zipcode,
> Country and telephone number.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
> Sent: Friday, 11 November 2011 8:59 AM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Never has a more irrational or reactionary mail been posted to this list.
>
> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> > On 10/11/2011 23:55, DontWannaName! wrote:
> >>
> >> If you haven't noticed, most credit card companies have very good
> >> fraud prevention now. What's the worst they can do? I mean it's bad,
> >> but really not the end of the world. You guys are just causing
> >> unneeded drama about an issue that they are handling internally.
> >
> > It's not the end of the world, no. That was May 21st. And again in
> October.
> >
> > The end of the world I can handle, I've lived through enough, but it
> > is the end of steam as a viable service I can trust.
> >
> > It wasn't that long ago Gabe was giving away his password with a kind
> > of "hack me if you can" bravado to advertise Steam Guard (and clearly
> > from myriad internet posts many think Steam is secure because of it)
> >
> > But it isn't.
> >
> > There's only one game dev / publisher that has a database that has my
> > name, address, CC info and anything of value attached to it.
> > That one is Steam.
> >
> > So, one by one, as other developers have been hacked, I've been
> > thinking "At least it's not steam, if they get that, I'm outta here"
> >
> > But I see nowhere to go forwards. Gabe's "we'll reopen the forums
> > asap" I find almost unbelievably trite as though he's hoping so long
> > as we can argue about how overpowered the heavy is/isn't next week
> > we'll carry on regardless as though nothing happened :/
> >
> > The way I see it, either Valve were incompetent (unlikely since I'm
> > sure Gabe said in interview they'd looked at their systems after the
> > other companies were hacked like Sony and so on) or you cannot secure
> > a system no matter how competent you are.
> >
> > Either way, I may as well just take cash to the store or find a
> > different hobby.
> > If I get mugged on the way there or back, at least I might get a
> > description of who did it.
> >
> > --
> > Dan
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>



-- 
Sent from my Commodore64
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 11/11/2011 01:39, msleeper wrote:

Also from the same message:


We do not have evidence that encrypted credit card numbers or personally 
identifying information were taken by the intruders

So, not sure why you're assuming they have all of that information.
I'm assuming "personally identifying information" means personally
identifying information like your name, DOB, and address.


Look we all read your messages yesterday.

You were wrong, especially with your own assumptions about what didn't 
happen.


But we don't care.

So please get over it.

--
Dan.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[dmex]

Conversations with staff over the last decade, it's also really
computationally expensive to encrypt all that extra info so not one company
does.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Marcus Posey
Sent: Friday, 11 November 2011 9:31 AM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

How do you know it's unencrypted?

On Thu, Nov 10, 2011 at 7:26 PM, dmex  wrote:

> Don't worry, He'll be fine after his nappy gets changed  ;)
>
> I am a bit annoyed Gabe didn't mention all the unencrypted personal 
> information stored on the same Steam database the hackers now have, 
> It's more than enough to pull off really good social 
> engineering/phishing attacks and maybe even some ID theft.
>
> At minimum your Steam account contains the following unencrypted 
> personal
> details:
> First & Last name, Date of birth, Billing address, City, State, 
> Zipcode, Country and telephone number.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of 
> msleeper
> Sent: Friday, 11 November 2011 8:59 AM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Never has a more irrational or reactionary mail been posted to this list.
>
> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> > On 10/11/2011 23:55, DontWannaName! wrote:
> >>
> >> If you haven't noticed, most credit card companies have very good 
> >> fraud prevention now. What's the worst they can do? I mean it's 
> >> bad, but really not the end of the world. You guys are just causing 
> >> unneeded drama about an issue that they are handling internally.
> >
> > It's not the end of the world, no. That was May 21st. And again in
> October.
> >
> > The end of the world I can handle, I've lived through enough, but it 
> > is the end of steam as a viable service I can trust.
> >
> > It wasn't that long ago Gabe was giving away his password with a 
> > kind of "hack me if you can" bravado to advertise Steam Guard (and 
> > clearly from myriad internet posts many think Steam is secure 
> > because of it)
> >
> > But it isn't.
> >
> > There's only one game dev / publisher that has a database that has 
> > my name, address, CC info and anything of value attached to it.
> > That one is Steam.
> >
> > So, one by one, as other developers have been hacked, I've been 
> > thinking "At least it's not steam, if they get that, I'm outta here"
> >
> > But I see nowhere to go forwards. Gabe's "we'll reopen the forums 
> > asap" I find almost unbelievably trite as though he's hoping so long 
> > as we can argue about how overpowered the heavy is/isn't next week 
> > we'll carry on regardless as though nothing happened :/
> >
> > The way I see it, either Valve were incompetent (unlikely since I'm 
> > sure Gabe said in interview they'd looked at their systems after the 
> > other companies were hacked like Sony and so on) or you cannot 
> > secure a system no matter how competent you are.
> >
> > Either way, I may as well just take cash to the store or find a 
> > different hobby.
> > If I get mugged on the way there or back, at least I might get a 
> > description of who did it.
> >
> > --
> > Dan
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list 
> > archives, please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[msleeper]

Also from the same message:

>> We do not have evidence that encrypted credit card numbers or personally 
>> identifying information were taken by the intruders

So, not sure why you're assuming they have all of that information.
I'm assuming "personally identifying information" means personally
identifying information like your name, DOB, and address.

On Thu, Nov 10, 2011 at 8:32 PM, Dan  wrote:
> On 11/11/2011 01:26, dmex wrote:
>>
>> I am a bit annoyed Gabe didn't mention all the unencrypted personal
>> information stored on the same Steam database the hackers now have, It's
>> more than enough to pull off really good social engineering/phishing
>> attacks
>> and maybe even some ID theft.
>>
>> At minimum your Steam account contains the following unencrypted personal
>> details:
>> First&  Last name, Date of birth, Billing address, City, State, Zipcode,
>> Country and telephone number.
>
> That is mentioned (At least in the Gabe steam message I saw)
>
> It only says the CC details were encrypted and the passwords were hashed and
> salted.
>
> --
> Dan.
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 11/11/2011 01:26, dmex wrote:

I am a bit annoyed Gabe didn't mention all the unencrypted personal
information stored on the same Steam database the hackers now have, It's
more than enough to pull off really good social engineering/phishing attacks
and maybe even some ID theft.

At minimum your Steam account contains the following unencrypted personal
details:
First&  Last name, Date of birth, Billing address, City, State, Zipcode,
Country and telephone number.


That is mentioned (At least in the Gabe steam message I saw)

It only says the CC details were encrypted and the passwords were hashed 
and salted.


--
Dan.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Marcus Posey]

How do you know it's unencrypted?

On Thu, Nov 10, 2011 at 7:26 PM, dmex  wrote:

> Don't worry, He'll be fine after his nappy gets changed  ;)
>
> I am a bit annoyed Gabe didn't mention all the unencrypted personal
> information stored on the same Steam database the hackers now have, It's
> more than enough to pull off really good social engineering/phishing
> attacks
> and maybe even some ID theft.
>
> At minimum your Steam account contains the following unencrypted personal
> details:
> First & Last name, Date of birth, Billing address, City, State, Zipcode,
> Country and telephone number.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
> Sent: Friday, 11 November 2011 8:59 AM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Never has a more irrational or reactionary mail been posted to this list.
>
> On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> > On 10/11/2011 23:55, DontWannaName! wrote:
> >>
> >> If you haven't noticed, most credit card companies have very good
> >> fraud prevention now. What's the worst they can do? I mean it's bad,
> >> but really not the end of the world. You guys are just causing
> >> unneeded drama about an issue that they are handling internally.
> >
> > It's not the end of the world, no. That was May 21st. And again in
> October.
> >
> > The end of the world I can handle, I've lived through enough, but it
> > is the end of steam as a viable service I can trust.
> >
> > It wasn't that long ago Gabe was giving away his password with a kind
> > of "hack me if you can" bravado to advertise Steam Guard (and clearly
> > from myriad internet posts many think Steam is secure because of it)
> >
> > But it isn't.
> >
> > There's only one game dev / publisher that has a database that has my
> > name, address, CC info and anything of value attached to it.
> > That one is Steam.
> >
> > So, one by one, as other developers have been hacked, I've been
> > thinking "At least it's not steam, if they get that, I'm outta here"
> >
> > But I see nowhere to go forwards. Gabe's "we'll reopen the forums
> > asap" I find almost unbelievably trite as though he's hoping so long
> > as we can argue about how overpowered the heavy is/isn't next week
> > we'll carry on regardless as though nothing happened :/
> >
> > The way I see it, either Valve were incompetent (unlikely since I'm
> > sure Gabe said in interview they'd looked at their systems after the
> > other companies were hacked like Sony and so on) or you cannot secure
> > a system no matter how competent you are.
> >
> > Either way, I may as well just take cash to the store or find a
> > different hobby.
> > If I get mugged on the way there or back, at least I might get a
> > description of who did it.
> >
> > --
> > Dan
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 11/11/2011 00:59, msleeper wrote:

Never has a more irrational or reactionary mail been posted to this list.


Well if there's a prize, I hope your posts pretending it's only the 
forum that has been hacked should win.


--
Dan.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[dmex]

Don't worry, He'll be fine after his nappy gets changed  ;)

I am a bit annoyed Gabe didn't mention all the unencrypted personal
information stored on the same Steam database the hackers now have, It's
more than enough to pull off really good social engineering/phishing attacks
and maybe even some ID theft.

At minimum your Steam account contains the following unencrypted personal
details:
First & Last name, Date of birth, Billing address, City, State, Zipcode,
Country and telephone number.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
Sent: Friday, 11 November 2011 8:59 AM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

Never has a more irrational or reactionary mail been posted to this list.

On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> On 10/11/2011 23:55, DontWannaName! wrote:
>>
>> If you haven't noticed, most credit card companies have very good 
>> fraud prevention now. What's the worst they can do? I mean it's bad, 
>> but really not the end of the world. You guys are just causing 
>> unneeded drama about an issue that they are handling internally.
>
> It's not the end of the world, no. That was May 21st. And again in
October.
>
> The end of the world I can handle, I've lived through enough, but it 
> is the end of steam as a viable service I can trust.
>
> It wasn't that long ago Gabe was giving away his password with a kind 
> of "hack me if you can" bravado to advertise Steam Guard (and clearly 
> from myriad internet posts many think Steam is secure because of it)
>
> But it isn't.
>
> There's only one game dev / publisher that has a database that has my 
> name, address, CC info and anything of value attached to it.
> That one is Steam.
>
> So, one by one, as other developers have been hacked, I've been 
> thinking "At least it's not steam, if they get that, I'm outta here"
>
> But I see nowhere to go forwards. Gabe's "we'll reopen the forums 
> asap" I find almost unbelievably trite as though he's hoping so long 
> as we can argue about how overpowered the heavy is/isn't next week 
> we'll carry on regardless as though nothing happened :/
>
> The way I see it, either Valve were incompetent (unlikely since I'm 
> sure Gabe said in interview they'd looked at their systems after the 
> other companies were hacked like Sony and so on) or you cannot secure 
> a system no matter how competent you are.
>
> Either way, I may as well just take cash to the store or find a 
> different hobby.
> If I get mugged on the way there or back, at least I might get a 
> description of who did it.
>
> --
> Dan
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[msleeper]

Never has a more irrational or reactionary mail been posted to this list.

On Thu, Nov 10, 2011 at 7:52 PM, Dan  wrote:
> On 10/11/2011 23:55, DontWannaName! wrote:
>>
>> If you haven't noticed, most credit card companies have very good fraud
>> prevention now. What's the worst they can do? I mean it's bad, but really
>> not the end of the world. You guys are just causing unneeded drama about an
>> issue that they are handling internally.
>
> It's not the end of the world, no. That was May 21st. And again in October.
>
> The end of the world I can handle, I've lived through enough, but it is the
> end of steam as a viable service I can trust.
>
> It wasn't that long ago Gabe was giving away his password with a kind of
> "hack me if you can" bravado to
> advertise Steam Guard (and clearly from myriad internet posts many think
> Steam is secure because of it)
>
> But it isn't.
>
> There's only one game dev / publisher that has a database that has my name,
> address, CC info and anything of value attached to it.
> That one is Steam.
>
> So, one by one, as other developers have been hacked, I've been thinking "At
> least it's not steam, if they get that, I'm outta here"
>
> But I see nowhere to go forwards. Gabe's "we'll reopen the forums asap" I
> find almost unbelievably trite as though
> he's hoping so long as we can argue about how overpowered the heavy is/isn't
> next week we'll carry on regardless as though
> nothing happened :/
>
> The way I see it, either Valve were incompetent (unlikely since I'm sure
> Gabe said in interview they'd looked at their systems after the other
> companies were hacked like Sony and so on) or you cannot secure a system no
> matter how competent you are.
>
> Either way, I may as well just take cash to the store or find a different
> hobby.
> If I get mugged on the way there or back, at least I might get a description
> of who did it.
>
> --
> Dan
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 10/11/2011 23:55, DontWannaName! wrote:

If you haven't noticed, most credit card companies have very good fraud 
prevention now. What's the worst they can do? I mean it's bad, but really not 
the end of the world. You guys are just causing unneeded drama about an issue 
that they are handling internally.


It's not the end of the world, no. That was May 21st. And again in October.

The end of the world I can handle, I've lived through enough, but it is 
the end of steam as a viable service I can trust.


It wasn't that long ago Gabe was giving away his password with a kind of 
"hack me if you can" bravado to
advertise Steam Guard (and clearly from myriad internet posts many think 
Steam is secure because of it)


But it isn't.

There's only one game dev / publisher that has a database that has my 
name, address, CC info and anything of value attached to it.

That one is Steam.

So, one by one, as other developers have been hacked, I've been thinking 
"At least it's not steam, if they get that, I'm outta here"


But I see nowhere to go forwards. Gabe's "we'll reopen the forums asap" 
I find almost unbelievably trite as though
he's hoping so long as we can argue about how overpowered the heavy 
is/isn't next week we'll carry on regardless as though

nothing happened :/

The way I see it, either Valve were incompetent (unlikely since I'm sure 
Gabe said in interview they'd looked at their systems after the other
companies were hacked like Sony and so on) or you cannot secure a system 
no matter how competent you are.


Either way, I may as well just take cash to the store or find a 
different hobby.
If I get mugged on the way there or back, at least I might get a 
description of who did it.


--
Dan

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Marcus Posey]

It's cheaper?

On Thu, Nov 10, 2011 at 6:29 PM, Bruno Garcia wrote:

> I wonder why the would make the Steam Forum database be on the same
> physical place than the actual Steam database
>
> On Thu, Nov 10, 2011 at 8:56 PM, dmex  wrote:
>
> > Mmm, You have to admire Valve employee's for re-using passwords.
> >
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com
> > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of
> > gamead...@127001.org
> > Sent: Friday, 11 November 2011 7:01 AM
> > To: 'Half-Life dedicated Linux server mailing list'
> > Subject: Re: [hlds_linux] Valve Security Breach
> >
> > Confirmation that the attack breached more than their forums:
> >
> > http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
> >
> > > -Original Message-
> > > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> > > boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> > > Sent: 09 November 2011 20:28
> > > To: Half-Life dedicated Linux server mailing list
> > > Subject: Re: [hlds_linux] Valve Security Breach
> > >
> > > Without rancor or anger, I tell you this is very unhelpful, regardless
> > > of what your position is on the SPUF closure.
> > >
> > > On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> > >
> > > > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> > > >
> > > >> Well, some of his community gamers may well be also users on SPUF
> > > >>
> > > >
> > > > Some of his users may have bought batches of tinned spam from Crayed
> > > > mentos starting #219-245.
> > > > If they eat it, there's a chance it was contaminated with e-coli
> > > virus and
> > > > they might die an agonising and painful death.
> > > >
> > > > Yet he's not mentioned it to them.
> > > >
> > > > So why so particular with this?
> > > >
> > > > Let's be honest with each other and Valve. We want to know what
> > > happened
> > > > for the same reason that a cage full of chimps will open a box you
> > > put in
> > > > their cage.
> > > > It's nothing more than curiosity.
> > > >
> > > > And this list is a place where people @ Valve post things that's
> > > still
> > > > open.
> > > >
> > > > --
> > > > Dan.
> > > >
> > > >
> > > > __**_
> > > > To unsubscribe, edit your list preferences, or view the list
> > > archives,
> > > > please visit:
> > > >
> > > http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://lis
> > > t .valvesoftware.com/mailman/listinfo/hlds_linux>
> > > >
> > > ___
> > > To unsubscribe, edit your list preferences, or view the list archives,
> > > please visit:
> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Bruno Garcia]

I wonder why the would make the Steam Forum database be on the same
physical place than the actual Steam database

On Thu, Nov 10, 2011 at 8:56 PM, dmex  wrote:

> Mmm, You have to admire Valve employee's for re-using passwords.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of
> gamead...@127001.org
> Sent: Friday, 11 November 2011 7:01 AM
> To: 'Half-Life dedicated Linux server mailing list'
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Confirmation that the attack breached more than their forums:
>
> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
>
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> > boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> > Sent: 09 November 2011 20:28
> > To: Half-Life dedicated Linux server mailing list
> > Subject: Re: [hlds_linux] Valve Security Breach
> >
> > Without rancor or anger, I tell you this is very unhelpful, regardless
> > of what your position is on the SPUF closure.
> >
> > On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> >
> > > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> > >
> > >> Well, some of his community gamers may well be also users on SPUF
> > >>
> > >
> > > Some of his users may have bought batches of tinned spam from Crayed
> > > mentos starting #219-245.
> > > If they eat it, there's a chance it was contaminated with e-coli
> > virus and
> > > they might die an agonising and painful death.
> > >
> > > Yet he's not mentioned it to them.
> > >
> > > So why so particular with this?
> > >
> > > Let's be honest with each other and Valve. We want to know what
> > happened
> > > for the same reason that a cage full of chimps will open a box you
> > put in
> > > their cage.
> > > It's nothing more than curiosity.
> > >
> > > And this list is a place where people @ Valve post things that's
> > still
> > > open.
> > >
> > > --
> > > Dan.
> > >
> > >
> > > __**_
> > > To unsubscribe, edit your list preferences, or view the list
> > archives,
> > > please visit:
> > >
> > http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://lis
> > t .valvesoftware.com/mailman/listinfo/hlds_linux>
> > >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[dmex]

Mmm, You have to admire Valve employee's for re-using passwords.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of
gamead...@127001.org
Sent: Friday, 11 November 2011 7:01 AM
To: 'Half-Life dedicated Linux server mailing list'
Subject: Re: [hlds_linux] Valve Security Breach

Confirmation that the attack breached more than their forums:

http://www.rockpapershotgun.com/2011/11/10/steam-hacked/

> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- 
> boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> Sent: 09 November 2011 20:28
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> Without rancor or anger, I tell you this is very unhelpful, regardless 
> of what your position is on the SPUF closure.
> 
> On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> 
> > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> >
> >> Well, some of his community gamers may well be also users on SPUF
> >>
> >
> > Some of his users may have bought batches of tinned spam from Crayed 
> > mentos starting #219-245.
> > If they eat it, there's a chance it was contaminated with e-coli
> virus and
> > they might die an agonising and painful death.
> >
> > Yet he's not mentioned it to them.
> >
> > So why so particular with this?
> >
> > Let's be honest with each other and Valve. We want to know what
> happened
> > for the same reason that a cage full of chimps will open a box you
> put in
> > their cage.
> > It's nothing more than curiosity.
> >
> > And this list is a place where people @ Valve post things that's
> still
> > open.
> >
> > --
> > Dan.
> >
> >
> > __**_
> > To unsubscribe, edit your list preferences, or view the list
> archives,
> > please visit:
> >
> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://lis
> t .valvesoftware.com/mailman/listinfo/hlds_linux>
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[DontWannaName!]

If you haven't noticed, most credit card companies have very good fraud 
prevention now. What's the worst they can do? I mean it's bad, but really not 
the end of the world. You guys are just causing unneeded drama about an issue 
that they are handling internally.

Sent from my iPhone 4

On Nov 10, 2011, at 3:51 PM, Nathan Radcliffe  wrote:

> msleeper, please comment.  Really looking forward to it.
> 
> On 10 November 2011 23:43, DontWannaName!  wrote:
> 
>> Lol we don't even know how many steam accounts are even on that server. I
>> bet it's not as many and therefor not as big of an issue. Especially since
>> the info is useless to the hackers.
>> 
>> At least the forums are coming back online.
>> 
>> Sent from my iPhone 4
>> 
>> On Nov 10, 2011, at 3:32 PM, px  wrote:
>> 
>>> Здравствуйте, Nicolas.
>>> 
>>> Вы писали 11 листопада 2011 р., 1:20:40:
>>> 
>>> http://kotaku.com/5858473/
>>> 
>>>> Sounds serious without being serious.
>>>> Frightening nonetheless.
>>>> --
>>>> Nicolas "NykO18" Grevet
>>> 
>>> 
>>>> 2011/11/11 
>>> 
>>>>> Confirmation that the attack breached more than their forums:
>>>>> 
>>>>> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
>>>>> 
>>>>>> -Original Message-
>>>>>> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
>>>>>> boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
>>>>>> Sent: 09 November 2011 20:28
>>>>>> To: Half-Life dedicated Linux server mailing list
>>>>>> Subject: Re: [hlds_linux] Valve Security Breach
>>>>>> 
>>>>>> Without rancor or anger, I tell you this is very unhelpful, regardless
>>>>>> of
>>>>>> what your position is on the SPUF closure.
>>>>>> 
>>>>>> On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
>>>>>> 
>>>>>>> On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
>>>>>>> 
>>>>>>>> Well, some of his community gamers may well be also users on SPUF
>>>>>>>> 
>>>>>>> 
>>>>>>> Some of his users may have bought batches of tinned spam from Crayed
>>>>>>> mentos starting #219-245.
>>>>>>> If they eat it, there's a chance it was contaminated with e-coli
>>>>>> virus and
>>>>>>> they might die an agonising and painful death.
>>>>>>> 
>>>>>>> Yet he's not mentioned it to them.
>>>>>>> 
>>>>>>> So why so particular with this?
>>>>>>> 
>>>>>>> Let's be honest with each other and Valve. We want to know what
>>>>>> happened
>>>>>>> for the same reason that a cage full of chimps will open a box you
>>>>>> put in
>>>>>>> their cage.
>>>>>>> It's nothing more than curiosity.
>>>>>>> 
>>>>>>> And this list is a place where people @ Valve post things that's
>>>>>> still
>>>>>>> open.
>>>>>>> 
>>>>>>> --
>>>>>>> Dan.
>>>>>>> 
>>>>>>> 
>>>>>>> __**_
>>>>>>> To unsubscribe, edit your list preferences, or view the list
>>>>>> archives,
>>>>>>> please visit:
>>>>>>> 
>>>>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<
>> http://list
>>>>>> .valvesoftware.com/mailman/listinfo/hlds_linux>
>>>>>>> 
>>>>>> ___
>>>>>> To unsubscribe, edit your list preferences, or view the list archives,
>>>>>> please visit:
>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>>> 
>>>>> 
>>>>> ___
>>>>> To unsubscribe, edit your list preferences, or view the list archives,
>>>>> please visit:
>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>>> 
>>>> ___
>>>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> 
>>> 
>>> 
>>> 
>>> --
>>> С уважением,
>>> px  mailto:p...@i.kiev.ua
>>> 
>>> 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> 
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Nathan Radcliffe]

msleeper, please comment.  Really looking forward to it.

On 10 November 2011 23:43, DontWannaName!  wrote:

> Lol we don't even know how many steam accounts are even on that server. I
> bet it's not as many and therefor not as big of an issue. Especially since
> the info is useless to the hackers.
>
> At least the forums are coming back online.
>
> Sent from my iPhone 4
>
> On Nov 10, 2011, at 3:32 PM, px  wrote:
>
> > Здравствуйте, Nicolas.
> >
> > Вы писали 11 листопада 2011 р., 1:20:40:
> >
> > http://kotaku.com/5858473/
> >
> >> Sounds serious without being serious.
> >> Frightening nonetheless.
> >> --
> >> Nicolas "NykO18" Grevet
> >
> >
> >> 2011/11/11 
> >
> >>> Confirmation that the attack breached more than their forums:
> >>>
> >>> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
> >>>
> >>>> -Original Message-
> >>>> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> >>>> boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> >>>> Sent: 09 November 2011 20:28
> >>>> To: Half-Life dedicated Linux server mailing list
> >>>> Subject: Re: [hlds_linux] Valve Security Breach
> >>>>
> >>>> Without rancor or anger, I tell you this is very unhelpful, regardless
> >>>> of
> >>>> what your position is on the SPUF closure.
> >>>>
> >>>> On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> >>>>
> >>>>> On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> >>>>>
> >>>>>> Well, some of his community gamers may well be also users on SPUF
> >>>>>>
> >>>>>
> >>>>> Some of his users may have bought batches of tinned spam from Crayed
> >>>>> mentos starting #219-245.
> >>>>> If they eat it, there's a chance it was contaminated with e-coli
> >>>> virus and
> >>>>> they might die an agonising and painful death.
> >>>>>
> >>>>> Yet he's not mentioned it to them.
> >>>>>
> >>>>> So why so particular with this?
> >>>>>
> >>>>> Let's be honest with each other and Valve. We want to know what
> >>>> happened
> >>>>> for the same reason that a cage full of chimps will open a box you
> >>>> put in
> >>>>> their cage.
> >>>>> It's nothing more than curiosity.
> >>>>>
> >>>>> And this list is a place where people @ Valve post things that's
> >>>> still
> >>>>> open.
> >>>>>
> >>>>> --
> >>>>> Dan.
> >>>>>
> >>>>>
> >>>>> __**_
> >>>>> To unsubscribe, edit your list preferences, or view the list
> >>>> archives,
> >>>>> please visit:
> >>>>>
> >>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<
> http://list
> >>>> .valvesoftware.com/mailman/listinfo/hlds_linux>
> >>>>>
> >>>> ___
> >>>> To unsubscribe, edit your list preferences, or view the list archives,
> >>>> please visit:
> >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>>
> >>>
> >>> ___
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>>
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> >
> >
> > --
> > С уважением,
> > px  mailto:p...@i.kiev.ua
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Marcus Posey]

I really hope they didn't get the CC info.

2011/11/10 px 

> Здравствуйте, Nicolas.
>
> Вы писали 11 листопада 2011 р., 1:20:40:
>
> http://kotaku.com/5858473/
>
> > Sounds serious without being serious.
> > Frightening nonetheless.
> > --
> > Nicolas "NykO18" Grevet
>
>
> > 2011/11/11 
>
> >> Confirmation that the attack breached more than their forums:
> >>
> >> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
> >>
> >> > -Original Message-
> >> > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> >> > boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> >> > Sent: 09 November 2011 20:28
> >> > To: Half-Life dedicated Linux server mailing list
> >> > Subject: Re: [hlds_linux] Valve Security Breach
> >> >
> >> > Without rancor or anger, I tell you this is very unhelpful, regardless
> >> > of
> >> > what your position is on the SPUF closure.
> >> >
> >> > On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> >> >
> >> > > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> >> > >
> >> > >> Well, some of his community gamers may well be also users on SPUF
> >> > >>
> >> > >
> >> > > Some of his users may have bought batches of tinned spam from Crayed
> >> > > mentos starting #219-245.
> >> > > If they eat it, there's a chance it was contaminated with e-coli
> >> > virus and
> >> > > they might die an agonising and painful death.
> >> > >
> >> > > Yet he's not mentioned it to them.
> >> > >
> >> > > So why so particular with this?
> >> > >
> >> > > Let's be honest with each other and Valve. We want to know what
> >> > happened
> >> > > for the same reason that a cage full of chimps will open a box you
> >> > put in
> >> > > their cage.
> >> > > It's nothing more than curiosity.
> >> > >
> >> > > And this list is a place where people @ Valve post things that's
> >> > still
> >> > > open.
> >> > >
> >> > > --
> >> > > Dan.
> >> > >
> >> > >
> >> > > __**_
> >> > > To unsubscribe, edit your list preferences, or view the list
> >> > archives,
> >> > > please visit:
> >> > >
> >> > http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<
> http://list
> >> > .valvesoftware.com/mailman/listinfo/hlds_linux>
> >> > >
> >> > ___
> >> > To unsubscribe, edit your list preferences, or view the list archives,
> >> > please visit:
> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> >>
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
>
> --
> С уважением,
>  px  mailto:p...@i.kiev.ua
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[DontWannaName!]

Lol we don't even know how many steam accounts are even on that server. I bet 
it's not as many and therefor not as big of an issue. Especially since the info 
is useless to the hackers.

At least the forums are coming back online.

Sent from my iPhone 4

On Nov 10, 2011, at 3:32 PM, px  wrote:

> Здравствуйте, Nicolas.
> 
> Вы писали 11 листопада 2011 р., 1:20:40:
> 
> http://kotaku.com/5858473/
> 
>> Sounds serious without being serious.
>> Frightening nonetheless.
>> --
>> Nicolas "NykO18" Grevet
> 
> 
>> 2011/11/11 
> 
>>> Confirmation that the attack breached more than their forums:
>>> 
>>> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
>>> 
>>>> -Original Message-
>>>> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
>>>> boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
>>>> Sent: 09 November 2011 20:28
>>>> To: Half-Life dedicated Linux server mailing list
>>>> Subject: Re: [hlds_linux] Valve Security Breach
>>>> 
>>>> Without rancor or anger, I tell you this is very unhelpful, regardless
>>>> of
>>>> what your position is on the SPUF closure.
>>>> 
>>>> On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
>>>> 
>>>>> On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
>>>>> 
>>>>>> Well, some of his community gamers may well be also users on SPUF
>>>>>> 
>>>>> 
>>>>> Some of his users may have bought batches of tinned spam from Crayed
>>>>> mentos starting #219-245.
>>>>> If they eat it, there's a chance it was contaminated with e-coli
>>>> virus and
>>>>> they might die an agonising and painful death.
>>>>> 
>>>>> Yet he's not mentioned it to them.
>>>>> 
>>>>> So why so particular with this?
>>>>> 
>>>>> Let's be honest with each other and Valve. We want to know what
>>>> happened
>>>>> for the same reason that a cage full of chimps will open a box you
>>>> put in
>>>>> their cage.
>>>>> It's nothing more than curiosity.
>>>>> 
>>>>> And this list is a place where people @ Valve post things that's
>>>> still
>>>>> open.
>>>>> 
>>>>> --
>>>>> Dan.
>>>>> 
>>>>> 
>>>>> __**_
>>>>> To unsubscribe, edit your list preferences, or view the list
>>>> archives,
>>>>> please visit:
>>>>> 
>>>> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list
>>>> .valvesoftware.com/mailman/listinfo/hlds_linux>
>>>>> 
>>>> ___
>>>> To unsubscribe, edit your list preferences, or view the list archives,
>>>> please visit:
>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> 
>>> 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> 
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 
> 
> 
> -- 
> С уважением,
> px  mailto:p...@i.kiev.ua
> 
> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[px]

Здравствуйте, Nicolas.

Вы писали 11 листопада 2011 р., 1:20:40:

http://kotaku.com/5858473/

> Sounds serious without being serious.
> Frightening nonetheless.
> --
> Nicolas "NykO18" Grevet


> 2011/11/11 

>> Confirmation that the attack breached more than their forums:
>>
>> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
>>
>> > -Original Message-
>> > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
>> > boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
>> > Sent: 09 November 2011 20:28
>> > To: Half-Life dedicated Linux server mailing list
>> > Subject: Re: [hlds_linux] Valve Security Breach
>> >
>> > Without rancor or anger, I tell you this is very unhelpful, regardless
>> > of
>> > what your position is on the SPUF closure.
>> >
>> > On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
>> >
>> > > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
>> > >
>> > >> Well, some of his community gamers may well be also users on SPUF
>> > >>
>> > >
>> > > Some of his users may have bought batches of tinned spam from Crayed
>> > > mentos starting #219-245.
>> > > If they eat it, there's a chance it was contaminated with e-coli
>> > virus and
>> > > they might die an agonising and painful death.
>> > >
>> > > Yet he's not mentioned it to them.
>> > >
>> > > So why so particular with this?
>> > >
>> > > Let's be honest with each other and Valve. We want to know what
>> > happened
>> > > for the same reason that a cage full of chimps will open a box you
>> > put in
>> > > their cage.
>> > > It's nothing more than curiosity.
>> > >
>> > > And this list is a place where people @ Valve post things that's
>> > still
>> > > open.
>> > >
>> > > --
>> > > Dan.
>> > >
>> > >
>> > > __**_
>> > > To unsubscribe, edit your list preferences, or view the list
>> > archives,
>> > > please visit:
>> > >
>> > http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list
>> > .valvesoftware.com/mailman/listinfo/hlds_linux>
>> > >
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list archives,
>> > please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux




-- 
С уважением,
 px  mailto:p...@i.kiev.ua


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Nicolas "NykO18" Grevet]

Sounds serious without being serious.
Frightening nonetheless.
--
Nicolas "NykO18" Grevet


2011/11/11 

> Confirmation that the attack breached more than their forums:
>
> http://www.rockpapershotgun.com/2011/11/10/steam-hacked/
>
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> > boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> > Sent: 09 November 2011 20:28
> > To: Half-Life dedicated Linux server mailing list
> > Subject: Re: [hlds_linux] Valve Security Breach
> >
> > Without rancor or anger, I tell you this is very unhelpful, regardless
> > of
> > what your position is on the SPUF closure.
> >
> > On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> >
> > > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> > >
> > >> Well, some of his community gamers may well be also users on SPUF
> > >>
> > >
> > > Some of his users may have bought batches of tinned spam from Crayed
> > > mentos starting #219-245.
> > > If they eat it, there's a chance it was contaminated with e-coli
> > virus and
> > > they might die an agonising and painful death.
> > >
> > > Yet he's not mentioned it to them.
> > >
> > > So why so particular with this?
> > >
> > > Let's be honest with each other and Valve. We want to know what
> > happened
> > > for the same reason that a cage full of chimps will open a box you
> > put in
> > > their cage.
> > > It's nothing more than curiosity.
> > >
> > > And this list is a place where people @ Valve post things that's
> > still
> > > open.
> > >
> > > --
> > > Dan.
> > >
> > >
> > > __**_
> > > To unsubscribe, edit your list preferences, or view the list
> > archives,
> > > please visit:
> > >
> > http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list
> > .valvesoftware.com/mailman/listinfo/hlds_linux>
> > >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[gameadmin]

Confirmation that the attack breached more than their forums:

http://www.rockpapershotgun.com/2011/11/10/steam-hacked/

> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> boun...@list.valvesoftware.com] On Behalf Of Jesse Porter
> Sent: 09 November 2011 20:28
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> Without rancor or anger, I tell you this is very unhelpful, regardless
> of
> what your position is on the SPUF closure.
> 
> On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:
> 
> > On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
> >
> >> Well, some of his community gamers may well be also users on SPUF
> >>
> >
> > Some of his users may have bought batches of tinned spam from Crayed
> > mentos starting #219-245.
> > If they eat it, there's a chance it was contaminated with e-coli
> virus and
> > they might die an agonising and painful death.
> >
> > Yet he's not mentioned it to them.
> >
> > So why so particular with this?
> >
> > Let's be honest with each other and Valve. We want to know what
> happened
> > for the same reason that a cage full of chimps will open a box you
> put in
> > their cage.
> > It's nothing more than curiosity.
> >
> > And this list is a place where people @ Valve post things that's
> still
> > open.
> >
> > --
> > Dan.
> >
> >
> > __**_
> > To unsubscribe, edit your list preferences, or view the list
> archives,
> > please visit:
> >
> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux<http://list
> .valvesoftware.com/mailman/listinfo/hlds_linux>
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Jesse Porter]

Without rancor or anger, I tell you this is very unhelpful, regardless of
what your position is on the SPUF closure.

On Wed, Nov 9, 2011 at 12:23 PM, Dan  wrote:

> On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:
>
>> Well, some of his community gamers may well be also users on SPUF
>>
>
> Some of his users may have bought batches of tinned spam from Crayed
> mentos starting #219-245.
> If they eat it, there's a chance it was contaminated with e-coli virus and
> they might die an agonising and painful death.
>
> Yet he's not mentioned it to them.
>
> So why so particular with this?
>
> Let's be honest with each other and Valve. We want to know what happened
> for the same reason that a cage full of chimps will open a box you put in
> their cage.
> It's nothing more than curiosity.
>
> And this list is a place where people @ Valve post things that's still
> open.
>
> --
> Dan.
>
>
> __**_
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/**mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 09/11/2011 19:18, Mart-Jan Reeuwijk wrote:

Well, some of his community gamers may well be also users on SPUF


Some of his users may have bought batches of tinned spam from Crayed 
mentos starting #219-245.
If they eat it, there's a chance it was contaminated with e-coli virus 
and they might die an agonising and painful death.


Yet he's not mentioned it to them.

So why so particular with this?

Let's be honest with each other and Valve. We want to know what happened 
for the same reason that a cage full of chimps will open a box you put 
in their cage.

It's nothing more than curiosity.

And this list is a place where people @ Valve post things that's still open.

--
Dan.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Mart-Jan Reeuwijk]

Well, some of his community gamers may well be also users on SPUF, if he has 
the means to warn about it, I see no problem for him to care and do that 
warning. If it saved only one, it has done its purpose. It also warns for other 
location password management etc, so its not a real problem imo. He doesn't 
need our permission either, its his community, and he can do and care for it in 
any way he likes. 

The only question is if valve will come with a statement regarding it, and 
maybe tell how much was compromised, so people finally know what measures they 
may need to take. My guess is that either they are still investigating it 
(which could be done with a copy of the db), or are rebuilding/updating the 
forums (more likely imo).

I only hope that a load of topics that I followed are still intact etc, but 
we'll see once they are done.


>
>From: Dan 
>To: Half-Life dedicated Linux server mailing list 
>
>Sent: Wednesday, 9 November 2011, 19:49
>Subject: Re: [hlds_linux] Valve Security Breach
>
>On 09/11/2011 02:42, Nathan Radcliffe wrote:
>> If email address have been exposed and passwords have been exposed, then all 
>> account details for anyone with no password management system have been 
>> exposed. I don't run a service for computer security professionals - I run a 
>> service for gamers. Until Valve release details as to the exposure of this 
>> attack, neither you nor I fully know what credentials are out in the wild, 
>> so is better to err on the side of caution. On 9 November 2011 02:09, 
>> msleeper  wrote: 
>
>Nathan, you don't run Valve. Including, I imagine, not running steam nor their 
>vbullitin forums.
>Ergo the users are not your users, and any data that may or may not have been 
>leaked is completely unrelated to any "services" you do or do not run.
>
>If any  email addresses / passwords or anything else relating to any service 
>you run have been compromised I'd advise you
>post that fact to your mailing list for that service.
>-- Dan
>
>___
>To unsubscribe, edit your list preferences, or view the list archives, please 
>visit:
>http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Dan]

On 09/11/2011 02:42, Nathan Radcliffe wrote:
If email address have been exposed and passwords have been exposed, 
then all account details for anyone with no password management system 
have been exposed. I don't run a service for computer security 
professionals - I run a service for gamers. Until Valve release 
details as to the exposure of this attack, neither you nor I fully 
know what credentials are out in the wild, so is better to err on the 
side of caution. On 9 November 2011 02:09, msleeper 
 wrote: 


Nathan, you don't run Valve. Including, I imagine, not running steam nor 
their vbullitin forums.
Ergo the users are not your users, and any data that may or may not have 
been leaked is completely unrelated to any "services" you do or do not run.


If any  email addresses / passwords or anything else relating to any 
service you run have been compromised I'd advise you

post that fact to your mailing list for that service.
--
Dan

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[gameadmin]

It isn't - but if they had sufficient access to e.g. install vbulletin
plugins/mods, they'd have user-level access to at least one physical server
inside Valve.  I have literally no idea how separated that box is from the
rest of the steam systems.

> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> boun...@list.valvesoftware.com] On Behalf Of Nomaan Ahmad
> Sent: 09 November 2011 04:11
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> Since when is vBulletin part of Steam systems?
> 
> On 9 November 2011 04:07,  wrote:
> 
> > Probably, but I have to assume some people in my community match that
> > criteria.  I also have to hold as a possibility that the attackers
> were
> > able
> > to leverage their exploitation of the forum system into some kind of
> > possibly-successful intrusion into other parts of the steam system.
> >
> > > -Original Message-
> > > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> > > boun...@list.valvesoftware.com] On Behalf Of msleeper
> > > Sent: 09 November 2011 03:40
> > > To: Half-Life dedicated Linux server mailing list
> > > Subject: Re: [hlds_linux] Valve Security Breach
> > >
> > > If you have the same password for your Steam forum account, for
> your
> > > Steam login, and for the email address that Steam is tied to (and
> by
> > > proxy, the same email address on file on SPUF) then - and I'm just
> > > gonna say it - you probably deserve to have something bad like this
> > > happen so you wisen up to better security practices.
> > >
> > > On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe
> 
> > > wrote:
> > > > And as I said:
> > > >
> > > >>> > Steamguard works great if
> > > >>> > you have different passwords for your steam account and steam
> > > forums
> > > > and
> > > >>> > email, but I still know a lot of users both in gaming areas
> and
> > > real
> > > > life
> > > >>> > areas that use the same password for everything (despite how
> much
> > > I
> > > >>> > discourage it).
> > > >
> > > > If email address have been exposed and passwords have been
> exposed,
> > > then
> > > > all account details for anyone with no password management system
> > > have been
> > > > exposed.  I don't run a service for computer security
> professionals -
> > > I run
> > > > a service for gamers.  Until Valve release details as to the
> exposure
> > > of
> > > > this attack, neither you nor I fully know what credentials are
> out in
> > > the
> > > > wild, so is better to err on the side of caution.
> > > >
> > > > On 9 November 2011 02:09, msleeper 
> > > wrote:
> > > >
> > > >> As I said:
> > > >>
> > > >> > Assuming that your SPUF login and password is the same as your
> > > Steam
> > > >> > login and password, 1.) that's not Valve's fault that you are
> > > >> > literally the worst at the password game, but 2.) it's only a
> > > problem
> > > >> > if you are in the 0.001% of people who don't use Steam Guard.
> > > >>
> > > >> So unless your "several hundred users" all some how fit both of
> > > those
> > > >> profiles, then I don't see what there is to be freaking out
> about.
> > > >>
> > > >> How many of you are aware that the forum is a completely
> separate
> > > and
> > > >> unconnected entity to every other Steam service?
> > > >>
> > > >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe
> 
> > > >> wrote:
> > > >> > Feel free to suggest a better option.  Should I ignore the
> still
> > > as yet
> > > >> > unknown (and unconfirmed by the company) security breach that
> has
> > > >> rendered
> > > >> > a major section of it's website offline for near on two days,
> or
> > > warn the
> > > >> > several hundred of my users that they should look over their
> > > account and
> > > >> > security details?
> > > >> >
> > > >> > On 9 November 2011 01:45, msl

Re: [hlds_linux] Valve Security Breach

[msleeper]

I think it's way, way more likely that they gained access to an admin
level account on the forum and setup the notice and such. But then
again I'm also not on the panicky, jump-to-baseless speculation
bandwagon and tend to stick with the more reasonable, rational
answers.

Either way, SPUF being down still has shit-all to do with being
relevant to server administration.

On Tue, Nov 8, 2011 at 11:07 PM,   wrote:
> Probably, but I have to assume some people in my community match that
> criteria.  I also have to hold as a possibility that the attackers were able
> to leverage their exploitation of the forum system into some kind of
> possibly-successful intrusion into other parts of the steam system.
>
>> -Original Message-
>> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
>> boun...@list.valvesoftware.com] On Behalf Of msleeper
>> Sent: 09 November 2011 03:40
>> To: Half-Life dedicated Linux server mailing list
>> Subject: Re: [hlds_linux] Valve Security Breach
>>
>> If you have the same password for your Steam forum account, for your
>> Steam login, and for the email address that Steam is tied to (and by
>> proxy, the same email address on file on SPUF) then - and I'm just
>> gonna say it - you probably deserve to have something bad like this
>> happen so you wisen up to better security practices.
>>
>> On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe 
>> wrote:
>> > And as I said:
>> >
>> >>> > Steamguard works great if
>> >>> > you have different passwords for your steam account and steam
>> forums
>> > and
>> >>> > email, but I still know a lot of users both in gaming areas and
>> real
>> > life
>> >>> > areas that use the same password for everything (despite how much
>> I
>> >>> > discourage it).
>> >
>> > If email address have been exposed and passwords have been exposed,
>> then
>> > all account details for anyone with no password management system
>> have been
>> > exposed.  I don't run a service for computer security professionals -
>> I run
>> > a service for gamers.  Until Valve release details as to the exposure
>> of
>> > this attack, neither you nor I fully know what credentials are out in
>> the
>> > wild, so is better to err on the side of caution.
>> >
>> > On 9 November 2011 02:09, msleeper 
>> wrote:
>> >
>> >> As I said:
>> >>
>> >> > Assuming that your SPUF login and password is the same as your
>> Steam
>> >> > login and password, 1.) that's not Valve's fault that you are
>> >> > literally the worst at the password game, but 2.) it's only a
>> problem
>> >> > if you are in the 0.001% of people who don't use Steam Guard.
>> >>
>> >> So unless your "several hundred users" all some how fit both of
>> those
>> >> profiles, then I don't see what there is to be freaking out about.
>> >>
>> >> How many of you are aware that the forum is a completely separate
>> and
>> >> unconnected entity to every other Steam service?
>> >>
>> >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
>> >> wrote:
>> >> > Feel free to suggest a better option.  Should I ignore the still
>> as yet
>> >> > unknown (and unconfirmed by the company) security breach that has
>> >> rendered
>> >> > a major section of it's website offline for near on two days, or
>> warn the
>> >> > several hundred of my users that they should look over their
>> account and
>> >> > security details?
>> >> >
>> >> > On 9 November 2011 01:45, msleeper 
>> wrote:
>> >> >
>> >> >> Yes, panicking and being reactionary is always the best course of
>> >> action.
>> >> >>
>> >> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe
>> 
>> >> >> wrote:
>> >> >> > Thinking the worst is the best thing to do in this situation.
>>  Until
>> >> >> Valve
>> >> >> > release some indication of what account details (if any) have
>> >> >> > been compromised it's easiest to assume all details have been,
>> and
>> >> advise
>> >> >> > all users to look over their account security.  Steamguard
>> works
>> >&g

Re: [hlds_linux] Valve Security Breach

[Nomaan Ahmad]

Since when is vBulletin part of Steam systems?

On 9 November 2011 04:07,  wrote:

> Probably, but I have to assume some people in my community match that
> criteria.  I also have to hold as a possibility that the attackers were
> able
> to leverage their exploitation of the forum system into some kind of
> possibly-successful intrusion into other parts of the steam system.
>
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> > boun...@list.valvesoftware.com] On Behalf Of msleeper
> > Sent: 09 November 2011 03:40
> > To: Half-Life dedicated Linux server mailing list
> > Subject: Re: [hlds_linux] Valve Security Breach
> >
> > If you have the same password for your Steam forum account, for your
> > Steam login, and for the email address that Steam is tied to (and by
> > proxy, the same email address on file on SPUF) then - and I'm just
> > gonna say it - you probably deserve to have something bad like this
> > happen so you wisen up to better security practices.
> >
> > On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe 
> > wrote:
> > > And as I said:
> > >
> > >>> > Steamguard works great if
> > >>> > you have different passwords for your steam account and steam
> > forums
> > > and
> > >>> > email, but I still know a lot of users both in gaming areas and
> > real
> > > life
> > >>> > areas that use the same password for everything (despite how much
> > I
> > >>> > discourage it).
> > >
> > > If email address have been exposed and passwords have been exposed,
> > then
> > > all account details for anyone with no password management system
> > have been
> > > exposed.  I don't run a service for computer security professionals -
> > I run
> > > a service for gamers.  Until Valve release details as to the exposure
> > of
> > > this attack, neither you nor I fully know what credentials are out in
> > the
> > > wild, so is better to err on the side of caution.
> > >
> > > On 9 November 2011 02:09, msleeper 
> > wrote:
> > >
> > >> As I said:
> > >>
> > >> > Assuming that your SPUF login and password is the same as your
> > Steam
> > >> > login and password, 1.) that's not Valve's fault that you are
> > >> > literally the worst at the password game, but 2.) it's only a
> > problem
> > >> > if you are in the 0.001% of people who don't use Steam Guard.
> > >>
> > >> So unless your "several hundred users" all some how fit both of
> > those
> > >> profiles, then I don't see what there is to be freaking out about.
> > >>
> > >> How many of you are aware that the forum is a completely separate
> > and
> > >> unconnected entity to every other Steam service?
> > >>
> > >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
> > >> wrote:
> > >> > Feel free to suggest a better option.  Should I ignore the still
> > as yet
> > >> > unknown (and unconfirmed by the company) security breach that has
> > >> rendered
> > >> > a major section of it's website offline for near on two days, or
> > warn the
> > >> > several hundred of my users that they should look over their
> > account and
> > >> > security details?
> > >> >
> > >> > On 9 November 2011 01:45, msleeper 
> > wrote:
> > >> >
> > >> >> Yes, panicking and being reactionary is always the best course of
> > >> action.
> > >> >>
> > >> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe
> > 
> > >> >> wrote:
> > >> >> > Thinking the worst is the best thing to do in this situation.
> >  Until
> > >> >> Valve
> > >> >> > release some indication of what account details (if any) have
> > >> >> > been compromised it's easiest to assume all details have been,
> > and
> > >> advise
> > >> >> > all users to look over their account security.  Steamguard
> > works
> > >> great if
> > >> >> > you have different passwords for your steam account and steam
> > forums
> > >> and
> > >> >> > email, but I still know a lot of users both in gaming areas and
>

Re: [hlds_linux] Valve Security Breach

[gameadmin]

Probably, but I have to assume some people in my community match that
criteria.  I also have to hold as a possibility that the attackers were able
to leverage their exploitation of the forum system into some kind of
possibly-successful intrusion into other parts of the steam system.

> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
> boun...@list.valvesoftware.com] On Behalf Of msleeper
> Sent: 09 November 2011 03:40
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
> 
> If you have the same password for your Steam forum account, for your
> Steam login, and for the email address that Steam is tied to (and by
> proxy, the same email address on file on SPUF) then - and I'm just
> gonna say it - you probably deserve to have something bad like this
> happen so you wisen up to better security practices.
> 
> On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe 
> wrote:
> > And as I said:
> >
> >>> > Steamguard works great if
> >>> > you have different passwords for your steam account and steam
> forums
> > and
> >>> > email, but I still know a lot of users both in gaming areas and
> real
> > life
> >>> > areas that use the same password for everything (despite how much
> I
> >>> > discourage it).
> >
> > If email address have been exposed and passwords have been exposed,
> then
> > all account details for anyone with no password management system
> have been
> > exposed.  I don't run a service for computer security professionals -
> I run
> > a service for gamers.  Until Valve release details as to the exposure
> of
> > this attack, neither you nor I fully know what credentials are out in
> the
> > wild, so is better to err on the side of caution.
> >
> > On 9 November 2011 02:09, msleeper 
> wrote:
> >
> >> As I said:
> >>
> >> > Assuming that your SPUF login and password is the same as your
> Steam
> >> > login and password, 1.) that's not Valve's fault that you are
> >> > literally the worst at the password game, but 2.) it's only a
> problem
> >> > if you are in the 0.001% of people who don't use Steam Guard.
> >>
> >> So unless your "several hundred users" all some how fit both of
> those
> >> profiles, then I don't see what there is to be freaking out about.
> >>
> >> How many of you are aware that the forum is a completely separate
> and
> >> unconnected entity to every other Steam service?
> >>
> >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
> >> wrote:
> >> > Feel free to suggest a better option.  Should I ignore the still
> as yet
> >> > unknown (and unconfirmed by the company) security breach that has
> >> rendered
> >> > a major section of it's website offline for near on two days, or
> warn the
> >> > several hundred of my users that they should look over their
> account and
> >> > security details?
> >> >
> >> > On 9 November 2011 01:45, msleeper 
> wrote:
> >> >
> >> >> Yes, panicking and being reactionary is always the best course of
> >> action.
> >> >>
> >> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe
> 
> >> >> wrote:
> >> >> > Thinking the worst is the best thing to do in this situation.
>  Until
> >> >> Valve
> >> >> > release some indication of what account details (if any) have
> >> >> > been compromised it's easiest to assume all details have been,
> and
> >> advise
> >> >> > all users to look over their account security.  Steamguard
> works
> >> great if
> >> >> > you have different passwords for your steam account and steam
> forums
> >> and
> >> >> > email, but I still know a lot of users both in gaming areas and
> real
> >> life
> >> >> > areas that use the same password for everything (despite how
> much I
> >> >> > discourage it).
> >> >> >
> >> >> > Everyone is speculating because Valve have not released any
> details
> >> as to
> >> >> > what has been comprised.  After nearly 48 hours that's pretty
> >> >> unacceptable
> >> >> > from a multi-million user company.
> >> >> >
> >> >> > On 9 Nove

Re: [hlds_linux] Valve Security Breach

[msleeper]

If you have the same password for your Steam forum account, for your
Steam login, and for the email address that Steam is tied to (and by
proxy, the same email address on file on SPUF) then - and I'm just
gonna say it - you probably deserve to have something bad like this
happen so you wisen up to better security practices.

On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe  wrote:
> And as I said:
>
>>> > Steamguard works great if
>>> > you have different passwords for your steam account and steam forums
> and
>>> > email, but I still know a lot of users both in gaming areas and real
> life
>>> > areas that use the same password for everything (despite how much I
>>> > discourage it).
>
> If email address have been exposed and passwords have been exposed, then
> all account details for anyone with no password management system have been
> exposed.  I don't run a service for computer security professionals - I run
> a service for gamers.  Until Valve release details as to the exposure of
> this attack, neither you nor I fully know what credentials are out in the
> wild, so is better to err on the side of caution.
>
> On 9 November 2011 02:09, msleeper  wrote:
>
>> As I said:
>>
>> > Assuming that your SPUF login and password is the same as your Steam
>> > login and password, 1.) that's not Valve's fault that you are
>> > literally the worst at the password game, but 2.) it's only a problem
>> > if you are in the 0.001% of people who don't use Steam Guard.
>>
>> So unless your "several hundred users" all some how fit both of those
>> profiles, then I don't see what there is to be freaking out about.
>>
>> How many of you are aware that the forum is a completely separate and
>> unconnected entity to every other Steam service?
>>
>> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
>> wrote:
>> > Feel free to suggest a better option.  Should I ignore the still as yet
>> > unknown (and unconfirmed by the company) security breach that has
>> rendered
>> > a major section of it's website offline for near on two days, or warn the
>> > several hundred of my users that they should look over their account and
>> > security details?
>> >
>> > On 9 November 2011 01:45, msleeper  wrote:
>> >
>> >> Yes, panicking and being reactionary is always the best course of
>> action.
>> >>
>> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
>> >> wrote:
>> >> > Thinking the worst is the best thing to do in this situation.  Until
>> >> Valve
>> >> > release some indication of what account details (if any) have
>> >> > been compromised it's easiest to assume all details have been, and
>> advise
>> >> > all users to look over their account security.  Steamguard works
>> great if
>> >> > you have different passwords for your steam account and steam forums
>> and
>> >> > email, but I still know a lot of users both in gaming areas and real
>> life
>> >> > areas that use the same password for everything (despite how much I
>> >> > discourage it).
>> >> >
>> >> > Everyone is speculating because Valve have not released any details
>> as to
>> >> > what has been comprised.  After nearly 48 hours that's pretty
>> >> unacceptable
>> >> > from a multi-million user company.
>> >> >
>> >> > On 9 November 2011 01:19, DontWannaName! 
>> wrote:
>> >> >
>> >> >> I think you are thinking the worst. All someone needs to post what
>> they
>> >> did
>> >> >> is access to the VB admin CP which just requires an admin. My guess
>> is
>> >> it
>> >> >> isnt as bad as people are making it out to be and right now everyone
>> is
>> >> >> speculating the worst. Just chill
>> >> >>
>> >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
>> >> >> wrote:
>> >> >>
>> >> >> > Correct, but where else should it be posted?  On the forums maybe?
>> >>  It's
>> >> >> > been nearly two days, and still no official press release.  A few
>> >> people
>> >> >> > have reported receiving spam emails and I've seen unconfirmed
>> reports
>> >> of
>> >> >> > password databases being leaked.
>> >> >> > I don't have much doubt that most people on this list have good
>> >> password
>> >> >> > management, but I'm sure there's still millions of forums users
>> >> unaware
>> >> >> > that any hack happened, or if they are aware, how it may have
>> effected
>> >> >> > them.
>> >> >> >
>> >> >> > On 8 November 2011 20:05, msleeper 
>> >> wrote:
>> >> >> >
>> >> >> > > This is not relevant to server administration.
>> >> >> > >
>> >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob 
>> wrote:
>> >> >> > > > Hello Valve,
>> >> >> > > >
>> >> >> > > >  I'd like to request notification via these mailing lists
>> once/if
>> >> >> Valve
>> >> >> > > > makes a statement about todays security breach and subsequent
>> >> >> downtime.
>> >> >> > > >
>> >> >> > > >
>> >> >> > >
>> >> >> >
>> >> >>
>> >>
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> >> >> > > > ___
>> >> >> > > > To unsubscribe, edit your li

Re: [hlds_linux] Valve Security Breach

[Nathan Radcliffe]

And as I said:

>> > Steamguard works great if
>> > you have different passwords for your steam account and steam forums
and
>> > email, but I still know a lot of users both in gaming areas and real
life
>> > areas that use the same password for everything (despite how much I
>> > discourage it).

If email address have been exposed and passwords have been exposed, then
all account details for anyone with no password management system have been
exposed.  I don't run a service for computer security professionals - I run
a service for gamers.  Until Valve release details as to the exposure of
this attack, neither you nor I fully know what credentials are out in the
wild, so is better to err on the side of caution.

On 9 November 2011 02:09, msleeper  wrote:

> As I said:
>
> > Assuming that your SPUF login and password is the same as your Steam
> > login and password, 1.) that's not Valve's fault that you are
> > literally the worst at the password game, but 2.) it's only a problem
> > if you are in the 0.001% of people who don't use Steam Guard.
>
> So unless your "several hundred users" all some how fit both of those
> profiles, then I don't see what there is to be freaking out about.
>
> How many of you are aware that the forum is a completely separate and
> unconnected entity to every other Steam service?
>
> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
> wrote:
> > Feel free to suggest a better option.  Should I ignore the still as yet
> > unknown (and unconfirmed by the company) security breach that has
> rendered
> > a major section of it's website offline for near on two days, or warn the
> > several hundred of my users that they should look over their account and
> > security details?
> >
> > On 9 November 2011 01:45, msleeper  wrote:
> >
> >> Yes, panicking and being reactionary is always the best course of
> action.
> >>
> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
> >> wrote:
> >> > Thinking the worst is the best thing to do in this situation.  Until
> >> Valve
> >> > release some indication of what account details (if any) have
> >> > been compromised it's easiest to assume all details have been, and
> advise
> >> > all users to look over their account security.  Steamguard works
> great if
> >> > you have different passwords for your steam account and steam forums
> and
> >> > email, but I still know a lot of users both in gaming areas and real
> life
> >> > areas that use the same password for everything (despite how much I
> >> > discourage it).
> >> >
> >> > Everyone is speculating because Valve have not released any details
> as to
> >> > what has been comprised.  After nearly 48 hours that's pretty
> >> unacceptable
> >> > from a multi-million user company.
> >> >
> >> > On 9 November 2011 01:19, DontWannaName! 
> wrote:
> >> >
> >> >> I think you are thinking the worst. All someone needs to post what
> they
> >> did
> >> >> is access to the VB admin CP which just requires an admin. My guess
> is
> >> it
> >> >> isnt as bad as people are making it out to be and right now everyone
> is
> >> >> speculating the worst. Just chill
> >> >>
> >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
> >> >> wrote:
> >> >>
> >> >> > Correct, but where else should it be posted?  On the forums maybe?
> >>  It's
> >> >> > been nearly two days, and still no official press release.  A few
> >> people
> >> >> > have reported receiving spam emails and I've seen unconfirmed
> reports
> >> of
> >> >> > password databases being leaked.
> >> >> > I don't have much doubt that most people on this list have good
> >> password
> >> >> > management, but I'm sure there's still millions of forums users
> >> unaware
> >> >> > that any hack happened, or if they are aware, how it may have
> effected
> >> >> > them.
> >> >> >
> >> >> > On 8 November 2011 20:05, msleeper 
> >> wrote:
> >> >> >
> >> >> > > This is not relevant to server administration.
> >> >> > >
> >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob 
> wrote:
> >> >> > > > Hello Valve,
> >> >> > > >
> >> >> > > >  I'd like to request notification via these mailing lists
> once/if
> >> >> Valve
> >> >> > > > makes a statement about todays security breach and subsequent
> >> >> downtime.
> >> >> > > >
> >> >> > > >
> >> >> > >
> >> >> >
> >> >>
> >>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> >> >> > > > ___
> >> >> > > > To unsubscribe, edit your list preferences, or view the list
> >> >> archives,
> >> >> > > please visit:
> >> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >> > > >
> >> >> > >
> >> >> > > ___
> >> >> > > To unsubscribe, edit your list preferences, or view the list
> >> archives,
> >> >> > > please visit:
> >> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >> > >
> >> >> > ___
> >> >> > To unsubscribe, ed

Re: [hlds_linux] Valve Security Breach

[msleeper]

Oh no, 1nsane, you left your Jump To Conclusions mat at home!

On Tue, Nov 8, 2011 at 9:39 PM, 1nsane <1nsane...@gmail.com> wrote:
> Wow, clearly it's a conspiracy. Valve must be completely compromised.
>
> Except I see hundreds (thousands?) of Valve TF2 servers in my server
> browser.
>
> They are not down.
>
> On Tue, Nov 8, 2011 at 9:12 PM, coffee problem wrote:
>
>> I wonder why the Valve TF2 servers themselves have been offline since
>> yesterday.
>>
>> On Tue, Nov 8, 2011 at 9:09 PM, msleeper > >wrote:
>>
>> > As I said:
>> >
>> > > Assuming that your SPUF login and password is the same as your Steam
>> > > login and password, 1.) that's not Valve's fault that you are
>> > > literally the worst at the password game, but 2.) it's only a problem
>> > > if you are in the 0.001% of people who don't use Steam Guard.
>> >
>> > So unless your "several hundred users" all some how fit both of those
>> > profiles, then I don't see what there is to be freaking out about.
>> >
>> > How many of you are aware that the forum is a completely separate and
>> > unconnected entity to every other Steam service?
>> >
>> > On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
>> > wrote:
>> > > Feel free to suggest a better option.  Should I ignore the still as yet
>> > > unknown (and unconfirmed by the company) security breach that has
>> > rendered
>> > > a major section of it's website offline for near on two days, or warn
>> the
>> > > several hundred of my users that they should look over their account
>> and
>> > > security details?
>> > >
>> > > On 9 November 2011 01:45, msleeper 
>> wrote:
>> > >
>> > >> Yes, panicking and being reactionary is always the best course of
>> > action.
>> > >>
>> > >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
>> > >> wrote:
>> > >> > Thinking the worst is the best thing to do in this situation.  Until
>> > >> Valve
>> > >> > release some indication of what account details (if any) have
>> > >> > been compromised it's easiest to assume all details have been, and
>> > advise
>> > >> > all users to look over their account security.  Steamguard works
>> > great if
>> > >> > you have different passwords for your steam account and steam forums
>> > and
>> > >> > email, but I still know a lot of users both in gaming areas and real
>> > life
>> > >> > areas that use the same password for everything (despite how much I
>> > >> > discourage it).
>> > >> >
>> > >> > Everyone is speculating because Valve have not released any details
>> > as to
>> > >> > what has been comprised.  After nearly 48 hours that's pretty
>> > >> unacceptable
>> > >> > from a multi-million user company.
>> > >> >
>> > >> > On 9 November 2011 01:19, DontWannaName! 
>> > wrote:
>> > >> >
>> > >> >> I think you are thinking the worst. All someone needs to post what
>> > they
>> > >> did
>> > >> >> is access to the VB admin CP which just requires an admin. My guess
>> > is
>> > >> it
>> > >> >> isnt as bad as people are making it out to be and right now
>> everyone
>> > is
>> > >> >> speculating the worst. Just chill
>> > >> >>
>> > >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe <
>> kugr...@gmail.com>
>> > >> >> wrote:
>> > >> >>
>> > >> >> > Correct, but where else should it be posted?  On the forums
>> maybe?
>> > >>  It's
>> > >> >> > been nearly two days, and still no official press release.  A few
>> > >> people
>> > >> >> > have reported receiving spam emails and I've seen unconfirmed
>> > reports
>> > >> of
>> > >> >> > password databases being leaked.
>> > >> >> > I don't have much doubt that most people on this list have good
>> > >> password
>> > >> >> > management, but I'm sure there's still millions of forums users
>> > >> unaware
>> > >> >> > that any hack happened, or if they are aware, how it may have
>> > effected
>> > >> >> > them.
>> > >> >> >
>> > >> >> > On 8 November 2011 20:05, msleeper > >
>> > >> wrote:
>> > >> >> >
>> > >> >> > > This is not relevant to server administration.
>> > >> >> > >
>> > >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob 
>> > wrote:
>> > >> >> > > > Hello Valve,
>> > >> >> > > >
>> > >> >> > > >  I'd like to request notification via these mailing lists
>> > once/if
>> > >> >> Valve
>> > >> >> > > > makes a statement about todays security breach and subsequent
>> > >> >> downtime.
>> > >> >> > > >
>> > >> >> > > >
>> > >> >> > >
>> > >> >> >
>> > >> >>
>> > >>
>> >
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> > >> >> > > > ___
>> > >> >> > > > To unsubscribe, edit your list preferences, or view the list
>> > >> >> archives,
>> > >> >> > > please visit:
>> > >> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> > >> >> > > >
>> > >> >> > >
>> > >> >> > > ___
>> > >> >> > > To unsubscribe, edit your list preferences, or view the list
>> > >> archives,
>> > >> >> > > please visit:
>> > >> >> > > http://list.valveso

Re: [hlds_linux] Valve Security Breach

[1nsane]

Wow, clearly it's a conspiracy. Valve must be completely compromised.

Except I see hundreds (thousands?) of Valve TF2 servers in my server
browser.

They are not down.

On Tue, Nov 8, 2011 at 9:12 PM, coffee problem wrote:

> I wonder why the Valve TF2 servers themselves have been offline since
> yesterday.
>
> On Tue, Nov 8, 2011 at 9:09 PM, msleeper  >wrote:
>
> > As I said:
> >
> > > Assuming that your SPUF login and password is the same as your Steam
> > > login and password, 1.) that's not Valve's fault that you are
> > > literally the worst at the password game, but 2.) it's only a problem
> > > if you are in the 0.001% of people who don't use Steam Guard.
> >
> > So unless your "several hundred users" all some how fit both of those
> > profiles, then I don't see what there is to be freaking out about.
> >
> > How many of you are aware that the forum is a completely separate and
> > unconnected entity to every other Steam service?
> >
> > On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
> > wrote:
> > > Feel free to suggest a better option.  Should I ignore the still as yet
> > > unknown (and unconfirmed by the company) security breach that has
> > rendered
> > > a major section of it's website offline for near on two days, or warn
> the
> > > several hundred of my users that they should look over their account
> and
> > > security details?
> > >
> > > On 9 November 2011 01:45, msleeper 
> wrote:
> > >
> > >> Yes, panicking and being reactionary is always the best course of
> > action.
> > >>
> > >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
> > >> wrote:
> > >> > Thinking the worst is the best thing to do in this situation.  Until
> > >> Valve
> > >> > release some indication of what account details (if any) have
> > >> > been compromised it's easiest to assume all details have been, and
> > advise
> > >> > all users to look over their account security.  Steamguard works
> > great if
> > >> > you have different passwords for your steam account and steam forums
> > and
> > >> > email, but I still know a lot of users both in gaming areas and real
> > life
> > >> > areas that use the same password for everything (despite how much I
> > >> > discourage it).
> > >> >
> > >> > Everyone is speculating because Valve have not released any details
> > as to
> > >> > what has been comprised.  After nearly 48 hours that's pretty
> > >> unacceptable
> > >> > from a multi-million user company.
> > >> >
> > >> > On 9 November 2011 01:19, DontWannaName! 
> > wrote:
> > >> >
> > >> >> I think you are thinking the worst. All someone needs to post what
> > they
> > >> did
> > >> >> is access to the VB admin CP which just requires an admin. My guess
> > is
> > >> it
> > >> >> isnt as bad as people are making it out to be and right now
> everyone
> > is
> > >> >> speculating the worst. Just chill
> > >> >>
> > >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe <
> kugr...@gmail.com>
> > >> >> wrote:
> > >> >>
> > >> >> > Correct, but where else should it be posted?  On the forums
> maybe?
> > >>  It's
> > >> >> > been nearly two days, and still no official press release.  A few
> > >> people
> > >> >> > have reported receiving spam emails and I've seen unconfirmed
> > reports
> > >> of
> > >> >> > password databases being leaked.
> > >> >> > I don't have much doubt that most people on this list have good
> > >> password
> > >> >> > management, but I'm sure there's still millions of forums users
> > >> unaware
> > >> >> > that any hack happened, or if they are aware, how it may have
> > effected
> > >> >> > them.
> > >> >> >
> > >> >> > On 8 November 2011 20:05, msleeper  >
> > >> wrote:
> > >> >> >
> > >> >> > > This is not relevant to server administration.
> > >> >> > >
> > >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob 
> > wrote:
> > >> >> > > > Hello Valve,
> > >> >> > > >
> > >> >> > > >  I'd like to request notification via these mailing lists
> > once/if
> > >> >> Valve
> > >> >> > > > makes a statement about todays security breach and subsequent
> > >> >> downtime.
> > >> >> > > >
> > >> >> > > >
> > >> >> > >
> > >> >> >
> > >> >>
> > >>
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > >> >> > > > ___
> > >> >> > > > To unsubscribe, edit your list preferences, or view the list
> > >> >> archives,
> > >> >> > > please visit:
> > >> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> > >> >> > > >
> > >> >> > >
> > >> >> > > ___
> > >> >> > > To unsubscribe, edit your list preferences, or view the list
> > >> archives,
> > >> >> > > please visit:
> > >> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> > >> >> > >
> > >> >> > ___
> > >> >> > To unsubscribe, edit your list preferences, or view the list
> > archives,
> > >> >> > please visit:
> > >> >> > http://list.valvesoftware.com/mailm

Re: [hlds_linux] Valve Security Breach

[coffee problem]

I wonder why the Valve TF2 servers themselves have been offline since
yesterday.

On Tue, Nov 8, 2011 at 9:09 PM, msleeper wrote:

> As I said:
>
> > Assuming that your SPUF login and password is the same as your Steam
> > login and password, 1.) that's not Valve's fault that you are
> > literally the worst at the password game, but 2.) it's only a problem
> > if you are in the 0.001% of people who don't use Steam Guard.
>
> So unless your "several hundred users" all some how fit both of those
> profiles, then I don't see what there is to be freaking out about.
>
> How many of you are aware that the forum is a completely separate and
> unconnected entity to every other Steam service?
>
> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe 
> wrote:
> > Feel free to suggest a better option.  Should I ignore the still as yet
> > unknown (and unconfirmed by the company) security breach that has
> rendered
> > a major section of it's website offline for near on two days, or warn the
> > several hundred of my users that they should look over their account and
> > security details?
> >
> > On 9 November 2011 01:45, msleeper  wrote:
> >
> >> Yes, panicking and being reactionary is always the best course of
> action.
> >>
> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
> >> wrote:
> >> > Thinking the worst is the best thing to do in this situation.  Until
> >> Valve
> >> > release some indication of what account details (if any) have
> >> > been compromised it's easiest to assume all details have been, and
> advise
> >> > all users to look over their account security.  Steamguard works
> great if
> >> > you have different passwords for your steam account and steam forums
> and
> >> > email, but I still know a lot of users both in gaming areas and real
> life
> >> > areas that use the same password for everything (despite how much I
> >> > discourage it).
> >> >
> >> > Everyone is speculating because Valve have not released any details
> as to
> >> > what has been comprised.  After nearly 48 hours that's pretty
> >> unacceptable
> >> > from a multi-million user company.
> >> >
> >> > On 9 November 2011 01:19, DontWannaName! 
> wrote:
> >> >
> >> >> I think you are thinking the worst. All someone needs to post what
> they
> >> did
> >> >> is access to the VB admin CP which just requires an admin. My guess
> is
> >> it
> >> >> isnt as bad as people are making it out to be and right now everyone
> is
> >> >> speculating the worst. Just chill
> >> >>
> >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
> >> >> wrote:
> >> >>
> >> >> > Correct, but where else should it be posted?  On the forums maybe?
> >>  It's
> >> >> > been nearly two days, and still no official press release.  A few
> >> people
> >> >> > have reported receiving spam emails and I've seen unconfirmed
> reports
> >> of
> >> >> > password databases being leaked.
> >> >> > I don't have much doubt that most people on this list have good
> >> password
> >> >> > management, but I'm sure there's still millions of forums users
> >> unaware
> >> >> > that any hack happened, or if they are aware, how it may have
> effected
> >> >> > them.
> >> >> >
> >> >> > On 8 November 2011 20:05, msleeper 
> >> wrote:
> >> >> >
> >> >> > > This is not relevant to server administration.
> >> >> > >
> >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob 
> wrote:
> >> >> > > > Hello Valve,
> >> >> > > >
> >> >> > > >  I'd like to request notification via these mailing lists
> once/if
> >> >> Valve
> >> >> > > > makes a statement about todays security breach and subsequent
> >> >> downtime.
> >> >> > > >
> >> >> > > >
> >> >> > >
> >> >> >
> >> >>
> >>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> >> >> > > > ___
> >> >> > > > To unsubscribe, edit your list preferences, or view the list
> >> >> archives,
> >> >> > > please visit:
> >> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >> > > >
> >> >> > >
> >> >> > > ___
> >> >> > > To unsubscribe, edit your list preferences, or view the list
> >> archives,
> >> >> > > please visit:
> >> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >> > >
> >> >> > ___
> >> >> > To unsubscribe, edit your list preferences, or view the list
> archives,
> >> >> > please visit:
> >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >> >
> >> >> ___
> >> >> To unsubscribe, edit your list preferences, or view the list
> archives,
> >> >> please visit:
> >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >>
> >> > ___
> >> > To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >
> >>
> >> ___

Re: [hlds_linux] Valve Security Breach

[msleeper]

As I said:

> Assuming that your SPUF login and password is the same as your Steam
> login and password, 1.) that's not Valve's fault that you are
> literally the worst at the password game, but 2.) it's only a problem
> if you are in the 0.001% of people who don't use Steam Guard.

So unless your "several hundred users" all some how fit both of those
profiles, then I don't see what there is to be freaking out about.

How many of you are aware that the forum is a completely separate and
unconnected entity to every other Steam service?

On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe  wrote:
> Feel free to suggest a better option.  Should I ignore the still as yet
> unknown (and unconfirmed by the company) security breach that has rendered
> a major section of it's website offline for near on two days, or warn the
> several hundred of my users that they should look over their account and
> security details?
>
> On 9 November 2011 01:45, msleeper  wrote:
>
>> Yes, panicking and being reactionary is always the best course of action.
>>
>> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
>> wrote:
>> > Thinking the worst is the best thing to do in this situation.  Until
>> Valve
>> > release some indication of what account details (if any) have
>> > been compromised it's easiest to assume all details have been, and advise
>> > all users to look over their account security.  Steamguard works great if
>> > you have different passwords for your steam account and steam forums and
>> > email, but I still know a lot of users both in gaming areas and real life
>> > areas that use the same password for everything (despite how much I
>> > discourage it).
>> >
>> > Everyone is speculating because Valve have not released any details as to
>> > what has been comprised.  After nearly 48 hours that's pretty
>> unacceptable
>> > from a multi-million user company.
>> >
>> > On 9 November 2011 01:19, DontWannaName!  wrote:
>> >
>> >> I think you are thinking the worst. All someone needs to post what they
>> did
>> >> is access to the VB admin CP which just requires an admin. My guess is
>> it
>> >> isnt as bad as people are making it out to be and right now everyone is
>> >> speculating the worst. Just chill
>> >>
>> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
>> >> wrote:
>> >>
>> >> > Correct, but where else should it be posted?  On the forums maybe?
>>  It's
>> >> > been nearly two days, and still no official press release.  A few
>> people
>> >> > have reported receiving spam emails and I've seen unconfirmed reports
>> of
>> >> > password databases being leaked.
>> >> > I don't have much doubt that most people on this list have good
>> password
>> >> > management, but I'm sure there's still millions of forums users
>> unaware
>> >> > that any hack happened, or if they are aware, how it may have effected
>> >> > them.
>> >> >
>> >> > On 8 November 2011 20:05, msleeper 
>> wrote:
>> >> >
>> >> > > This is not relevant to server administration.
>> >> > >
>> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>> >> > > > Hello Valve,
>> >> > > >
>> >> > > >  I'd like to request notification via these mailing lists once/if
>> >> Valve
>> >> > > > makes a statement about todays security breach and subsequent
>> >> downtime.
>> >> > > >
>> >> > > >
>> >> > >
>> >> >
>> >>
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> >> > > > ___
>> >> > > > To unsubscribe, edit your list preferences, or view the list
>> >> archives,
>> >> > > please visit:
>> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >> > > >
>> >> > >
>> >> > > ___
>> >> > > To unsubscribe, edit your list preferences, or view the list
>> archives,
>> >> > > please visit:
>> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >> > >
>> >> > ___
>> >> > To unsubscribe, edit your list preferences, or view the list archives,
>> >> > please visit:
>> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >> >
>> >> ___
>> >> To unsubscribe, edit your list preferences, or view the list archives,
>> >> please visit:
>> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >>
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

Re: [hlds_linux] Valve Security Breach

[Nathan Radcliffe]

Feel free to suggest a better option.  Should I ignore the still as yet
unknown (and unconfirmed by the company) security breach that has rendered
a major section of it's website offline for near on two days, or warn the
several hundred of my users that they should look over their account and
security details?

On 9 November 2011 01:45, msleeper  wrote:

> Yes, panicking and being reactionary is always the best course of action.
>
> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
> wrote:
> > Thinking the worst is the best thing to do in this situation.  Until
> Valve
> > release some indication of what account details (if any) have
> > been compromised it's easiest to assume all details have been, and advise
> > all users to look over their account security.  Steamguard works great if
> > you have different passwords for your steam account and steam forums and
> > email, but I still know a lot of users both in gaming areas and real life
> > areas that use the same password for everything (despite how much I
> > discourage it).
> >
> > Everyone is speculating because Valve have not released any details as to
> > what has been comprised.  After nearly 48 hours that's pretty
> unacceptable
> > from a multi-million user company.
> >
> > On 9 November 2011 01:19, DontWannaName!  wrote:
> >
> >> I think you are thinking the worst. All someone needs to post what they
> did
> >> is access to the VB admin CP which just requires an admin. My guess is
> it
> >> isnt as bad as people are making it out to be and right now everyone is
> >> speculating the worst. Just chill
> >>
> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
> >> wrote:
> >>
> >> > Correct, but where else should it be posted?  On the forums maybe?
>  It's
> >> > been nearly two days, and still no official press release.  A few
> people
> >> > have reported receiving spam emails and I've seen unconfirmed reports
> of
> >> > password databases being leaked.
> >> > I don't have much doubt that most people on this list have good
> password
> >> > management, but I'm sure there's still millions of forums users
> unaware
> >> > that any hack happened, or if they are aware, how it may have effected
> >> > them.
> >> >
> >> > On 8 November 2011 20:05, msleeper 
> wrote:
> >> >
> >> > > This is not relevant to server administration.
> >> > >
> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> >> > > > Hello Valve,
> >> > > >
> >> > > >  I'd like to request notification via these mailing lists once/if
> >> Valve
> >> > > > makes a statement about todays security breach and subsequent
> >> downtime.
> >> > > >
> >> > > >
> >> > >
> >> >
> >>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> >> > > > ___
> >> > > > To unsubscribe, edit your list preferences, or view the list
> >> archives,
> >> > > please visit:
> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> > > >
> >> > >
> >> > > ___
> >> > > To unsubscribe, edit your list preferences, or view the list
> archives,
> >> > > please visit:
> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> > >
> >> > ___
> >> > To unsubscribe, edit your list preferences, or view the list archives,
> >> > please visit:
> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Jesse Porter]

Don't sell yourself short.  I'm pretty sure you'd find something to panic
about anyway -- probably "they answered too fast, they're lying!"

On Tue, Nov 8, 2011 at 7:03 PM, Necavi  wrote:

> There would be no,  or at least much less cause to panic if we had any sort
> of idea at all of what is going on, their reluctance to comment could very
> well mean anything, but in some ways I'm more inclined to think the worst
> of
> such a delay, not the best.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
> Sent: Tuesday, November 08, 2011 17:45
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Yes, panicking and being reactionary is always the best course of action.
>
> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe 
> wrote:
> > Thinking the worst is the best thing to do in this situation.  Until
> Valve
> > release some indication of what account details (if any) have
> > been compromised it's easiest to assume all details have been, and advise
> > all users to look over their account security.  Steamguard works great if
> > you have different passwords for your steam account and steam forums and
> > email, but I still know a lot of users both in gaming areas and real life
> > areas that use the same password for everything (despite how much I
> > discourage it).
> >
> > Everyone is speculating because Valve have not released any details as to
> > what has been comprised.  After nearly 48 hours that's pretty
> unacceptable
> > from a multi-million user company.
> >
> > On 9 November 2011 01:19, DontWannaName!  wrote:
> >
> >> I think you are thinking the worst. All someone needs to post what they
> did
> >> is access to the VB admin CP which just requires an admin. My guess is
> it
> >> isnt as bad as people are making it out to be and right now everyone is
> >> speculating the worst. Just chill
> >>
> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
> >> wrote:
> >>
> >> > Correct, but where else should it be posted?  On the forums maybe?
>  It's
> >> > been nearly two days, and still no official press release.  A few
> people
> >> > have reported receiving spam emails and I've seen unconfirmed reports
> of
> >> > password databases being leaked.
> >> > I don't have much doubt that most people on this list have good
> password
> >> > management, but I'm sure there's still millions of forums users
> unaware
> >> > that any hack happened, or if they are aware, how it may have effected
> >> > them.
> >> >
> >> > On 8 November 2011 20:05, msleeper 
> wrote:
> >> >
> >> > > This is not relevant to server administration.
> >> > >
> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> >> > > > Hello Valve,
> >> > > >
> >> > > >  I'd like to request notification via these mailing lists once/if
> >> Valve
> >> > > > makes a statement about todays security breach and subsequent
> >> downtime.
> >> > > >
> >> > > >
> >> > >
> >> >
> >>
>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
> tack/
> >> > > > ___
> >> > > > To unsubscribe, edit your list preferences, or view the list
> >> archives,
> >> > > please visit:
> >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> > > >
> >> > >
> >> > > ___
> >> > > To unsubscribe, edit your list preferences, or view the list
> archives,
> >> > > please visit:
> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> > >
> >> > ___
> >> > To unsubscribe, edit your list preferences, or view the list archives,
> >> > please visit:
> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >> >
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Necavi]

There would be no,  or at least much less cause to panic if we had any sort
of idea at all of what is going on, their reluctance to comment could very
well mean anything, but in some ways I'm more inclined to think the worst of
such a delay, not the best.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of msleeper
Sent: Tuesday, November 08, 2011 17:45
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

Yes, panicking and being reactionary is always the best course of action.

On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe  wrote:
> Thinking the worst is the best thing to do in this situation.  Until Valve
> release some indication of what account details (if any) have
> been compromised it's easiest to assume all details have been, and advise
> all users to look over their account security.  Steamguard works great if
> you have different passwords for your steam account and steam forums and
> email, but I still know a lot of users both in gaming areas and real life
> areas that use the same password for everything (despite how much I
> discourage it).
>
> Everyone is speculating because Valve have not released any details as to
> what has been comprised.  After nearly 48 hours that's pretty unacceptable
> from a multi-million user company.
>
> On 9 November 2011 01:19, DontWannaName!  wrote:
>
>> I think you are thinking the worst. All someone needs to post what they
did
>> is access to the VB admin CP which just requires an admin. My guess is it
>> isnt as bad as people are making it out to be and right now everyone is
>> speculating the worst. Just chill
>>
>> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
>> wrote:
>>
>> > Correct, but where else should it be posted?  On the forums maybe?
 It's
>> > been nearly two days, and still no official press release.  A few
people
>> > have reported receiving spam emails and I've seen unconfirmed reports
of
>> > password databases being leaked.
>> > I don't have much doubt that most people on this list have good
password
>> > management, but I'm sure there's still millions of forums users unaware
>> > that any hack happened, or if they are aware, how it may have effected
>> > them.
>> >
>> > On 8 November 2011 20:05, msleeper 
wrote:
>> >
>> > > This is not relevant to server administration.
>> > >
>> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>> > > > Hello Valve,
>> > > >
>> > > >  I'd like to request notification via these mailing lists once/if
>> Valve
>> > > > makes a statement about todays security breach and subsequent
>> downtime.
>> > > >
>> > > >
>> > >
>> >
>>
http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
tack/
>> > > > ___
>> > > > To unsubscribe, edit your list preferences, or view the list
>> archives,
>> > > please visit:
>> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> > > >
>> > >
>> > > ___
>> > > To unsubscribe, edit your list preferences, or view the list
archives,
>> > > please visit:
>> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> > >
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list archives,
>> > please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[msleeper]

Yes, panicking and being reactionary is always the best course of action.

On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe  wrote:
> Thinking the worst is the best thing to do in this situation.  Until Valve
> release some indication of what account details (if any) have
> been compromised it's easiest to assume all details have been, and advise
> all users to look over their account security.  Steamguard works great if
> you have different passwords for your steam account and steam forums and
> email, but I still know a lot of users both in gaming areas and real life
> areas that use the same password for everything (despite how much I
> discourage it).
>
> Everyone is speculating because Valve have not released any details as to
> what has been comprised.  After nearly 48 hours that's pretty unacceptable
> from a multi-million user company.
>
> On 9 November 2011 01:19, DontWannaName!  wrote:
>
>> I think you are thinking the worst. All someone needs to post what they did
>> is access to the VB admin CP which just requires an admin. My guess is it
>> isnt as bad as people are making it out to be and right now everyone is
>> speculating the worst. Just chill
>>
>> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
>> wrote:
>>
>> > Correct, but where else should it be posted?  On the forums maybe?  It's
>> > been nearly two days, and still no official press release.  A few people
>> > have reported receiving spam emails and I've seen unconfirmed reports of
>> > password databases being leaked.
>> > I don't have much doubt that most people on this list have good password
>> > management, but I'm sure there's still millions of forums users unaware
>> > that any hack happened, or if they are aware, how it may have effected
>> > them.
>> >
>> > On 8 November 2011 20:05, msleeper  wrote:
>> >
>> > > This is not relevant to server administration.
>> > >
>> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>> > > > Hello Valve,
>> > > >
>> > > >  I'd like to request notification via these mailing lists once/if
>> Valve
>> > > > makes a statement about todays security breach and subsequent
>> downtime.
>> > > >
>> > > >
>> > >
>> >
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> > > > ___
>> > > > To unsubscribe, edit your list preferences, or view the list
>> archives,
>> > > please visit:
>> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> > > >
>> > >
>> > > ___
>> > > To unsubscribe, edit your list preferences, or view the list archives,
>> > > please visit:
>> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> > >
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list archives,
>> > please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Nathan Radcliffe]

Thinking the worst is the best thing to do in this situation.  Until Valve
release some indication of what account details (if any) have
been compromised it's easiest to assume all details have been, and advise
all users to look over their account security.  Steamguard works great if
you have different passwords for your steam account and steam forums and
email, but I still know a lot of users both in gaming areas and real life
areas that use the same password for everything (despite how much I
discourage it).

Everyone is speculating because Valve have not released any details as to
what has been comprised.  After nearly 48 hours that's pretty unacceptable
from a multi-million user company.

On 9 November 2011 01:19, DontWannaName!  wrote:

> I think you are thinking the worst. All someone needs to post what they did
> is access to the VB admin CP which just requires an admin. My guess is it
> isnt as bad as people are making it out to be and right now everyone is
> speculating the worst. Just chill
>
> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe 
> wrote:
>
> > Correct, but where else should it be posted?  On the forums maybe?  It's
> > been nearly two days, and still no official press release.  A few people
> > have reported receiving spam emails and I've seen unconfirmed reports of
> > password databases being leaked.
> > I don't have much doubt that most people on this list have good password
> > management, but I'm sure there's still millions of forums users unaware
> > that any hack happened, or if they are aware, how it may have effected
> > them.
> >
> > On 8 November 2011 20:05, msleeper  wrote:
> >
> > > This is not relevant to server administration.
> > >
> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> > > > Hello Valve,
> > > >
> > > >  I'd like to request notification via these mailing lists once/if
> Valve
> > > > makes a statement about todays security breach and subsequent
> downtime.
> > > >
> > > >
> > >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > > > ___
> > > > To unsubscribe, edit your list preferences, or view the list
> archives,
> > > please visit:
> > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> > > >
> > >
> > > ___
> > > To unsubscribe, edit your list preferences, or view the list archives,
> > > please visit:
> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> > >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[bottige...@gmail.com]

This is related to server administration. Some people use Steam groups
to make administrators.

Many people are also running TF2 websites that use Steam openid, and
if that is compromised, then impersonation can occur which results in
scams.

On Tue, Nov 8, 2011 at 12:05 PM, msleeper  wrote:
> This is not relevant to server administration.
>
> On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>> Hello Valve,
>>
>>  I'd like to request notification via these mailing lists once/if Valve
>> makes a statement about todays security breach and subsequent downtime.
>>
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[DontWannaName!]

I think you are thinking the worst. All someone needs to post what they did
is access to the VB admin CP which just requires an admin. My guess is it
isnt as bad as people are making it out to be and right now everyone is
speculating the worst. Just chill

On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe  wrote:

> Correct, but where else should it be posted?  On the forums maybe?  It's
> been nearly two days, and still no official press release.  A few people
> have reported receiving spam emails and I've seen unconfirmed reports of
> password databases being leaked.
> I don't have much doubt that most people on this list have good password
> management, but I'm sure there's still millions of forums users unaware
> that any hack happened, or if they are aware, how it may have effected
> them.
>
> On 8 November 2011 20:05, msleeper  wrote:
>
> > This is not relevant to server administration.
> >
> > On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> > > Hello Valve,
> > >
> > >  I'd like to request notification via these mailing lists once/if Valve
> > > makes a statement about todays security breach and subsequent downtime.
> > >
> > >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > > ___
> > > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> > >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Nathan Radcliffe]

Correct, but where else should it be posted?  On the forums maybe?  It's
been nearly two days, and still no official press release.  A few people
have reported receiving spam emails and I've seen unconfirmed reports of
password databases being leaked.
I don't have much doubt that most people on this list have good password
management, but I'm sure there's still millions of forums users unaware
that any hack happened, or if they are aware, how it may have effected them.

On 8 November 2011 20:05, msleeper  wrote:

> This is not relevant to server administration.
>
> On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> > Hello Valve,
> >
> >  I'd like to request notification via these mailing lists once/if Valve
> > makes a statement about todays security breach and subsequent downtime.
> >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[DontWannaName!]

Looks like its disabled now...

http://sourceop.com/modules.php?name=Forums&file=viewtopic&t=90261&postdays=0&postorder=asc&start=75

On Tue, Nov 8, 2011 at 3:58 PM, coffee problem wrote:

> Unfortunately, they are probably going to just let it stay hacked. Since
> they have said they aren't going to chase the fake clients issue due to
> more bugs being introduced by patching against it, why bother with the
> forums? Fix one hole, someone finds another.
>
> Oh well, it was a good community while it lasted!
>
> CP
>
> On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>
> > Hello Valve,
> >
> >  I'd like to request notification via these mailing lists once/if Valve
> > makes a statement about todays security breach and subsequent downtime.
> >
> >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[coffee problem]

Unfortunately, they are probably going to just let it stay hacked. Since
they have said they aren't going to chase the fake clients issue due to
more bugs being introduced by patching against it, why bother with the
forums? Fix one hole, someone finds another.

Oh well, it was a good community while it lasted!

CP

On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:

> Hello Valve,
>
>  I'd like to request notification via these mailing lists once/if Valve
> makes a statement about todays security breach and subsequent downtime.
>
>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[msleeper]

Assuming that your SPUF login and password is the same as your Steam
login and password, 1.) that's not Valve's fault that you are
literally the worst at the password game, but 2.) it's only a problem
if you are in the 0.001% of people who don't use Steam Guard.

On Tue, Nov 8, 2011 at 3:41 PM, Flubber  wrote:
> Server being linked to Steam Account, i'd say it's linked somehow.
>
> 2011/11/8 msleeper 
>
>> This is not relevant to server administration.
>>
>> On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
>> > Hello Valve,
>> >
>> >  I'd like to request notification via these mailing lists once/if Valve
>> > makes a statement about todays security breach and subsequent downtime.
>> >
>> >
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Flubber]

Server being linked to Steam Account, i'd say it's linked somehow.

2011/11/8 msleeper 

> This is not relevant to server administration.
>
> On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> > Hello Valve,
> >
> >  I'd like to request notification via these mailing lists once/if Valve
> > makes a statement about todays security breach and subsequent downtime.
> >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[msleeper]

This is not relevant to server administration.

On Tue, Nov 8, 2011 at 1:07 AM, m33crob  wrote:
> Hello Valve,
>
>  I'd like to request notification via these mailing lists once/if Valve
> makes a statement about todays security breach and subsequent downtime.
>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Mart-Jan Reeuwijk]

I do notice a load more spam since S: normally only 1-3 spam a day, now in just 
8 hours already 20 on the email account related to my spuf account.


>
>From: DontWannaName! 
>To: Half-Life dedicated Linux server mailing list 
>
>Sent: Tuesday, 8 November 2011, 16:18
>Subject: Re: [hlds_linux] Valve Security Breach
>
>Lol please stop making terrible excuses to connect any Steam issue with the 
>forum issue. They are completely unrelated. You need to contact support. 
>Everyone else just needs to be patient with the forums. They probably don't 
>want it to happen again so it's going to take time.
>
>Sent from my iPhone 4
>
>On Nov 8, 2011, at 1:31 AM, Russell Smith  wrote:
>
>> Haven't been able to add any funds to my Steam Wallet all night for the TF2 
>> store.  Get a CC declined message almost instantly when going through 
>> Firefox.  If I try in game the page just errors out after trying to load for 
>> 20 seconds or so.  Might be related.
>> 
>> On 11/7/2011 10:14 PM, Richard GrosJean wrote:
>>> Steam store is loading just fine here. AFAIK only the forums are affected.
>>> 
>>> On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
>>>> Is valve under some sort of major attack? I've noticed that the forums were
>>>> hacked, the VAC servers are down, and several parts of the site (such as 
>>>> the
>>>> steam store) won't load and are throwing out errors...this seems rather
>>>> serious. and maybe it's just where I've been looking, but I haven't seen 
>>>> any
>>>> official comment from Valve regarding any of these things.
>>>> 
>>>> -Original Message-
>>>> From: hlds_linux-boun...@list.valvesoftware.com
>>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
>>>> Sent: Monday, November 07, 2011 22:08
>>>> To: Half-Life dedicated Linux server mailing list; Half-Life dedicated 
>>>> Win32
>>>> server mailing list
>>>> Subject: [hlds_linux] Valve Security Breach
>>>> 
>>>> Hello Valve,
>>>> 
>>>>  I'd like to request notification via these mailing lists once/if Valve
>>>> makes a statement about todays security breach and subsequent downtime.
>>>> 
>>>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
>>>> tack/
>>>> ___
>>>> To unsubscribe, edit your list preferences, or view the list archives,
>>>> please visit:
>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>> 
>>>> 
>>>> ___
>>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>>> please visit:
>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>> 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> 
>> 
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>___
>To unsubscribe, edit your list preferences, or view the list archives, please 
>visit:
>http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[DontWannaName!]

Lol please stop making terrible excuses to connect any Steam issue with the 
forum issue. They are completely unrelated. You need to contact support. 
Everyone else just needs to be patient with the forums. They probably don't 
want it to happen again so it's going to take time.

Sent from my iPhone 4

On Nov 8, 2011, at 1:31 AM, Russell Smith  wrote:

> Haven't been able to add any funds to my Steam Wallet all night for the TF2 
> store.  Get a CC declined message almost instantly when going through 
> Firefox.  If I try in game the page just errors out after trying to load for 
> 20 seconds or so.  Might be related.
> 
> On 11/7/2011 10:14 PM, Richard GrosJean wrote:
>> Steam store is loading just fine here. AFAIK only the forums are affected.
>> 
>> On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
>>> Is valve under some sort of major attack? I've noticed that the forums were
>>> hacked, the VAC servers are down, and several parts of the site (such as the
>>> steam store) won't load and are throwing out errors...this seems rather
>>> serious. and maybe it's just where I've been looking, but I haven't seen any
>>> official comment from Valve regarding any of these things.
>>> 
>>> -Original Message-
>>> From: hlds_linux-boun...@list.valvesoftware.com
>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
>>> Sent: Monday, November 07, 2011 22:08
>>> To: Half-Life dedicated Linux server mailing list; Half-Life dedicated Win32
>>> server mailing list
>>> Subject: [hlds_linux] Valve Security Breach
>>> 
>>> Hello Valve,
>>> 
>>>  I'd like to request notification via these mailing lists once/if Valve
>>> makes a statement about todays security breach and subsequent downtime.
>>> 
>>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
>>> tack/
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> 
>>> 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> 
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Russell Smith]

Haven't been able to add any funds to my Steam Wallet all night for the 
TF2 store.  Get a CC declined message almost instantly when going 
through Firefox.  If I try in game the page just errors out after trying 
to load for 20 seconds or so.  Might be related.


On 11/7/2011 10:14 PM, Richard GrosJean wrote:

Steam store is loading just fine here. AFAIK only the forums are affected.

On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:

Is valve under some sort of major attack? I've noticed that the forums were
hacked, the VAC servers are down, and several parts of the site (such as the
steam store) won't load and are throwing out errors...this seems rather
serious. and maybe it's just where I've been looking, but I haven't seen any
official comment from Valve regarding any of these things.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
Sent: Monday, November 07, 2011 22:08
To: Half-Life dedicated Linux server mailing list; Half-Life dedicated Win32
server mailing list
Subject: [hlds_linux] Valve Security Breach

Hello Valve,

  I'd like to request notification via these mailing lists once/if Valve
makes a statement about todays security breach and subsequent downtime.

http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
tack/
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[James Botting]

Well, vBulletin keep their 3.x series up to date with critical bug
fixes as far as I am aware. Since 4.x is both expensive to upgrade to
and still in its early years. Though I do believe 3.8.7 is out of date
for the 3.x series.


On Tue, Nov 8, 2011 at 8:33 AM, dmex  wrote:
> You'll probably find the breach was the result of Valve using an out-dated
> version of vBulletin (3.8.7) for their forums when the latest version is
> 4.1.7.
>
> A search for vBullitin 3.8.7 exploit returns quite a few things.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Emil Larsson
> Sent: Tuesday, 8 November 2011 4:07 PM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Security Breach
>
> Indeed, as far I heard the forums are on a wholly separate server, the
> forums and the TF2 wiki share servers but is otherwise separated from rest
> of Steam.
>
> Would like a word about the reach of damage and vaguely how the breach was
> done though.
>
> On Tue, Nov 8, 2011 at 7:14 AM, Richard GrosJean > wrote:
>
>> Steam store is loading just fine here. AFAIK only the forums are affected.
>>
>> On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
>> > Is valve under some sort of major attack? I've noticed that the
>> > forums
>> were
>> > hacked, the VAC servers are down, and several parts of the site
>> > (such as
>> the
>> > steam store) won't load and are throwing out errors...this seems
>> > rather serious. and maybe it's just where I've been looking, but I
>> > haven't seen
>> any
>> > official comment from Valve regarding any of these things.
>> >
>> > -Original Message-
>> > From: hlds_linux-boun...@list.valvesoftware.com
>> > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of
>> > m33crob
>> > Sent: Monday, November 07, 2011 22:08
>> > To: Half-Life dedicated Linux server mailing list; Half-Life
>> > dedicated
>> Win32
>> > server mailing list
>> > Subject: [hlds_linux] Valve Security Breach
>> >
>> > Hello Valve,
>> >
>> >  I'd like to request notification via these mailing lists once/if
>> > Valve makes a statement about todays security breach and subsequent
> downtime.
>> >
>> >
>> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hac
>> ker-at
>> > tack/
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list
>> > archives, please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>> >
>> > ___
>> > To unsubscribe, edit your list preferences, or view the list
>> > archives,
>> please visit:
>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> >
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[dmex]

You'll probably find the breach was the result of Valve using an out-dated
version of vBulletin (3.8.7) for their forums when the latest version is
4.1.7.

A search for vBullitin 3.8.7 exploit returns quite a few things. 

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Emil Larsson
Sent: Tuesday, 8 November 2011 4:07 PM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

Indeed, as far I heard the forums are on a wholly separate server, the
forums and the TF2 wiki share servers but is otherwise separated from rest
of Steam.

Would like a word about the reach of damage and vaguely how the breach was
done though.

On Tue, Nov 8, 2011 at 7:14 AM, Richard GrosJean  wrote:

> Steam store is loading just fine here. AFAIK only the forums are affected.
>
> On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
> > Is valve under some sort of major attack? I've noticed that the 
> > forums
> were
> > hacked, the VAC servers are down, and several parts of the site 
> > (such as
> the
> > steam store) won't load and are throwing out errors...this seems 
> > rather serious. and maybe it's just where I've been looking, but I 
> > haven't seen
> any
> > official comment from Valve regarding any of these things.
> >
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com
> > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of 
> > m33crob
> > Sent: Monday, November 07, 2011 22:08
> > To: Half-Life dedicated Linux server mailing list; Half-Life 
> > dedicated
> Win32
> > server mailing list
> > Subject: [hlds_linux] Valve Security Breach
> >
> > Hello Valve,
> >
> >  I'd like to request notification via these mailing lists once/if 
> > Valve makes a statement about todays security breach and subsequent
downtime.
> >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hac
> ker-at
> > tack/
> > ___
> > To unsubscribe, edit your list preferences, or view the list 
> > archives, please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list 
> > archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Emil Larsson]

Indeed, as far I heard the forums are on a wholly separate server, the
forums and the TF2 wiki share servers but is otherwise separated from rest
of Steam.

Would like a word about the reach of damage and vaguely how the breach was
done though.

On Tue, Nov 8, 2011 at 7:14 AM, Richard GrosJean  wrote:

> Steam store is loading just fine here. AFAIK only the forums are affected.
>
> On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
> > Is valve under some sort of major attack? I've noticed that the forums
> were
> > hacked, the VAC servers are down, and several parts of the site (such as
> the
> > steam store) won't load and are throwing out errors...this seems rather
> > serious. and maybe it's just where I've been looking, but I haven't seen
> any
> > official comment from Valve regarding any of these things.
> >
> > -Original Message-
> > From: hlds_linux-boun...@list.valvesoftware.com
> > [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
> > Sent: Monday, November 07, 2011 22:08
> > To: Half-Life dedicated Linux server mailing list; Half-Life dedicated
> Win32
> > server mailing list
> > Subject: [hlds_linux] Valve Security Breach
> >
> > Hello Valve,
> >
> >  I'd like to request notification via these mailing lists once/if Valve
> > makes a statement about todays security breach and subsequent downtime.
> >
> >
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
> > tack/
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Necavi]

I know that the last two things I mentioned happen every once in a while,
but I'm curious as to why they're all happening at the same time

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of ics
Sent: Monday, November 07, 2011 22:17
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Security Breach

The site that the article mentions - i got one of those e-mails and it 
was sent from webmas...@steampowered.com. I checked the headers data, it 
came from Valve. I'm assuming it was sent to everyone who has forum account

Store issues propably are not related to this. While back it has shown 
errors or loading slowly on a game release and MW3 is about to do that 
on rest of the world. Currently it works fine for me.

-ics

8.11.2011 8:10, Necavi kirjoitti:
> Is valve under some sort of major attack? I've noticed that the forums
were
> hacked, the VAC servers are down, and several parts of the site (such as
the
> steam store) won't load and are throwing out errors...this seems rather
> serious. and maybe it's just where I've been looking, but I haven't seen
any
> official comment from Valve regarding any of these things.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
> Sent: Monday, November 07, 2011 22:08
> To: Half-Life dedicated Linux server mailing list; Half-Life dedicated
Win32
> server mailing list
> Subject: [hlds_linux] Valve Security Breach
>
> Hello Valve,
>
>I'd like to request notification via these mailing lists once/if Valve
> makes a statement about todays security breach and subsequent downtime.
>
>
http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
> tack/
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[ics]

The site that the article mentions - i got one of those e-mails and it 
was sent from webmas...@steampowered.com. I checked the headers data, it 
came from Valve. I'm assuming it was sent to everyone who has forum account


Store issues propably are not related to this. While back it has shown 
errors or loading slowly on a game release and MW3 is about to do that 
on rest of the world. Currently it works fine for me.


-ics

8.11.2011 8:10, Necavi kirjoitti:

Is valve under some sort of major attack? I've noticed that the forums were
hacked, the VAC servers are down, and several parts of the site (such as the
steam store) won't load and are throwing out errors...this seems rather
serious. and maybe it's just where I've been looking, but I haven't seen any
official comment from Valve regarding any of these things.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
Sent: Monday, November 07, 2011 22:08
To: Half-Life dedicated Linux server mailing list; Half-Life dedicated Win32
server mailing list
Subject: [hlds_linux] Valve Security Breach

Hello Valve,

   I'd like to request notification via these mailing lists once/if Valve
makes a statement about todays security breach and subsequent downtime.

http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
tack/
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Richard GrosJean]

Steam store is loading just fine here. AFAIK only the forums are affected.

On Tue, Nov 8, 2011 at 8:10 AM, Necavi  wrote:
> Is valve under some sort of major attack? I've noticed that the forums were
> hacked, the VAC servers are down, and several parts of the site (such as the
> steam store) won't load and are throwing out errors...this seems rather
> serious. and maybe it's just where I've been looking, but I haven't seen any
> official comment from Valve regarding any of these things.
>
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
> Sent: Monday, November 07, 2011 22:08
> To: Half-Life dedicated Linux server mailing list; Half-Life dedicated Win32
> server mailing list
> Subject: [hlds_linux] Valve Security Breach
>
> Hello Valve,
>
>  I'd like to request notification via these mailing lists once/if Valve
> makes a statement about todays security breach and subsequent downtime.
>
> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
> tack/
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Security Breach

[Necavi]

Is valve under some sort of major attack? I've noticed that the forums were
hacked, the VAC servers are down, and several parts of the site (such as the
steam store) won't load and are throwing out errors...this seems rather
serious. and maybe it's just where I've been looking, but I haven't seen any
official comment from Valve regarding any of these things.

-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of m33crob
Sent: Monday, November 07, 2011 22:08
To: Half-Life dedicated Linux server mailing list; Half-Life dedicated Win32
server mailing list
Subject: [hlds_linux] Valve Security Breach

Hello Valve,

  I'd like to request notification via these mailing lists once/if Valve
makes a statement about todays security breach and subsequent downtime.

http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-at
tack/
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

[hlds_linux] Valve Security Breach

[m33crob]

Hello Valve,

  I'd like to request notification via these mailing lists once/if Valve
makes a statement about todays security breach and subsequent downtime.

http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible-hacker-attack/
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux