Probably, but I have to assume some people in my community match that criteria. I also have to hold as a possibility that the attackers were able to leverage their exploitation of the forum system into some kind of possibly-successful intrusion into other parts of the steam system.
> -----Original Message----- > From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- > boun...@list.valvesoftware.com] On Behalf Of msleeper > Sent: 09 November 2011 03:40 > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] Valve Security Breach > > If you have the same password for your Steam forum account, for your > Steam login, and for the email address that Steam is tied to (and by > proxy, the same email address on file on SPUF) then - and I'm just > gonna say it - you probably deserve to have something bad like this > happen so you wisen up to better security practices. > > On Tue, Nov 8, 2011 at 9:42 PM, Nathan Radcliffe <kugr...@gmail.com> > wrote: > > And as I said: > > > >>> > Steamguard works great if > >>> > you have different passwords for your steam account and steam > forums > > and > >>> > email, but I still know a lot of users both in gaming areas and > real > > life > >>> > areas that use the same password for everything (despite how much > I > >>> > discourage it). > > > > If email address have been exposed and passwords have been exposed, > then > > all account details for anyone with no password management system > have been > > exposed. I don't run a service for computer security professionals - > I run > > a service for gamers. Until Valve release details as to the exposure > of > > this attack, neither you nor I fully know what credentials are out in > the > > wild, so is better to err on the side of caution. > > > > On 9 November 2011 02:09, msleeper <mslee...@ismsleeperwrong.com> > wrote: > > > >> As I said: > >> > >> > Assuming that your SPUF login and password is the same as your > Steam > >> > login and password, 1.) that's not Valve's fault that you are > >> > literally the worst at the password game, but 2.) it's only a > problem > >> > if you are in the 0.001% of people who don't use Steam Guard. > >> > >> So unless your "several hundred users" all some how fit both of > those > >> profiles, then I don't see what there is to be freaking out about. > >> > >> How many of you are aware that the forum is a completely separate > and > >> unconnected entity to every other Steam service? > >> > >> On Tue, Nov 8, 2011 at 9:06 PM, Nathan Radcliffe <kugr...@gmail.com> > >> wrote: > >> > Feel free to suggest a better option. Should I ignore the still > as yet > >> > unknown (and unconfirmed by the company) security breach that has > >> rendered > >> > a major section of it's website offline for near on two days, or > warn the > >> > several hundred of my users that they should look over their > account and > >> > security details? > >> > > >> > On 9 November 2011 01:45, msleeper <mslee...@ismsleeperwrong.com> > wrote: > >> > > >> >> Yes, panicking and being reactionary is always the best course of > >> action. > >> >> > >> >> On Tue, Nov 8, 2011 at 8:38 PM, Nathan Radcliffe > <kugr...@gmail.com> > >> >> wrote: > >> >> > Thinking the worst is the best thing to do in this situation. > Until > >> >> Valve > >> >> > release some indication of what account details (if any) have > >> >> > been compromised it's easiest to assume all details have been, > and > >> advise > >> >> > all users to look over their account security. Steamguard > works > >> great if > >> >> > you have different passwords for your steam account and steam > forums > >> and > >> >> > email, but I still know a lot of users both in gaming areas and > real > >> life > >> >> > areas that use the same password for everything (despite how > much I > >> >> > discourage it). > >> >> > > >> >> > Everyone is speculating because Valve have not released any > details > >> as to > >> >> > what has been comprised. After nearly 48 hours that's pretty > >> >> unacceptable > >> >> > from a multi-million user company. > >> >> > > >> >> > On 9 November 2011 01:19, DontWannaName! > <ad...@topnotchclan.com> > >> wrote: > >> >> > > >> >> >> I think you are thinking the worst. All someone needs to post > what > >> they > >> >> did > >> >> >> is access to the VB admin CP which just requires an admin. My > guess > >> is > >> >> it > >> >> >> isnt as bad as people are making it out to be and right now > everyone > >> is > >> >> >> speculating the worst. Just chill.... > >> >> >> > >> >> >> On Tue, Nov 8, 2011 at 4:51 PM, Nathan Radcliffe > <kugr...@gmail.com> > >> >> >> wrote: > >> >> >> > >> >> >> > Correct, but where else should it be posted? On the forums > maybe? > >> >> It's > >> >> >> > been nearly two days, and still no official press release. > A few > >> >> people > >> >> >> > have reported receiving spam emails and I've seen > unconfirmed > >> reports > >> >> of > >> >> >> > password databases being leaked. > >> >> >> > I don't have much doubt that most people on this list have > good > >> >> password > >> >> >> > management, but I'm sure there's still millions of forums > users > >> >> unaware > >> >> >> > that any hack happened, or if they are aware, how it may > have > >> effected > >> >> >> > them. > >> >> >> > > >> >> >> > On 8 November 2011 20:05, msleeper > <mslee...@ismsleeperwrong.com> > >> >> wrote: > >> >> >> > > >> >> >> > > This is not relevant to server administration. > >> >> >> > > > >> >> >> > > On Tue, Nov 8, 2011 at 1:07 AM, m33crob > <ad...@m33crob.com> > >> wrote: > >> >> >> > > > Hello Valve, > >> >> >> > > > > >> >> >> > > > I'd like to request notification via these mailing > lists > >> once/if > >> >> >> Valve > >> >> >> > > > makes a statement about todays security breach and > subsequent > >> >> >> downtime. > >> >> >> > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> > >> http://www.pcgamer.com/2011/11/07/steam-forums-down-after-possible- > hacker-attack/ > >> >> >> > > > _______________________________________________ > >> >> >> > > > To unsubscribe, edit your list preferences, or view the > list > >> >> >> archives, > >> >> >> > > please visit: > >> >> >> > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> >> > > > > >> >> >> > > > >> >> >> > > _______________________________________________ > >> >> >> > > To unsubscribe, edit your list preferences, or view the > list > >> >> archives, > >> >> >> > > please visit: > >> >> >> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> >> > > > >> >> >> > _______________________________________________ > >> >> >> > To unsubscribe, edit your list preferences, or view the list > >> archives, > >> >> >> > please visit: > >> >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> >> > > >> >> >> _______________________________________________ > >> >> >> To unsubscribe, edit your list preferences, or view the list > >> archives, > >> >> >> please visit: > >> >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> >> > >> >> > _______________________________________________ > >> >> > To unsubscribe, edit your list preferences, or view the list > archives, > >> >> please visit: > >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> > > >> >> > >> >> _______________________________________________ > >> >> To unsubscribe, edit your list preferences, or view the list > archives, > >> >> please visit: > >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> >> > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list > archives, > >> please visit: > >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list > archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux