"*Edit5*: The hacker used personal information about me to convince Steam Support he was me and get them to give their account to him. So none of the above technical approaches fell victim, but he did have access to enough personal information to social engineer his way in. I haven't been as paranoid careful about my identity as I should have been, so be careful with yours!"What a twist. This should not be possible.-ics 23.1.2012 0:14, Valentin G. kirjoitti:SteamGuard could use some additional configuration options. I want it to be enabled at *all* times. I want a personal visit from VALVe staff if an attempt to disable it is made. Is that sentry file tied to the actual computer it's generated on? Maybe that is an attack possibility. Get a hold on the file and be able to log in from any computer you want.On Sun, Jan 22, 2012 at 9:44 PM, Ryan Stecker<[email protected]> wrote:Your machine/account is identified by a file in the steam directory. Thefile is called a "sentry file" and it's name is in the form ofssfn<numbers>. The steam client provides a sha1 hash of this file at logon,and the back-end confirms the validity of it.Deleting the file would require you to enter another email auth code, andSteam will generate another sentry file. You cannot log into a SG enabled account without either the sentry file belonging to the account or the email auth code. On Sun, Jan 22, 2012 at 2:18 PM, ics<[email protected]> wrote:I don't know what they did but i used to get a lot of promps aboutentering the code delivered to my e-mail in order to log in previously. Ihaven't seen that dialog for months. I also know that the thing leaves some sort of imprint to the machine itself but ip-changes especially did this prompt for me. -ics 22.1.2012 22:03, [email protected] kirjoitti:As far as i know steam guard check the computer, not ip. Maybe im wrongbut i was never blocked because of a ip change.I agree, but there seems to be a lot of users with dialups who'se ip's change all the time and they previously posted on the forums and complaineda lot about it. Perhaps this led to decision to lighten Steam Guard settings or features.Atleast Valve added craft recepies for the xmas weapons for TF2 after considerable whine on SPUF TF2 section and suddenly the recepies wereadded, leaving the much older recepies off and not added.This proves that Valve listens and reads the forums but the decisions are not always what they should be. Small minority seems to be making toomuch noise there and affecting decisions. -ics 22.1.2012 21:33, [email protected] kirjoitti:I think steam guard should be on ALWAYS, theres no point to disable it. It just take 2 minutes to enable a new computer so shoulnt be an option tobe able to disable it. Just my opinion...SteamGuard can be disabled entirely from a trusted computer without*any* notification or hassle. Don't like this.On Sun, Jan 22, 2012 at 7:06 PM, Mart-Jan Reeuwijk<[email protected]>wrote:hmm, I do have hope they mean with that the SteamGuard protected account in question. And it DOES send a mail.... after, to notify you of the change and a link to steam support, see below: ==============================**== Dear<snip>, This email message confirms that your Steam account contact email address has been successfully changed.We are sending this notice to ensure the privacy and security of your Steam account. If you authorized this change, no further action isnecessary. If you did not authorize this change, or if you need additional help with your account, please follow this link to the Steam Support site and submit a request for assistance: http://support.steampowered. com/cgi-bin/steampowered.cfg/ php/enduser/std_adp.php?p_ faqid=197Thanks for reviewing this information and helping us to maintain theprivacy and security of your account. The Steam Support Team http://www.steampowered.com ==============================**======= I'd be against any "easy" like this. Maybe implement a "panic" button, where the old login info can be used for xtime (3 days or some) after it got changed, and then the account canbelocked with this by the real owner, only undoable by a support ticket.______________________________**__From: Ryan Stecker<[email protected]**> To: Mart-Jan Reeuwijk<[email protected]>; Half-Life dedicatedLinux server mailing list<hlds_linux@list.**valvesoftware.com<[email protected]>Sent: Sunday, 22 January 2012, 17:53Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.There was a recent feature addition to steam that allows email changes without confirmation for trusted computers.http://store.steampowered.com/**news/7114/<http://store.steampowered.com/news/7114/>I believe "trusted computer" in that sense means any account with SG enabled and authenticated. That would make it a quite frightening change,and I believe email confirmation should always be required. It may be possible he fell victim to this. On Sun, Jan 22, 2012 at 10:17 AM, Mart-Jan Reeuwijk< [email protected]> wrote: I can confirm that he is:- Author on EventScripts - Admin on SteamRep.com - Reddit Admin "thorax"- And I did have a "slowchat" with him on a private section of a forum. He confirmed to me and others there that the security he listedthere was as how he runs it. Quote from him from that forum's private section:I have to go to bed, but you can see my security precautions here:http://www.reddit.com/r/**tf2trade/comments/orbjk/iama_**mattie_fellow_with_the_**largest_unusual_tc/<http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/>My password policy was numbers, letters, spaces, upper-case letters, but only 9 characters on Steam. My passwords are different everywhere. He somehow disabled SteamGuard, probably remotely. If you recall, I helped datastorm review that hijack avoidancedocument. You pretty much don't get more paranoid than me. I run 3 types of malware detection and use Process Explorer multiple times a day tolookfor any unsigned processes running to identify exactly what theyare.Whatever this hijacker's attack is, it's not something common andnotsomething that we have good explicit tips for people to avoid. I'llcontinue brainstorming tomorrow *snip non relevant*As I may have mentioned, he told multiple people that he targettedmespecifically because I tried to stop so many of the latest hijacksandbecause I gave people tips to stop hijackings (especially double hijackings). I'm sure money had something to do with it, too, but hetold my wife he did it for the challenge. Well, he won. [/Quote]Shame that his collection with regaining the account will be duped, and therefore be worth a lot less. Also a pain that SteamGuard isn't therigid security I'd hoped for ______________________________**__From: ics<[email protected]>To: Half-Life dedicated Linux server mailing list<hlds_linux@list.**valvesoftware.com<[email protected]>> Sent: Sunday, 22 January 2012, 16:11 Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.Thats a bit of interesting thing in any case anyway, as if that's really the Mattie and he did have security in order listed on reddit and still was hacked, then does Steam has security issues again (forums anyone)? Steamguard ineffective? Interesting to see if he had the fault orSteam. -ics 22.1.2012 16:43, Yuki kirjoitti:Correct! However, sorry to burst your bubble, but technically this is Source server administration related. http://mattie.net/cs/ While it may be on a tangent, there's no need to blacklist a topic like this from the list! On 22/01/2012 14:39, Alex Kowald wrote:This mailing list is for source server administration relatedtopics. On Sun, Jan 22, 2012 at 8:31 AM, Mart-Jan Reeuwijk< [email protected]> wrote:another high profile trader admin hijacked: http://www.reddit.com/r/**tf2trade/comments/orbjk/iama_**mattie_fellow_with_the_**largest_unusual_tc/<http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/>steamID: Mattie! (busy - sorry) steamID32: STEAM_0:0:5712733 steamID64: http://steamcommunity.com/**profiles/76561197971691194<http://steamcommunity.com/profiles/76561197971691194>customURL: steamrepURL: http://www.steamrep.com/index.**php?id=76561197971691194<http://www.steamrep.com/index.php?id=76561197971691194>______________________________**_________________To unsubscribe, edit your list preferences, or view the listarchives, please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/** hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives,please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives,please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives,please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________To unsubscribe, edit your list preferences, or view the list archives,please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>______________________________**_________________ To unsubscribe, edit your list preferences, or view the list archives, please visit:https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux>_______________________________________________To unsubscribe, edit your list preferences, or view the list archives, please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux_______________________________________________To unsubscribe, edit your list preferences, or view the list archives, please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux_______________________________________________To unsubscribe, edit your list preferences, or view the list archives, please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
