SteamGuard can be disabled entirely from a trusted computer without *any* notification or hassle. Don't like this.
On Sun, Jan 22, 2012 at 7:06 PM, Mart-Jan Reeuwijk <[email protected]> wrote: > hmm, I do have hope they mean with that the SteamGuard protected account in > question. And it DOES send a mail.... after, to notify you of the change and > a link to steam support, see below: > > ================================ > > > > Dear <snip>, > > This email message confirms that your Steam account contact email address has > been successfully changed. > We are sending this notice to ensure the privacy and security of your Steam > account. If you authorized this change, no further action is > necessary. If you did not authorize this change, or if you need > additional help with your account, please follow this link to the Steam > Support site and submit a request for assistance: > > http://support.steampowered. com/cgi-bin/steampowered.cfg/ > php/enduser/std_adp.php?p_ faqid=197 > Thanks for reviewing this information and helping us to maintain the privacy > and security of your account. > > The Steam Support Team > http://www.steampowered.com > ===================================== > I'd be against any "easy" like this. > > > Maybe implement a "panic" button, where the old login info can be used for x > time (3 days or some) after it got changed, and then the account can be > locked with this by the real owner, only undoable by a support ticket. > > > >>________________________________ >> From: Ryan Stecker <[email protected]> >>To: Mart-Jan Reeuwijk <[email protected]>; Half-Life dedicated Linux server >>mailing list <[email protected]> >>Sent: Sunday, 22 January 2012, 17:53 >>Subject: Re: [hlds_linux] Another high profile trader/admin hijacked. >> >> >>There was a recent feature addition to steam that allows email changes >>without confirmation for trusted computers. >> >>http://store.steampowered.com/news/7114/ >> >>I believe "trusted computer" in that sense means any account with SG enabled >>and authenticated. That would make it a quite frightening change, and I >>believe email confirmation should always be required. >> >>It may be possible he fell victim to this. >> >> >> >>On Sun, Jan 22, 2012 at 10:17 AM, Mart-Jan Reeuwijk <[email protected]> >>wrote: >> >>I can confirm that he is: >>> >>>- Author on EventScripts >>>- Admin on SteamRep.com >>>- Reddit Admin "thorax" >>> >>>- And I did have a "slowchat" with him on a private section of a forum. He >>>confirmed to me and others there that the security he listed there was as >>>how he runs it. >>> >>> >>> >>>Quote from him from that forum's private section: >>>I have to go to bed, but you can see my security precautions here: >>>http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/ >>> >>>My password policy was numbers, letters, spaces, upper-case letters, but >>>only 9 characters on Steam. >>> >>>My passwords are different everywhere. He somehow disabled SteamGuard, >>>probably remotely. >>> >>>If you recall, I helped datastorm review that hijack avoidance document. >>>You pretty much don't get more paranoid than me. I run 3 types of >>>malware detection and use Process Explorer multiple times a day to look >>>for any unsigned processes running to identify exactly what they are. >>> >>>Whatever this hijacker's attack is, it's not something common and not >>>something that we have good explicit tips for people to avoid. I'll >>>continue brainstorming tomorrow >>> >>>*snip non relevant* >>> >>>As I may have mentioned, he told multiple people that he targetted me >>>specifically because I tried to stop so many of the latest hijacks and >>>because I gave people tips to stop hijackings (especially double >>>hijackings). I'm sure money had something to do with it, too, but he >>>told my wife he did it for the challenge. Well, he won. >>> >>>[/Quote] >>> >>> >>> >>>Shame that his collection with regaining the account will be duped, and >>>therefore be worth a lot less. Also a pain that SteamGuard isn't the rigid >>>security I'd hoped for >>> >>> >>> >>>>________________________________ >>>> From: ics <[email protected]> >>> >>>>To: Half-Life dedicated Linux server mailing list >>>><[email protected]> >>>>Sent: Sunday, 22 January 2012, 16:11 >>> >>>>Subject: Re: [hlds_linux] Another high profile trader/admin hijacked. >>>> >>> >>>>Thats a bit of interesting thing in any case anyway, as if that's really >>>>the Mattie and he did have security in order listed on reddit and still was >>>>hacked, then does Steam has security issues again (forums anyone)? >>>>Steamguard ineffective? Interesting to see if he had the fault or Steam. >>>> >>>>-ics >>>> >>>>22.1.2012 16:43, Yuki kirjoitti: >>>>> Correct! However, sorry to burst your bubble, but technically this is >>>>> Source server administration related. http://mattie.net/cs/ >>>>> While it may be on a tangent, there's no need to blacklist a topic like >>>>> this from the list! >>>>> >>>>> On 22/01/2012 14:39, Alex Kowald wrote: >>>>>> This mailing list is for source server administration related topics. >>>>>> >>>>>> On Sun, Jan 22, 2012 at 8:31 AM, Mart-Jan Reeuwijk<[email protected]> >>>>>> wrote: >>>>>>> another high profile trader admin hijacked: >>>>>>> >>>>>>> http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/ >>>>>>> >>>>>>> steamID: Mattie! (busy - sorry) >>>>>>> steamID32: STEAM_0:0:5712733 >>>>>>> steamID64: http://steamcommunity.com/profiles/76561197971691194 >>>>>>> customURL: >>>>>>> steamrepURL: http://www.steamrep.com/index.php?id=76561197971691194 >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>>> please visit: >>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> >>>> >>>>_______________________________________________ >>>>To unsubscribe, edit your list preferences, or view the list archives, >>>>please visit: >>>>https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> >>>> >>>> >>>_______________________________________________ >>>To unsubscribe, edit your list preferences, or view the list archives, >>>please visit: >>>https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >> >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
