Gabe Newell Gives Away Personal Steam Password

[Harsh2808]

Can anybody verify that this is actual Gabe's account? I know he does have an account that he uses often, but I wouldn't be surprised if this one was a dud, just in case the inevitable happens.

Anyone worrying about the new security system, it's completely optional and only available with new intel processors. Lots of people asking questions about that.

Don't most mandatory things start off as optional? Remember when registration was optional...now it's called activation and it's mandatory.

Yeah, but I don't see this one going this way, at least not for a long time. For one thing, it's only available on two, brand new, top of the line processors. Both of which are of the same brand. So. Until ALL processor makers use the same or a similar system and all computers for 5 years beforehand have had these processors, I can't see it being possible to be mandatory. Valve wouldn't shut off their customer base by telling people they had to buy compatible processors. At least...I hope not, those massive trolls..

Indeed that it requires a certain of CPU does prevent it from becoming mandatory right away but if it works out I do believe it will become mandatory at some point. The consoles already identify themselves in a unique way so really this is just Steam becoming more consolish and that should worry people...it worries me.

Alot of freedom has already been lost with the very existence of Steam. Remember when Steam (or GFWL) was an option and you could always buy the game at retail without Steam? Today, the games you buy at retail are just Steam or GFWL games on a DVD. If we keep this up in 5 years PC's will be as locked down as consoles.

BTW, if they wanted to accomplish the same thing without waiting until all the CPU's are compatible, they could use a USB dongle.

Yeah, the console element of it is frightening, however it will still be PC gaming, and besides running steam it's still your PC to do other things with after all.

I agree with this, that Steam has kinda tunnel-visioned the market on PC game delivery, however we can't forsake them this, since it now grants us the power to have games in our lap at any hour of the day, as well as other advantages. And hell, if you were Valve, and you got asked if you wanted most games to run off your platform, you wouldn't say no, would ya?

Oh, go ahead, give them idea, won't you.

I do feel we're getting a little off-topic here now, though, so I'll state for the record that I'm still wondering if it was a dud account.

 

[beema]

Silly Gabe, the real grab here is his email address, which I will now relentlessly spam with fat jokes!

Well, my immediate thought is that it's an advertising gimmick and that Gabe set up a dummy account just for the promotion.

I had that thought as well. Especially considering how unsecure his password is. No numbers? No weird characters?

 

[DeadlyYellow]

I wonder how difficult it would be to set it to another computer.

People use computers for a long time yes, but what if they upgrade or change systems entirely?

 

[AngelOfBlueRoses]

So it's intel stuff? What about those of us with AMD processors?

We sit back and not care! I wouldn't even use it if I had an Intel processor.

 

[Rebel44]

Steam Guard FAQ:
https://support.steampowered.com/kb_article.php?ref=8232-WSGZ-8021

 

[Jaded Scribe]

Props to Valve. Say what you will, but they put their money where their mouth is.

 

[Caligulust]

I'm curious to see how this turns out. Though, whoever does it would probably be doing it for bragging rights. I'm not sure if he's granted all games like I believe Robin Walker's is (which is worth $15,000). His account is on private anyways so who knows. He just plays WoW anymore.

the account doesnt exist

That's his log in information, not his screen name. His screen name is Rabscuttle, and there are many impostors regardless. There's a reason why you can change your screen name at any given moment on steam.

 

[Duffy13]

So, basically, hackers are a hornets nest. And Gabe Newell goes "I'm going to stick my penis in that."

Addendum: Why do these guys think their stuff can't be hacked? For every security system made by the top minds of computer security, there is always one guy in their mom's basement with the lights off that hasn't seen the sun in a month that is smarter then all of them put together and has absolutely NOTHING better to do then to break it.

My assumption is because they aren't stupid. Their are a handful of security methods that cannot be cracked without complete control of the system itself. This proposed system appears to be using one-time pad codes, a well known uncrackable method (when implemented correctly, the bane of all security). 'Hacking' is generally not all that amazing a feat; it's usually just manipulation of bugs, human stupidity, or weak security concepts.

Generally, the stronger the security, the more cumbersome or restrictive it is. If it's incredibly convenient and easy to change, the weaker it is.

So the only way is to figure out the encryption process (borderline impossible without a massive time investment), find out the victim's hardware key, work out what the password should be at the time of authentication and spoof it? Along with finding out their actual username and password of course. That all depends on the encryption logarithm though.

I'm working on the basis that computers can not generate true random events and so there must be some equation the encryption uses? Can you even spoof hardware ID? Is the encryption logarithm stored locally and different for every machine? If so I don't buy it, a computer mind may be able to think of infinite variations of a logarithm but a human mind can't to program it and there is also the problem that servers for programs like steam would also have to have infinite decryption keys.

The system is essentially based on randomly rotating through a significantly large series of possibly keys. While true randomness isn't possible with just computers, you can get pretty dam close. The beauty of it is that you don't need to be truly random, you just need such a large set of possible values at any given moment that it's impossible to brute force. You could know the algorithm but not know the seed value since it's inside the hardware. That is pretty easily achievable, there's a reason brute force attacks only work on weak systems, weak passwords, and systems that don't watch log-in attempts.

The system doesn't have to be unbreakable, it just has to be infeasible. When random guessing or stealing the physical machine are your best options your on the right track.

 

[teriaki]

Why is anyone impressed by this? It's most likely some form of MAC address locking. The account is now tied to the NIC. This is basic basic basic stuff folks. Oh, and it's definitely not based on a OTP like the poster above says. For that you'd need a software or hardware token and we'd clearly know that's what they're doing.

 

[Duffy13]

Why is anyone impressed by this? It's most likely some form of MAC address locking. The account is now tied to the NIC. This is basic basic basic stuff folks. Oh, and it's definitely not based on a OTP like the poster above says. For that you'd need a software or hardware token and we'd clearly know that's what they're doing.

Because it's not. You can spoof a MAC address pretty easily.

The original announcement on this site: http://www.escapistmagazine.com/news/view/108197-Valve-Unveils-Hardware-Based-Steam-Security

It uses a token generated by the physical hardware. This security only works on the Intel processors they are rolling out with this feature. Please do some mild reading on the topic before posting false information.

 

[teriaki]

edit...

I didn't see that, thanks for posting.

However... you can't spoof hardware MAC. Really, you can't. But even being so, hardware tokens are nothing new. This is again, basic basic stuff not worthy of any attention.

 

[teriaki]

Please do some mild reading on the topic before posting false information.

No thanks. I'll just wait for you to post a link with the information.

 

[Duffy13]

edit...

I didn't see that, thanks for posting.

However... you can't spoof hardware MAC. Really, you can't. But even being so, hardware tokens are nothing new. This is again, basic basic stuff not worthy of any attention.

Really? Just to make sure I'm not losing my mind I did a quick Google search. I found quite a few articles concerning how easy MAC spoofing is. Are they talking about something different? Granted, my offhand initial comment came from some basic security topics back in university a few years ago, but I was pretty sure they demonstrated how insecure IP and MAC related networking security was.

As to the idea being basic. Well, yea. Yet plenty of people still don't understand it and enlightening them should not be considered a waste of time.

 

[WhiteTigerShiro]

A Reddit user tried to use said log-in and password.

Spoiler: Image Hidden

Needless to say, it didn't work.

Spot the spelling error.

*Snickers* Incorrect Processor "Dectected". Cute.

 

[fierydemise]

Indeed that it requires a certain of CPU does prevent it from becoming mandatory right away but if it works out I do believe it will become mandatory at some point. The consoles already identify themselves in a unique way so really this is just Steam becoming more consolish and that should worry people...it worries me.

Alot of freedom has already been lost with the very existence of Steam. Remember when Steam (or GFWL) was an option and you could always buy the game at retail without Steam? Today, the games you buy at retail are just Steam or GFWL games on a DVD. If we keep this up in 5 years PC's will be as locked down as consoles.

BTW, if they wanted to accomplish the same thing without waiting until all the CPU's are compatible, they could use a USB dongle.

Given the average life cycle of computer hardware we're probably talking 10+ years before you see enough market presence to make this mandatory. As you note they could speed up the process and provide a hardware dongle and I really hope they do. For many people a Steam account represents a non-trivial investment, mine is probably worth $200 and thats toward the low end of things. The choice of being able to protect my investment at a (very) minor personal convenience cost is an absolute no-brainer.

Additionally what do you consider the problem with a unique identifier for a steam account, I'm not sure how that negatively impacts how I use my Steam account in the slightest.

 

[Roxor]

A Reddit user tried to use said log-in and password.

Needless to say, it didn't work.

Spot the spelling error.

Spelling error dectected.

That's not the only spelling error. Both uses of "authorisation" have been misspelt. "Authorisation" is spelt with an "s", not a "z".

Fail troll dectected.

If you're going to accuse me of being a troll, you'd look a lot better if you spell-checked your posts and avoided memetic language. Nice try anyway.

 

[Matthew McDonald]

A Reddit user tried to use said log-in and password.

Needless to say, it didn't work.

Spot the spelling error.

Spelling error dectected.

That's not the only spelling error. Both uses of "authorisation" have been misspelt. "Authorisation" is spelt with an "s", not a "z".

Fail troll dectected.

If you're going to accuse me of being a troll, you'd look a lot better if you spell-checked your posts and avoided memetic language. Nice try anyway.

Not that I care either way, but if you live in America authorisation is spelt with a z.

 

[Poopie McGhee]

Spot the spelling error.

I don't dectect anything.

---

I wonder, what happens if someone has an identical PC build? Do they somehow log serial numbers as well? I'm not entirely familiar with this hardware security concept.

It doesn't work that way. (and it wont work at all on all but the newest intel CPU's).

This is like having a specific code in your computer that no other computer on the planet has.

I'm sure there's a way to crack it, but just having an identical PC won't do the trick, because the internal code number (or whatever it actually is) would still be different.

The problem with this is that it can be used by a company to screw you over later.
Making sure something you buy will only work on one computer. Ever.

Yeah... A very scary technology disguised as something 'useful'.

The same thought occured to me as well, with all the money I've invested in STEAM despite not liking the digital platform (hey those sales are tempting!) I don't want to lose it all whenever I next get a new PC.

It's already a fact of life on game consoles.

Wiiware & the virtual console is all well and good, but if I lose my console for any reason, it's all gone. (And there is literally no way to transfer it. - Although, it appears Nintendo has noticed this problem with their systems, and created a way for 3DS downloads to be transferred between units.)

I don't know if the PS3 and Xbox 360 are quite that bad, but somehow I'm not inclined to think they're much better. (There's no incentive to do any better than that on a closed proprietary system.)

See though, Steam is not supposed to be as restrictive as the consoles.

You do make a good point though, this DRM nonsense gets worse and worse because we are all playing a game of "cross this line, now cross this line, etc...". In other words, seeing the restrictive DRM of the consoles as normal is bad.

In a 360, it's all tied to your account.

...and your console.

The account part allows you to atleast play your DLC on another console but only when connected to Live. You can transfer all your stuff to a new console (officially) and then you won't have to be connected to Live to use your DLC but you can only do that once a year and you have to jump through some hoops.

So while the 360 has a better system than the Wii or DSi, it is still a pain in the ass. There is no offline mode on the 360 when playing DLC on a console other than the one you first downloaded your DLC on.

Fair enough. For me, however, it's not that big of a deal, as I have the one console and if it breaks, they throw in a complimentary automatic license transfer. I was under the assumption that Steam worked in similar ways, at least for some games (probably more so now with this new security measure.) Am I wrong?