that's a bad idea.. I almost never check the sh1tty hotmail account I signed up with for steam; give valve my primary email addresss...yeah right.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 10:07 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the "nosteam" hacks be fixed? One thing that could be done is to send a periodic email once a month to each steam account's email address and if no one responds ... Delete the account. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whisper Sent: Wednesday, December 15, 2004 5:22 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the "nosteam" hacks be fixed? >They are using legitimate steam id's, that belong to legitimate steam accounts. >The problem is that the game server and/or authentication server does >not check if the user owns the game he is playing. This probably needs >big changes in the way the clients obtain authentication data that is >sent to the game server. This can be a lot of work, as changes are >probably needed on clients, game servers and steam servers. Obviously >these changes need to be made at the same time, as most likely this >changes the communication protocols used, which is also a lot of work. What I still do not understand is if Valve know which username and I assume email address & password belongs to which STEAM_ID, why on gawds earth why can't Valve/STEAM use those variables to determine whether the person using the STEAM_ID is who they say they are? Surely the NOSTEAM hack does not have access to peoples Usernames/Passwords/E-mail addresses, does it? Why on Earth was it not always done this way in the first place? Why does anything have to be changed? Personally I could not have conceived doing it any other way!! On Wed, 15 Dec 2004 22:59:00 +0100, Maarten van der Zwaart <[EMAIL PROTECTED]> wrote: > On Thu, 16 Dec 2004 00:09:43 +1100, Whisper <[EMAIL PROTECTED]> wrote: > > Can somebody who is more familiar with Databases and Database security > > please explain to me/us why it is difficult for Valve to secure their > > STEAM_ID system? > > > > Doesn't Valve have complete control over the STEAM User and STEAM_ID database? > > Yes they do. > > > Doesn't Valve know which STEAM_ID's belong to which STEAM Users? > > They do know. > > > Don't Valve know whether a STEAM Account has been created legitimately > > on their STEAM User database or not? > > All accounts are created legitimately. > > > Can't Valve verify that people in a server are using STEAM_ID's that > > were created legitimately and belong to the STEAM User they purport to > > be? > > They are using legitimate steam id's, that belong to legitimate steam > accounts. > > The problem is that the game server and/or authentication server does > not check if the user owns the game he is playing. This probably needs > big changes in the way the clients obtain authentication data that is > sent to the game server. This can be a lot of work, as changes are > probably needed on clients, game servers and steam servers. Obviously > these changes need to be made at the same time, as most likely this > changes the communication protocols used, which is also a lot of work. > > Developing a new authentication scheme is not an easy task, but I'm sure > they're working on it. We'll just have to wait. > > Maarten > > -- > A: Because it fouls the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing on usenet and in e-mail? > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
