Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: FYI: Steam accounts were hacked (around 10th November)

  1. #1

    FYI: Steam accounts were hacked (around 10th November)

    Hey all,
    just in case you guys/gals have purchased anything on Steam, and you didn't know - apparently Steam was hacked and private user info (credit card numbers, passwords, etc.) were stolen!:

    http://www.gamasutra.com/view/news/3...o_Obtained.php

    cheers,
    Paul
    Games:
    Seafox


    Pages:
    Syntax Error Software itch.io page

    Online Chess
    http://gameknot.com/#paul_nicholls

  2. #2
    As far as i know, creditcard details are only saved client side. Also all data should be RSA-256+salt crypted which should take a millenium to break But it's still good to know when these happen just in case.

  3. #3
    From the article if you couldn't read it:
    a database containing private user information has been stolen.

    That information includes user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information, according to an email sent by Valve managing director Gabe Newell to Gamasutra.

    According to Newell, the company does not currently have any evidence of credit card misuse at press time, though warns that Steam users should nonetheless closely monitor their credit card activity.
    Games:
    Seafox


    Pages:
    Syntax Error Software itch.io page

    Online Chess
    http://gameknot.com/#paul_nicholls

  4. #4
    Quote Originally Posted by User137 View Post
    Also all data should be RSA-256+salt crypted which should take a millenium to break But it's still good to know when these happen just in case.
    I don't think that dada encryption would help in preserving users information nowadays.
    While 5 years ago having 8 character long alphanumeric password (combination of asci leters and numbers) was considered safe (would take more than a year breaking it by brute force attack), nowadays this same pasword can be cracked in just a few days on a single computer (using combined power of multicore CPU and GPU). Not to metion how quickly can this pasword be broken using the power of cloud computing (probably just a few hours).
    Also knowing wich encryption algorithm has been used to encrypt data in the first place makes decrypting it a lot easier.

  5. #5
    Quote Originally Posted by User137 View Post
    Also all data should be RSA-256+salt crypted which should take a millenium to break
    This is assuming that all data was encrypted, hashed and so on. You would be surprised how many modern web sites and service still do not encrypt their data and sometimes even forget to hash passwords! In addition, as SilverWarior said, solving hashed/salted/encrypted password and/or credit card number for distributed computing is not a problem these days. Sometimes, when using additional information about the user (e.g. name, credit card bank & country) this information can be decrypted in minutes.

    I'd say they've screwed up big time and it's yet another example why you should not let web sites remember your credit card information.

  6. #6
    256-bit encryption is still nowadays secure. In computer theory it's quantum computers that some decades later may revolutionize decryption, but modern supercomputers can't do it.

    If interested you can try something like:
    http://www.golubev.com/hashgpu.htm
    It even uses GPU power to greatly utilize all the power computer has for MD5 hash cracking. If you assume that word is only 1..8 characters long (256-bit would mean 32 characters) and only contain small letters from a..z it will take many hours. Now add numbers and big letters in the force and it'll take forever...

  7. #7
    Quote Originally Posted by User137 View Post
    256-bit encryption is still nowadays secure. In computer theory it's quantum computers that some decades later may revolutionize decryption, but modern supercomputers can't do it.

    If interested you can try something like:
    http://www.golubev.com/hashgpu.htm
    It even uses GPU power to greatly utilize all the power computer has for MD5 hash cracking. If you assume that word is only 1..8 characters long (256-bit would mean 32 characters) and only contain small letters from a..z it will take many hours. Now add numbers and big letters in the force and it'll take forever...
    I agree that breaking 256-bit enkcyption on a single computer would be usles becouse it would take to much time. But what if you do this with thousands of computers, each trying out just a portion of posibilities? Then the time greatly decreases. And what is cloud computing that just dividing some work between a few thousands computers.

    Why do you think that larger hacker groups are creating their own so caled botnets? Becouse this can provide them with a great computational power. And with large enough botnet you could achive computational power even compared to some supercomputers.

    Also rapid advancments in computer technology are making data encryption less and less secure every day. Are you aware that most mobile phones nowadays have more computational power than 15 years old computers have. For instance my Nokia 5320 has 369 MHz ARM processor and it isn't considered as smartphone. Most smartphones have 1 GHz ARM procesor in them already, and some even have multicore procesors. And theese can easily cope with 10 years old computers if now even newer.

  8. #8
    Quote Originally Posted by User137 View Post
    256-bit encryption is still nowadays secure. In computer theory it's quantum computers that some decades later may revolutionize decryption, but modern supercomputers can't do it.
    Yes, but you need to consider what type of data is being encrypted. For large text documents of unpredictable data - sure, it's pretty secure. Now consider credit card number, which uses only 16 digits (which itself fits only in 128-bit block), some of which can be easily guessed using regional information from the user. You don't need even a super computer to crack this. Yes, there are ways to make it more secure by adding random data and such, but as I said before, I doubt they even use encryption in the first place, let alone other advanced techniques.

    Quote Originally Posted by User137 View Post
    It even uses GPU power to greatly utilize all the power computer has for MD5 hash cracking. If you assume that word is only 1..8 characters long (256-bit would mean 32 characters) and only contain small letters from a..z it will take many hours. Now add numbers and big letters in the force and it'll take forever...
    On your integrated Nvidia card... sure, it may take some time. But have you tried running it on more serious personal computer or nice entertainment system?

  9. #9
    Quote Originally Posted by Lifepower View Post
    On your integrated Nvidia card... sure, it may take some time. But have you tried running it on more serious personal computer or nice entertainment system?
    How did you go and guess that? I can actually play Crysis and Skyrim on high settings smoothly. It's a computer built from custom parts, but more than year ago.

    I dare you to try that... There was a small programming challenge about it some month back, about MD5. If you use Google Chrome it will propably translate it properly:
    http://www.ohjelmointiputka.net/posti.php?tunnus=md5h

    In short, there is a list of hashes in file where first line hash is 1 character, second 2 character... and finally 20 character long word hashed. These all only consist of small a..z. Many good people have tried it, and best break is only 11 characters long hash. I was able to do 9, with limiting search ranges and guessing. That is why i say, if it has capital letters and numbers i'd not have even broken 8.
    The words are random; 5 character word could well be like "asgwz".

    Oh.. and MD5 is designed to be a fast hash to make for file verification. RSA256 is designed for encryption, and much slower to calculate for single word.
    Last edited by User137; 20-11-2011 at 01:25 PM.

  10. #10
    Quote Originally Posted by User137 View Post
    How did you go and guess that? I can actually play Crysis and Skyrim on high settings smoothly. It's a computer built from custom parts, but more than year ago.
    I have added the smile after my question to identify it as a rhetorical. My point was that the hardware used in question may affect computational time greatly (by a factor of ten and more). And seriously, your machine is close to the ones I've mentioned? Did you check their specs? Quad Nvidia GTX 480, 1920 CUDA cores in total, dual Intel Xeon clocked at 4.3 Ghz with 12 physical cores total and 24 logical cores total... My rig can also run Crysis smoothly at highest settings, but it's nowhere near the above specs.
    Last edited by LP; 20-11-2011 at 02:48 PM.

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •