Send hlds_linux mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of hlds_linux digest..."
Today's Topics:
1. Re: hlds_linux Digest, Vol 47, Issue 48 (Carl)
2. Re: hlds_linux Digest, Vol 47, Issue 48
(Aaron "DJ Zyrphon" Thompson)
3. Re: Another high profile trader/admin hijacked.
(Mart-Jan Reeuwijk)
4. Re: Another high profile trader/admin hijacked. (James Puckett)
5. Re: Another high profile trader/admin hijacked. (Vathral)
6. Re: Another high profile trader/admin hijacked. (Rick Payton)
----------------------------------------------------------------------
Message: 1
Date: Sun, 22 Jan 2012 22:19:01 -0500
From: Carl <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] hlds_linux Digest, Vol 47, Issue 48
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Could you never post again? The SNR in here is plummeting.
On 1/22/2012 10:09 PM, Kdog wrote:
I've never liked STEAM GUARD, especially having it forced on all of my
accounts without me knowing. I have 5 accounts due to buying two
platinum packs way back in 1997. Out of all five of my steam accounts,
I never once noticed that STEAM GUARD had been installed, much less
activated, and I play and run 6 game servers.
I use random generated passwords from "
https://www.grc.com/passwords.htm " these passwords are truely random
and based on entrapy, (not pseudo random).
the only way you're getting you're account hijacked is if you're lazy
and or dumb, and use a stupid password, Or you get a virus from
someone who realy wants to harvest you'rte steam account. Not likely,
because there's a lot of other information/files that are much more
valuable then a STEAM account to someone who can hack you're PC. I
disabled STEAM GUARD on all of my accounts and will most likely never
use it on any of them. One of my accounts is worth over $550.
EVEN IF ONE OF YOU had the ability to hijack my account using some
sort of Winxp exploit, you would have to know my IP address.
Thats why I will reset it (by spoofing my mac address) after sending
this message to the list, so that you wont be able to check the email
headers to see my IP.
I will also change the name that I post under on this list. You just
have to be smart, if you're not, then you get whats coming to you.
That has always been the way of the net and will get even more so as
time goes on.
Mark my words, due to cyber terrorism, one day you will have to take a
test in order to own a PC that connects to the WWW.
I think you should have to do that now just to be called a human
being. :Peace
----- Original Message ----- From:
<[email protected]>
To: <[email protected]>
Sent: Sunday, January 22, 2012 12:00 PM
Subject: hlds_linux Digest, Vol 47, Issue 48
----------------------------------------------------------------------
Message: 1
Date: Sun, 22 Jan 2012 19:35:46 +0000
From: Yuki <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
What reasoning is behind this? If someone wants to disable it, let them
disable it. It's their fault if they get jacked and obviously it wasn't
worth a few seconds of their time. Why sacrifice choice for... nothing?
Sure, maybe it should be on "ALWAYS" for you, so leave it on?
On 22/01/2012 19:33, [email protected] wrote:
I think steam guard should be on ALWAYS, theres no point to disable
it. It just take 2 minutes to enable a new computer so shoulnt be an
option to be able to disable it. Just my opinion...
SteamGuard can be disabled entirely from a trusted computer without
*any* notification or hassle.
Don't like this.
End of hlds_linux Digest, Vol 47, Issue 48
******************************************
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
------------------------------
Message: 2
Date: Sun, 22 Jan 2012 21:32:42 -0600
From: "Aaron \"DJ Zyrphon\" Thompson"<[email protected]>
To: "Half-Life dedicated Linux server mailing
list"<[email protected]>
Subject: Re: [hlds_linux] hlds_linux Digest, Vol 47, Issue 48
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
I would have just said "if it is sent to spam, it's spam" or "there's no
such thing as a VAC admin and a Valve staff member will not randomly ask
for your password" or just plain old "don't be an idiot and share your
password." Honestly, you are just boasting rather than complaining. No one
cares if you own lemmings or TMNT on Steam just so you can flaunt your
successes. No one wants to know about your 6 servers or your 5 accounts.
We all just want to protect our property. Everything you said was
inspiring, maybe, but not influential. PLEASE don't post about security
again, you're all spamming my inbox. People who are truly concerned are
exempt from this, but the rest who just bitch about change should go play
a different game on a different platform.
This is my first and last time complaining. Hope you all enjoyed it. :D
Sent from my MOTOBLUR? smartphone on AT&T
-----Original message-----
From: Kdog <[email protected]>
To: [email protected]
Sent: Mon, Jan 23, 2012 03:10:19 GMT+00:00
Subject: Re: [hlds_linux] hlds_linux Digest, Vol 47, Issue 48
I've never liked STEAM GUARD, especially having it forced on all of my
accounts without me knowing. I have 5 accounts due to buying two platinum
packs way back in 1997. Out of all five of my steam accounts, I never once
noticed that STEAM GUARD had been installed, much less activated, and I
play
and run 6 game servers.
I use random generated passwords from " https://www.grc.com/passwords.htm
"
these passwords are truely random and based on entrapy, (not pseudo
random).
the only way you're getting you're account hijacked is if you're lazy and
or
dumb, and use a stupid password, Or you get a virus from someone who realy
wants to harvest you'rte steam account. Not likely, because there's a lot
of
other information/files that are much more valuable then a STEAM account
to
someone who can hack you're PC. I disabled STEAM GUARD on all of my
accounts
and will most likely never use it on any of them. One of my accounts is
worth over $550.
EVEN IF ONE OF YOU had the ability to hijack my account using some sort of
Winxp exploit, you would have to know my IP address.
Thats why I will reset it (by spoofing my mac address) after sending this
message to the list, so that you wont be able to check the email headers
to
see my IP.
I will also change the name that I post under on this list. You just have
to
be smart, if you're not, then you get whats coming to you. That has always
been the way of the net and will get even more so as time goes on.
Mark my words, due to cyber terrorism, one day you will have to take a
test
in order to own a PC that connects to the WWW.
I think you should have to do that now just to be called a human being.
:Peace
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Sunday, January 22, 2012 12:00 PM
Subject: hlds_linux Digest, Vol 47, Issue 48
----------------------------------------------------------------------
Message: 1
Date: Sun, 22 Jan 2012 19:35:46 +0000
From: Yuki <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
What reasoning is behind this? If someone wants to disable it, let them
disable it. It's their fault if they get jacked and obviously it wasn't
worth a few seconds of their time. Why sacrifice choice for... nothing?
Sure, maybe it should be on "ALWAYS" for you, so leave it on?
On 22/01/2012 19:33, [email protected] wrote:
I think steam guard should be on ALWAYS, theres no point to disable
it. It just take 2 minutes to enable a new computer so shoulnt be an
option to be able to disable it. Just my opinion...
SteamGuard can be disabled entirely from a trusted computer without
*any* notification or hassle.
Don't like this.
End of hlds_linux Digest, Vol 47, Issue 48
******************************************
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
------------------------------
Message: 3
Date: Sun, 22 Jan 2012 20:01:24 -0800 (PST)
From: Mart-Jan Reeuwijk <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=iso-8859-1
lol, google "passport scan" and you get over 2 million picture results...
are YOU kidding me? I'll never scan my passport and put it on the internet
for w/e. Exactly for this kind of reason.?
Stop proposing bad measures. SteamGuard was a step in the right direction.
Now, to improve the policy's it shouldn't rely on stuff that was either
stolen from valve back at the spuf hijack, or easy obtainable with average
users. I'd love 2 step login for steam like gmail does, I'd love rsa token
or some like that.
That account had what? 20K worth of items? bit of better protection then
some personal info that is quite easy to get with most honest ppl.
And anyways, I do believe Mattie had previous calls with steam support,
how can another steam support account then be regged to it, without
raising flags that some is going on. Especially when the account had not
moved IP / host computer prior and was in active use while the whole call
was running (no idea, on average it takes 3-5 working days before support
looks at things I believe) ? and then the support ticket is made with
prolly a proxy IP connection.... I'd say a serious lack of obvious things
that can be looked at, with a nice and easy query. One look at those
combination and they would have known some was wrong. They should have
plenty of data on "hijacks" and such, and be able to see if a hijack is in
effect by scoring the parameters.
meh.
With the ammount of hijacks that are seen nowadays, is the number of
hijacks (in w/e form) after around 9(?) months or so of SG really that
much lower?
Oh, and btw, why is in every mail that steam sends the account login name?
there is no need for that. That would have prevented that the guy could
have logged in, for Mattie stated that he didn't had a login name with
which he was associated. Not sending such info thoughtless along would be
a nice first step. The account creator should full well know what the
login name is. If not...? I Would put the nickname that the account
currently is using there instead. Or maybe the "custom" part of the custom
URL, or the ID64 link.
________________________________
From: "[email protected]" <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Sent: Monday, 23 January 2012, 0:51
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
you kidding me? even blizzard ask for a passport scan copy in case you
want to change any info.
"*Edit5*: The hacker used personal information about me to convince
Steam Support he was me and get them to give their account to him. So
none of the above technical approaches fell victim, but he did have
access to enough personal information to social engineer his way in. I
haven't been as paranoid careful about my identity as I should have
been, so be careful with yours!"
What a twist. This should not be possible.
-ics
------------------------------
Message: 4
Date: Sun, 22 Jan 2012 21:49:24 -0800
From: James Puckett <[email protected]>
To: Mart-Jan Reeuwijk <[email protected]>, Half-Life dedicated Linux
server mailing list <[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID:
<cak0ehujfh1khdo-m_9phc9dfleve-a3bvxea00yn0yufw28...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Its his own fault for investing $20,000 into a game. Idiot needs to learn
how to secure his PC.
------------------------------
Message: 5
Date: Mon, 23 Jan 2012 00:57:51 -0500
From: Vathral <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 1/23/2012 12:49 AM, James Puckett wrote:
Its his own fault for investing $20,000 into a game. Idiot needs to learn
how to secure his PC.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
And people like you need to learn how to read. He has spent way less
than 10 grand on the game. It's all the items he has that is worth 20-25
grand.
--
??????(???)?
------------------------------
Message: 6
Date: Mon, 23 Jan 2012 06:01:14 +0000
From: Rick Payton <[email protected]>
To: Half-Life dedicated Linux server mailing list
<[email protected]>
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="utf-8"
Did you (James Puckett) actually read his entire first post? His security
measures weren't bypassed - simple social engineering did the deed.
Still not sure how this pertains to server administration though?
Interesting news yes, but nothing to do with administering a server ...
move along folks :P
--mauirixxx
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Vathral
Sent: Sunday, January 22, 2012 7:58 PM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Another high profile trader/admin hijacked.
On 1/23/2012 12:49 AM, James Puckett wrote:
Its his own fault for investing $20,000 into a game. Idiot needs to
learn how to secure his PC.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
And people like you need to learn how to read. He has spent way less than
10 grand on the game. It's all the items he has that is worth 20-25 grand.
--
??????(???)?
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
------------------------------
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
End of hlds_linux Digest, Vol 47, Issue 52
******************************************
