Gabe Newell Gives Away Personal Steam Password

[Arizona Kyle]

MoolyFTW, eh?


Urban Dictionary says it (mooly) is a derogatory term used by Italians for black people... or just "eggplant."

So, is Gabe Newell a secret racist? Or a fan of Eggplant Parmesan?

Only asking him directly will tell.

Given what we know about Gabe, I'm pretty sure its safe to say that its the latter...



(btw that was a fat joke for all of you that didnt get it )

But eggplant is healthy.... if Mooly ment doughnut or tub of lard then you could claim fat joke

 

[lacktheknack]

Newell's Steam log-in email is "[email protected]," and his password is "MooleyFTW." Give it a shot! Perhaps the elusive Half-Life 2: Episode 3 is inside.

It's "MoolyFTW". And I got blocked out.

 

[Kross]

Is this really that much different then using an SSH Key [http://en.wikipedia.org/wiki/Ssh-keygen] instead of a password? Other then being a whole lot more inconvenient when your single PC with access to your games via a CPU "fingerprint" has a CPU "malfunction".

Edit: I guess it's for people who won't put the key somewhere safe.

 

[lacktheknack]

MoolyFTW, eh?


Urban Dictionary says it (mooly) is a derogatory term used by Italians for black people... or just "eggplant."

So, is Gabe Newell a secret racist? Or a fan of Eggplant Parmesan?

Only asking him directly will tell.

Given what we know about Gabe, I'm pretty sure its safe to say that its the latter...



(btw that was a fat joke for all of you that didnt get it )

But eggplant is healthy.... if Mooly ment doughnut or tub of lard then you could claim fat joke

<link=http://www.fitday.com/WebFit/nutrition/All_Foods/Vegetables/Eggplant_parmesan_casserole_regular.html>Eggplant Parmesan is NOT that healthy.

 

[mireko]

Is this really that much different then using an SSH Key [http://en.wikipedia.org/wiki/Ssh-keygen] instead of a password? Other then being a whole lot more inconvenient when your single PC with access to your games via a CPU "fingerprint" has a CPU "malfunction".

I figure it's just so people will stop sending their passwords to [email protected] and whining about how they were "hacked".

 

[FungiGamer]

Obviously no hacker would ever WANT to hack Gabe's account, I mean it's Gabe freaking Newell, I haven't met a single person who hates the guy.

Also I can't resist; "Hi, I'm Gabe Newell and welcome to Steam! We now have an anti-theft program that, after several years in development will have hopefully been worth the weight. You can attempt to hack me at [email protected] with the password MoolyFTW, and my favorite class is the Spy!"

 

[Exort]

That man has balls of steel.

I still have doubts about using this system myself but its nice to know that it works.

The same system have been used one Blizzard's Battle.net though authenticator. For 3 years nobody crack it yet[sub](1)[/sub]. Glad to see Intel chip have it build in now.

Note: (1) A virus can steal you authenticator number when you type it in and stop you from logging on, while it pass back the number and steal your account before the number expire in 5 mins. However, this method is not cracking/hacking the authenticator it is key logging.

 

[Virgil]

At the risk of being ridiculed for my lack of current computer cracking knowledge. Couldn't the account be hacked by breaking into the computer and imposing your computer between the victim and their steam account?

The way this system works is that the system hardware has a unique key built into it when it's manufactured, and each application would also have a unique key. There is an encryption algorithm built into the hardware that generates rotating security codes based on the application key and the hardware key, which change every few seconds. Whenever you try to authenticate, you'll send Valve your username/password like normal, and you'll also send them a generated security code from the hardware on your machine. Valve will then try to validate the security code based on Intel's encoding system and the hardware key that they have stored on their server as the one you authorized on your account. If they don't match, you can't log in, even with the correct username and password.

It's very similar to the kind of one-time password fobs that banks have started to offer, or the Blizzard Authenticator. The main difference is that the hardware is built into your computer, and that hardware can support many different applications, instead of just one. The plan, at least in Intel's eyes, is to get the same level of support with banking websites, major online stores, and all the other things where being able to verify someone's identity is important enough that a simple username/password just doesn't cut it. Then you can lock down all of these services to just the computer (or few computers) that you typically use, and it prevents anyone else from stealing your accounts even if they do get your username/password.

In theory, you can bypass this kind of system with software on the local machine, but it would have to have complete control of the entire system, and even then it's not guaranteed - for example, if it operates like HDCP, the data will be encrypted at every level of the system. Of course, if that kind of software was on your machine, you're in a lot of trouble no matter what and at least this system offers some potential for protection even in that extreme case, while you'd be screwed without it.

 

[lacktheknack]

MoolyFTW, eh?


Urban Dictionary says it (mooly) is a derogatory term used by Italians for black people... or just "eggplant."

So, is Gabe Newell a secret racist? Or a fan of Eggplant Parmesan?

Only asking him directly will tell.

Given what we know about Gabe, I'm pretty sure its safe to say that its the latter...



(btw that was a fat joke for all of you that didnt get it )

Aaaaand Episode Three has been pushed back another two weeks. Thanks.

 

[Redlin5_v1legacy]

So... How long until we hear it got cracked? Three months? Less?

 

[Berethond]

So now Gabe Newell has outright CHALLENGED hackers (people who are DEDICATED to finding ways around the most complex computer security systems) to hack his computer not only giving his login data but also defiantly claiming that it can't be done.

So, how long do you thing it will take before this comes back to bite him in the arse?

Taking all bets people! Taking all bets!

He's done it on purpose. He'll hire the first guy to crack it and set him to work fixing all Valve's security holes.

It's not really advertising, just a really clever job interview.

 

[mireko]

Obviously no hacker would ever WANT to hack Gabe's account, I mean it's Gabe freaking Newell, I haven't met a single person who hates the guy.

Also I can't resist; "Hi, I'm Gabe Newell and welcome to Steam! We now have an anti-theft program that, after several years in development will have hopefully been worth the weight. You can attempt to hack me at [email protected] with the password MoolyFTW, and my favorite class is the Spy!"

*eating, narrowing eyes*

 

[Helios_(DEL)]

If he was REALLY confident about this new "Dectection" stuffs, he'd use it to dare people to steal something important.

Like a kitten or bank account with exactly one dollar in it. Or Half-Life 2: Episode 3.

mentioning all this plus episode 3, he will have traps up his sleeve not worth it guys

 

[Virgil]

Is this really that much different then using an SSH Key [http://en.wikipedia.org/wiki/Ssh-keygen] instead of a password? Other then being a whole lot more inconvenient when your single PC with access to your games via a CPU "fingerprint" has a CPU "malfunction".

It's kind of like an SSH key, except it also has rotating encryption generating time-limited keys. And the keys and the encryption algorithm are built into the system hardware, so there's no way for them to get lost or stolen (short of the hardware itself). It's SSH-level security that Grandma can use.

If the hardware dies, I'm sure there will be a method of verifying identity and getting the lock removed or transferred to new hardware. It's a lot less work than recovering a hacked account would be. Not to mention what you'd have to deal with if the account had your bank info attached to it, and was used to charge up a storm.

 

[Miral]

am i the only one who is hoping valve has some damn good antispam filters for thier company email? or thinking of sending him an email that just says hi

Nah, Gabe giving out his email address isn't new, it's been in the developer commentary for the Half-Life episodes (and Portal, too, I think).

On-topic: this sounds like it's TPM-based. I always make sure my TPM is disabled. I don't think it can be trusted.

It'd be interesting to see if man-in-the-middle attacks work against this. They may or may not depending on how the protocol is implemented. Of course one of the difficulties there will be in intercepting the traffic -- Gabe's PC and the Steam servers are probably on the same network.

In practice, though, it's unlikely someone would be able to crack it without having access to his physical PC to clone the TPM. Or to social-engineer the support staff into "fixing" an outside connection -- which is unlikely to work for the CEO's account.

 

[BlackWidower]

Here's the problem. What if your account is paired with a system that suddenly disintegrates and you need to buy a new one. What do you do?

 

[CrystalShadow]

Spot the spelling error.

I don't dectect anything.

---

I wonder, what happens if someone has an identical PC build? Do they somehow log serial numbers as well? I'm not entirely familiar with this hardware security concept.

It doesn't work that way. (and it wont work at all on all but the newest intel CPU's).

This is like having a specific code in your computer that no other computer on the planet has.

I'm sure there's a way to crack it, but just having an identical PC won't do the trick, because the internal code number (or whatever it actually is) would still be different.

The problem with this is that it can be used by a company to screw you over later.
Making sure something you buy will only work on one computer. Ever.

Yeah... A very scary technology disguised as something 'useful'.

 

[ExplosionProofTaco]

Out of Curiousity, I googled 'Mooley'. Turns out is the Italian word for a Black Person.

OH GABEN.