Valve Kinda Hacked, Scare Over (new title)

BREAK_EM_OUT_JONES

EGO Is My Life!
yeah me too, ive bought off of steam and i dont need my credit card number stolen...
 

tucknrole

Thread Junky
thankfully i havent bought anything from them yet...i was close on a few things, but...man. people really are getting bored with their lives arent they?..
 
Wow thats pretty scary someone hacking valve you gotta be pretty good to do that. They must have some pretty h core uber security system you'd think
Im glad I haven't bought anything off them yet
 

Jeffwa

Rookie
I'm still baffled as to why these companies have externally accessible systems, let alone corp servers. I work in I/S for a worldwide corporation and security is SO tight. NONE of our boxes are accessible from the Internet except for our corp web server which is externally hosted and physically and logically isolated from our internal network (hack that box all you want, the only thing you'll do is mess up our website). The the only way to gain access to our internal resources is to either be on site, which is also physically secure, or to VPN in which requires a certificate AND a hardware authenticator (the hardware authenticator generates a unique, changing key so it is impossible to generate a "fake" key). Even after you get onto our internal network you still have to deal with a 3 layer internal firewall (there is also a multi-layer external firewall that deals with the VPN traffic). Why in the world isn't a company like Valve setup this way?

We also have a team who's sole purpose is to find our mistakes and chew us out when something isn't being done in a secure manner. Sounds like Valve is in dire need of a security team.
 

Redshift

Poster Extraordinaire
I hear you Jeff. I work as a business analyst. My fields are policy, procedures, strategic planning, functional specifications, requirements gathering, software testing, QA and a few more. My clients include government at all levels, military and private corporate.
They all have internet security in force....but all it takes is a single hacker. Even having a series of controls for your sensitive network areas may not work. There is a case I heard of from a colleague that never hit the papers. It was in the southern US. A cleaner accessed the inTRAnet of a company while on a midnight shift inside the building and penetrated their files.

Even the best protected system can be hacked. It is a combination of opportunity, luck, skill and determination. The US Pentagon was hacked last year. Valve's security can't be equal to the Pentagon, so it is not surprising that they were hacked.

There are so many hackers out there that statistically, the chances of any company or corporate entity being hacked is 50-50. That's what I tell my clients. The key is that you want to make it harder so it won't take place anytime soon.

Hacking is a fact of life, much like getting a worm or virus. You just hope and pray it doesn't happen to you today. Just let the business day end ok, and hope tomorrow works out - the IT'er prayer :)
 

Winterfell

Poster
Well, sometimes you can have a box that supposedly isn't externally accessible...But is internally. Then the hacker breaks into a low level box on the internal network, and works his way up until he's on a machine and account that has the authority to access this stuff.

Of course, this isn't the first time valve's been hacked, assuming this isn't a hoax. They probably do have pretty tight security as is, but if you need to accept CC info over the 'net, even when you take all the precautions (SSL, etc) and minimize the risk, stuff can still happen.
 

Redshift

Poster Extraordinaire
I had a look at their site from the link. The guy posted that he was working on the excel spreadsheet with the card numbers.

They may hate Valve, but haven't figured out that the amount of hurt they can dump on the credit-card holders can be intense. That's the problem with these guys, they think of Valve but not the 16 year old with his first card, or parent that bought a valve product for their birthday/Christmas.

Organized crime constantly trolls the net for credit card lists and love this sort of stuff, it saves them a lot of work and they can crank out cards at a huge rate. Once they have the list, the cards can hit the streets by the end of the day or telephone/internet purchases, cash advances can be done in minutes.

....but they never think of that, just "stick it to valve".....and valve doesn't get hurt at all.
 

Jeffwa

Rookie
Amen Redshift....this type of "retaliation" will only hurt innocent gamers. Valve won't feel a thing...sad, very sad.

What's their big beef with Valve anyways? I've never had a problem with Steam, nor have I heard any complaints from my buddies that play Steam based games. Then again, we all believe in PAYING for our games rather than stealing them and we don't hack. Are all these people just angry users who are bummed that they can't download Steam games or have been kicked for hacking?

Personally I love the whole Steam idea - finally, a way to control piracy and best of all, a weapon against hacking.
 

Jeffwa

Rookie
[quote1177006274=Redshift]
A cleaner accessed the inTRAnet of a company while on a midnight shift inside the building and penetrated their files. [/quote1177006274]

Scary story Redshift....physical security is usually the weakest point in any organization. You could have the tightest security in the world, but if someone can get physical access to a system, even if they don't have access to the OS, you're hosed. The trends are changing as well - most hacks and thefts happen from WITHIN the company, not from the outside. Fortunatly we have strong physical securty, background checks, non-disclosure agreements and users who are smart enough to shutdown or lock their systems (and who don't leave their password under the keyboard).
 

Redshift

Poster Extraordinaire
[quote1177007794=Jeffwa]
(and who don't leave their password under the keyboard).
[/quote1177007794]

Yeah, that's kind of hilarious. A number of years ago when I was the designated security officer for our department, we did a blitz over a weekend and looked for passwords. We found them taped under chairs, blotters, pens, canisters, desk items, etc. One guy even had it in pencil on the bottom right of his monitor, another under his mouse scratched in with a pin or knife.

Others we were able to work out using street names and numbers, birthdays, dog names, etc. It was amazing how many passwords we were able to figure out just by those means.

Then there were those who sent highly sensitive documents to themselves at home to work on using hotmail, yahoo or gmail.... and they didn't even bother to try encrypting them, just an attach and send. That's why all external email systems are firewalled at most companies - or should be.

Meh....users....watchagonnado.... :((
 

JMAN

EGO Zealot
see this is why my parents dont like to buy stuff online, but i just got gmod so lets hope nothing bad happeneds
 

JMAN

EGO Zealot
woot it didn't happen
 
Top