So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
My limited understanding of the matter is that the passwords themselves are relatively safe, since hashing with a salt is pretty good. But the credit card numbers themselves would have to be stored using some sort of symmetric encryption, and that has to mean that a key has to reside somewhere on their servers, too.
At the risk of derailing the thread: would anyone happen to know if it's feasible to minor in cryptography theory if one isn't a computer science major?
So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
My limited understanding of the matter is that the passwords themselves are relatively safe, since hashing with a salt is pretty good. But the credit card numbers themselves would have to be stored using some sort of symmetric encryption, and that has to mean that a key has to reside somewhere on their servers, too.
The key only has to reside somewhere in the payment system, which is likely on a completely different server than the databases used to store that kind of info. The odds of the two being within two steps of each other is pretty slim, at least if the company has any concept of security. Of course, without any real info to go on, or even knowing if my data was taken at all, all I can do is look derpy and be lazy.
So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
My limited understanding of the matter is that the passwords themselves are relatively safe, since hashing with a salt is pretty good. But the credit card numbers themselves would have to be stored using some sort of symmetric encryption, and that has to mean that a key has to reside somewhere on their servers, too.
The key only has to reside somewhere in the payment system, which is likely on a completely different server than the databases used to store that kind of info. The odds of the two being within two steps of each other is pretty slim, at least if the company has any concept of security. Of course, without any real info to go on, or even knowing if my data was taken at all, all I can do is look derpy and be lazy.
Hopefully, yes.
I just realized that the CC companies could implement a system where verified stores could process their payments by a common hashing method, instead of submitting the credit card numbers in plain text. That way they wouldn't have to store them at all. I think.
I am unnerved that after Steam was hacked, booting up Steam this morning it went through the 'this is a new computer' process despite me only ever having Steam on this computer.
I hope this is a coincidental bizarre bug. I would be upset if I lost all of my money somehow.
0
Options
AriviaI Like A ChallengeEarth-1Registered Userregular
I am unnerved that after Steam was hacked, booting up Steam this morning it went through the 'this is a new computer' process despite me only ever having Steam on this computer.
I hope this is a coincidental bizarre bug. I would be upset if I lost all of my money somehow.
I think it is far more likely the Newell reset all access logs to make sure stuff is safe.
I am unnerved that after Steam was hacked, booting up Steam this morning it went through the 'this is a new computer' process despite me only ever having Steam on this computer.
I hope this is a coincidental bizarre bug. I would be upset if I lost all of my money somehow.
I think it is far more likely the Newell reset all access logs to make sure stuff is safe.
Okay yeah that makes sense, I'm going to go with that happy thought. Hahah, paranoia.
So to be safe I'm going to do absolutely nothing, because I'm lazy and dumb. Read also I believe in the encryption. Hopefully I am not proven as dumb as I think I will be. I believe in you, Steam!
In Gaben We Trust
I have faith. The Newell hasn't done me wrong yet.
My card info wasn't stored, so I'm not too concerned. Probably not a bad idea to get your cards replaced if it was. Not so much out of fear that haxx0rs will steal all of your Steams, but because it's not a bad idea to get a new card every now and then in general, especially if you're using it online.
I changed my steam client password but frankly I'm not worried. All this stuff is encrypted and hashed and salted and all that other shit. Even if the hackers do have a military spec super computer to break the code there's 30 million people on steam now, they can't get all our credit cards.
At the risk of derailing the thread: would anyone happen to know if it's feasible to minor in cryptography theory if one isn't a computer science major?
Yes, but it means you'd have to be a Mathematics Major instead.
The key only has to reside somewhere in the payment system, which is likely on a completely different server than the databases used to store that kind of info. The odds of the two being within two steps of each other is pretty slim, at least if the company has any concept of security. Of course, without any real info to go on, or even knowing if my data was taken at all, all I can do is look derpy and be lazy.
You'd think that they'd keep such a key on a separate system - But then again, you'd think that they'd keep the FORUMS on a system completely separate from those databases as well. Forums are a HUGE risk of intrusion, because users can exploit them in goofy ways. I've learned the hard way that you want to keep your forums isolated from ANY sensitive information. Like, completely separate computer across the country separate.
I am unnerved that after Steam was hacked, booting up Steam this morning it went through the 'this is a new computer' process despite me only ever having Steam on this computer.
I hope this is a coincidental bizarre bug. I would be upset if I lost all of my money somehow.
If you want to feel more secure, go into the Steam Guard options under the Settings menu. Once you're in there, you can de-authorize every other computer besides the one you're currently using.
Keep in mind this will prompt you for a Steam Guard key again when you try to log into the community, because the browser's cookie will be de-authorized, too.
Is there a way to check whether we saved our CC info in Steam?
In the client, in the top right corner, is a link saying "<username>'s account". If you click on that, in the right column it's listed if you saved it. It will show up as "<credit card type> ending in 1234". There's a delete link next to it.
I thought steam unlinked everyones CC info from their account. I can't find traces of saved CC info on my account.
Riokenn on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Is there a way to check whether we saved our CC info in Steam?
In the client, in the top right corner, is a link saying "<username>'s account". If you click on that, in the right column it's listed if you saved it. It will show up as "<credit card type> ending in 1234". There's a delete link next to it.
I thought steam unlinked everyones CC info from their account. I can't find traces of saved CC info on my account.
Everyone seems to be forgetting: Whether you saved your CC info on your client, and whether they stored the CC info on their databases are two completely separate things.
Saying "Don't remember my CC info" in the client doesn't mean they don't have it on their databse somewhere.
Did they confirm that the breach has been closed? Is it safe to use new data without it being stolen too?
Grey Paladin on
"All men dream, but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes to make it possible." - T.E. Lawrence
so someone emailed gabe over this and he responded
Oh wow. Give me some sweet DoTA2. Glad they were heavily encrypted, knew I could trust Valve.
I'd also like to reiterate that I have a free steam code for Ben There Dan That, and Time Gentleman Please. I also have a Steam code for Fate of the World. If anyone wants either PM me.
I.. think I am actually excited about getting hacked, if that means I have a chance to get a goddamned beta key.
My experience with the internet, however, leads to a nudging feeling that this is an elaborate trolling attempt.
Grey Paladin on
"All men dream, but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes to make it possible." - T.E. Lawrence
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited November 2011
Okay, freaking nice. I emailed him last night about what scheme they were using, and AES256 is more than enough to bolster my confidence. Shame that the free copies we'll be getting are games I already have and don't want, respectively, but it's still an awesome gesture.
Despite the initial bungle, Valve have been handling this very well, I'd say.
I.. think I am actually excited about getting hacked, if that means I have a chance to get a goddamned beta key.
I was thinking a few hours ago "Knowing Valve, I bet they manage to swing this that people are actually glad about the hack". Let's hope they'll prove us right :-)
DrakeEdgelord TrashBelow the ecliptic plane.Registered Userregular
edited November 2011
I'm getting a bit relieved about all this. I knew it was just a matter of time until someone hacked Steam, if it hadn't already happened. I'm not able to picture a better response than what I've seen from Valve, and all without any interruption of service so far. Plus the insight to how they run their security is pretty interesting and has also done nothing but confirm my confidence in them.
Okay, freaking nice. I emailed him last night about what scheme they were using, and AES256 is more than enough to bolster my confidence.
Could you explain to the uninitiated why this encryption scheme garners such a positive response?
And I am sure one of your friends will be glad to, at the very least, swear allegiance to you and all of your children in return for a key.
"All men dream, but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes to make it possible." - T.E. Lawrence
0
Options
DietarySupplementStill not approved by the FDADublin, OHRegistered Userregular
Wait, what? Free games? What are our choices (work filters, etc)?
Oh shit, it'd be a dick move for me to be happy about Steam getting hacked... but I've been wanting Portal 2 bad, unable to afford it. I'd been thinking probably during the Christmas sale, but... free? Awesome. Talk about a gesture of good faith. At least in my case. It'd be nice if they did something in addition for those who already have the game.
Doing a bit of research, the email appears to be from Reddit, which in turn has taken it from /v/ - a board in 4chan. My catlike instincts once again turn to save me from heartbreak. If you are unaware this pretty much means the probability of this being a troll is 99.repeating nines.
"All men dream, but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes to make it possible." - T.E. Lawrence
0
Options
SteevLWhat can I do for you?Registered Userregular
Also, my credit card was never de-linked from my Steam account like it apparently happened with others here. I'm not going to bother with doing that either.
So! Do I get Modern Warfare 3 for the campaign alone, or Skyrim?
If I get MW3, I probably won't be multiplaying much/at all.
But I'm not exactly busting the elastic on my boxers for Skyrim either. I mean, it looks good! But I'm not hypedasallfuck to get it.
Considering I can afford one now, and one next week, which should get my cash money first?
You will get many, many more hours out of Skyrim than MW3 if you're not going to do MW3 multiplayer at all. The MW3 campaign mode you can finish in, what, 10 hours tops?
Posts
In Gaben We Trust
My limited understanding of the matter is that the passwords themselves are relatively safe, since hashing with a salt is pretty good. But the credit card numbers themselves would have to be stored using some sort of symmetric encryption, and that has to mean that a key has to reside somewhere on their servers, too.
Twitter: busfahrer -- Quake Live: busfahrer -- StarCraft II: busfahrer.184 (EU)
The key only has to reside somewhere in the payment system, which is likely on a completely different server than the databases used to store that kind of info. The odds of the two being within two steps of each other is pretty slim, at least if the company has any concept of security. Of course, without any real info to go on, or even knowing if my data was taken at all, all I can do is look derpy and be lazy.
Hopefully, yes.
I just realized that the CC companies could implement a system where verified stores could process their payments by a common hashing method, instead of submitting the credit card numbers in plain text. That way they wouldn't have to store them at all. I think.
Twitter: busfahrer -- Quake Live: busfahrer -- StarCraft II: busfahrer.184 (EU)
I hope this is a coincidental bizarre bug. I would be upset if I lost all of my money somehow.
I think it is far more likely the Newell reset all access logs to make sure stuff is safe.
Okay yeah that makes sense, I'm going to go with that happy thought. Hahah, paranoia.
I have faith. The Newell hasn't done me wrong yet.
My card info wasn't stored, so I'm not too concerned. Probably not a bad idea to get your cards replaced if it was. Not so much out of fear that haxx0rs will steal all of your Steams, but because it's not a bad idea to get a new card every now and then in general, especially if you're using it online.
Yes, but it means you'd have to be a Mathematics Major instead.
You can't. Password changing is only in the client.
You'd think that they'd keep such a key on a separate system - But then again, you'd think that they'd keep the FORUMS on a system completely separate from those databases as well. Forums are a HUGE risk of intrusion, because users can exploit them in goofy ways. I've learned the hard way that you want to keep your forums isolated from ANY sensitive information. Like, completely separate computer across the country separate.
If you want to feel more secure, go into the Steam Guard options under the Settings menu. Once you're in there, you can de-authorize every other computer besides the one you're currently using.
Keep in mind this will prompt you for a Steam Guard key again when you try to log into the community, because the browser's cookie will be de-authorized, too.
I thought steam unlinked everyones CC info from their account. I can't find traces of saved CC info on my account.
Everyone seems to be forgetting: Whether you saved your CC info on your client, and whether they stored the CC info on their databases are two completely separate things.
Saying "Don't remember my CC info" in the client doesn't mean they don't have it on their databse somewhere.
Steam ID: Good Life
Oh wow. Give me some sweet DoTA2. Glad they were heavily encrypted, knew I could trust Valve.
I'd also like to reiterate that I have a free steam code for Ben There Dan That, and Time Gentleman Please. I also have a Steam code for Fate of the World. If anyone wants either PM me.
Blog
Twitter
My experience with the internet, however, leads to a nudging feeling that this is an elaborate trolling attempt.
Despite the initial bungle, Valve have been handling this very well, I'd say.
I was thinking a few hours ago "Knowing Valve, I bet they manage to swing this that people are actually glad about the hack". Let's hope they'll prove us right :-)
Twitter: busfahrer -- Quake Live: busfahrer -- StarCraft II: busfahrer.184 (EU)
I got that impression too. Maybe this will just be an acceleration of the beta rollout.
My Backloggery
hmm, may have got the wrong impression, google seems to think its set to be $50 - $60
And I am sure one of your friends will be glad to, at the very least, swear allegiance to you and all of your children in return for a key.
I think Valve has come out and said that they haven't said anything about pricing yet, so what you found was probably speculation.
My Backloggery
Steam BoardGameGeek Twitter
My Backloggery
If I get MW3, I probably won't be multiplaying much/at all.
But I'm not exactly busting the elastic on my boxers for Skyrim either. I mean, it looks good! But I'm not hypedasallfuck to get it.
Considering I can afford one now, and one next week, which should get my cash money first?
You will get many, many more hours out of Skyrim than MW3 if you're not going to do MW3 multiplayer at all. The MW3 campaign mode you can finish in, what, 10 hours tops?