Go Back   Steam Users' Forums > Steam Discussions > Help and Tips

Reply
Click here to go to the first staff post in this thread.  
Thread Tools Display Modes
Old 06-21-2012, 06:02 PM   #46
Satoru
 
 
 
Join Date: Jul 2008
Reputation: 4993
Posts: 10,816
Quote:
Originally Posted by jimrad1 View Post
The only thing Ive learned is Steam Guard is ineffective if someone can make changes like that and assume a person account. Steam needs a better system. There has to be a way to recover an account thats a bit more sure fire. I would think since the original account has a persons real name and contact, that simply scanning and ID card would do the trick. Gives me no confidence in Steam Guard actually. No matter how strong my password on email or Steam is, if the new person can just come along and change it and reroute a persons ticket to a new email address.
SteamGuard is as effective as the security on your computer and your email. It's not designed as some kind of ultimate security for your account. It's another wall for a hacker to climb. Again you can also hack the RSA tokens by hijacking the computer and intercepting the key codes. It's complicated but it's possible.

No system is perfect but SteamGuard is every effective at stopping most phishing attempts and passwords being stolen from other websites. To say that it's worthless is simply ludicrous.
Satoru is offline   Reply With Quote
Old 06-21-2012, 06:12 PM   #47
BLITZDace
 
 
 
Join Date: Jul 2011
Reputation: 321
Posts: 841
Concur with Satoru - format the PC (you said you would, but I thought I'd re-iterate) because nothing compromises a PC like old(er) people do. Parents were on it for (holy sweet mother of messiahs) a whole week? then take the format gun to the PC's head and pull the trigger.
BLITZDace is offline   Reply With Quote
Old 06-21-2012, 07:23 PM   #48
zonkz
 
Join Date: Aug 2011
Reputation: 425
Posts: 1,610
These "older people" explained the world to you, while you knew nothing.... And you are still alive

Now its your turn....
zonkz is offline   Reply With Quote
Old 06-22-2012, 01:04 AM   #49
Rifle Elite
 
Banned
Join Date: Jun 2012
Reputation: 5
Posts: 65
The forums are not where you post this, contact and wait for Steam Support to help you.

I swear, you people never learn that the Forum mods don't have any of your Account information stored in some notepad document on their computers...Only Steam Support can assist you...
Rifle Elite is offline   Reply With Quote
Old 06-22-2012, 02:43 AM   #50
Jim E. Russel
 
 
 
Banned
Join Date: Jun 2012
Reputation: 59
Posts: 84
In case it hasnt been said yet, your computer was most likely infected with a RAT.
A RAT is a Remote Administration Tool. It's purpose was most likely so companies and parents can see what their workers/children are doing on their computer. Obviously it can be abused because once installed it can see what you type (keylogger), look in your files, as well as edit delete and transfer them, can even look at your webcam if you have one installed, and see EVERYTHING YOU DO. Today most RATs come with desktop cameras that can watch your screen 24/7
The first thing you should do is to install keyscrambler (it replaces your keystrokes with garbled letters) and to remove/cover any webcams you have. afterwards you can follow a guide on how to further get rid of it.
Jim E. Russel is offline   Reply With Quote
Old 06-22-2012, 04:08 AM   #51
MystMan
 
Join Date: Feb 2011
Reputation: 145
Posts: 634
Quote:
Originally Posted by jimrad1 View Post
The only thing Ive learned is Steam Guard is ineffective if someone can make changes like that and assume a person account. Steam needs a better system. There has to be a way to recover an account thats a bit more sure fire. I would think since the original account has a persons real name and contact, that simply scanning and ID card would do the trick. Gives me no confidence in Steam Guard actually. No matter how strong my password on email or Steam is, if the new person can just come along and change it and reroute a persons ticket to a new email address.

Quote:
Originally Posted by Satoru View Post
SteamGuard is as effective as the security on your computer and your email. It's not designed as some kind of ultimate security for your account. It's another wall for a hacker to climb. Again you can also hack the RSA tokens by hijacking the computer and intercepting the key codes. It's complicated but it's possible.

No system is perfect but SteamGuard is every effective at stopping most phishing attempts and passwords being stolen from other websites. To say that it's worthless is simply ludicrous.
I agree with Satoru. You can not rely on any type of system to do 100% of the work to protect you. That is very unrealistic. A security system is only as good as its human user allows it to be. From a bank vault to your house keys, any of these things can be stolen/cracked as soon as a human error is involved. This is a life lesson everybody should learn ASAP.

In OP's case, letting his parents use his PC on his same main Windows account was the human error. When other people use your PC, make a separate guest account, preferably with many restrictions. Steam is something I invest a lot of money in, I wouldn't let somebody mess around in that same windows account where it resides. That's like letting my wallet on a table and assume nobody will look in it or even take it.


It's quite common for older people to click on every "yes" they see on popups. They didn't grow up with computers and internet like we did. They're not aware of the risks of the internet.
It's common for me to (as usual) having to fix my mom's laptop when she complains it's too slow. Her browser is always packed with 5-7 toolbars and a truckload of tracking cookies, trojans, and lots of other junk.
MystMan is offline   Reply With Quote
Old 06-22-2012, 04:36 AM   #52
Tito Shivan
 
 
 
Join Date: Oct 2010
Reputation: 3393
Posts: 9,052
Quote:
Originally Posted by MystMan View Post
I agree with Satoru. You can not rely on any type of system to do 100% of the work to protect you. That is very unrealistic. A security system is only as good as its human user allows it to be. From a bank vault to your house keys, any of these things can be stolen/cracked as soon as a human error is involved. This is a life lesson everybody should learn ASAP.
Agree with Satoru too. Steam actually provides enough layers of security as to keep your account secure. Bypassing a two factor authentication (steam login+email code) is really hard to overcome without having a great ammount of data from the user.

Of course, as one of the general computer security rule states, If someone has access to your computer, you are pretty much ed. Once someone gets inside your computer, any security measures become almost moot.
Tito Shivan is offline   Reply With Quote
Old 06-22-2012, 06:56 AM   #53
suntox
 
Join Date: Jun 2009
Reputation: 19
Posts: 216
Quote:
Originally Posted by chenna22 View Post
No, different passwords.

So I have to wait another three days before I even get a response? Great.
It sounds as if either you got a trojan, or someone with access to your computer installed a logger.

I would suggest installing a good AV like Eset Nod32 (free version), and a firewall like comodo. The firewall is free and comes with Defense+, which when you set it to paranoid will ask you for permission for every little thing programs do on your comp. Plus the firewall shows all active connections and the related progs with 1 click.

If you got another comp or smartphone, handle the support ticket from there and change the password using that device.
suntox is offline   Reply With Quote
Old 06-22-2012, 07:15 AM   #54
Satoru
 
 
 
Join Date: Jul 2008
Reputation: 4993
Posts: 10,816
@jimrad1 if you don't trust SteamGuard simply remove it if you wish. But you'll soon wish you had not!

What you need to understand is that SteamGuard moves the chain of trust up one link to your email address. That a hacker now needs two things, your Steam username/password as well as your email username/password. As in the OP case, if the hijacker has access to their computer already and has keylogged the passwords for both the steam and email accounts, then there's pretty much nothing you can do at that point anyway. If hackers get free reign access to your computer, then the game is already done.

If you want to talk about ways in which SteamGuard is vulnerable then there are a few:

1) Passcodes are not single use
2) Passcodes are sent via email which is insecure

Thus a theoretical vector is to trigger the SteamGuard email, and sniff traffic across some node where the email is being sent, and reuse the code. But this is pretty hard to do, since you need to have access to a node where you can sniff the traffic,which is between Steam's SMTP server and the target mail server. Not 'impossible' but fairly non-trivial. When it's a ton easier just to ask people to give you their passwords because I have FREE GAMEZ!! Or FREE CS:GO and DOTA2 keyz!!

To put THAT much effort into something the account needs to have something valuable in it. Steam accounts just aren't that valuable in reality. The hackers that were intercepting the RSA codes from the hard tokens and using that to hijack accounts were targetting specific people in WoW. That's because those accounts have an actual money value associated with them, especially the items and the clan inventory access. They swooped in grabbed the loot and then tranferred everything to their gold farming website to sell. Not saying TF2 items aren't valuable, it's just a lot harder to launder the money out unlike in WoW.

Last edited by Satoru: 06-22-2012 at 07:18 AM.
Satoru is offline   Reply With Quote
Old 06-22-2012, 11:07 AM   #55
ChrisW
 
Join Date: Nov 2009
Reputation: 942
Posts: 3,072
I'm afraid the only thing Valve can do to protect Steam accounts is to force people to pass an IQ test before getting an account. The first thing it says in the chat window is to never tell your password to anyone, yet they still give it to random strangers. When you click on a link, it tells you you are being redirected away from Steam, yet they still try to log into fake Steam websites. They continue to think people are really giving away free games and keep downloading cheats that contain keyloggers, as if you can trust the integrity of someone that is breaking lots of laws to hack software.
ChrisW is offline   Reply With Quote
Old 06-22-2012, 12:43 PM   #56
zonkz
 
Join Date: Aug 2011
Reputation: 425
Posts: 1,610
The best way to explain and to avoid things that could happen in the internet, even without naming them:

Imagine, "this" would happen on a street in a town. Would you trust?
If the answer is "No", you are about to avoid at least 85-97% of all dangers in the internet.
zonkz is offline   Reply With Quote
Old 06-22-2012, 01:13 PM   #57
Satoru
 
 
 
Join Date: Jul 2008
Reputation: 4993
Posts: 10,816
Quote:
Originally Posted by ChrisW View Post
I'm afraid the only thing Valve can do to protect Steam accounts is to force people to pass an IQ test before getting an account. The first thing it says in the chat window is to never tell your password to anyone, yet they still give it to random strangers. When you click on a link, it tells you you are being redirected away from Steam, yet they still try to log into fake Steam websites. They continue to think people are really giving away free games and keep downloading cheats that contain keyloggers, as if you can trust the integrity of someone that is breaking lots of laws to hack software.
Smart people still do stupid things.

My friend who's pretty damn smart got his Diablo3 account hijacked? Why? Because he hasn't changed his password on there for years. He's pass any test you coudl throw at him with flying colors.

The reality is users, even smart ones, get lazy. I'm pretty good with my account and computer security. But do I get lazy sometimes? Are some of my account passwords 'sub optimal' yeah... I'm guilty of that too. Everyone is from time to time.
Satoru is offline   Reply With Quote
Old 06-22-2012, 01:15 PM   #58
ChrisW
 
Join Date: Nov 2009
Reputation: 942
Posts: 3,072
Quote:
Originally Posted by Satoru View Post
Smart people still do stupid things.
Yes, they do, then they admit they did something stupid. They don't blame Valve or Steam and say they should have done more to prevent it (do all the thinking for them).
ChrisW is offline   Reply With Quote
Reply

Go Back   Steam Users' Forums > Steam Discussions > Help and Tips


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 09:02 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2014, All Rights Reserved.