- GabeN@valvesoftware.com
- MooleyFTW
Fake, of course
| CS.RIN.RU - Steam Underground Community http://cs.rin.ru/forum/ |
|
| [Info] Steam Guard http://cs.rin.ru/forum/viewtopic.php?f=31&t=58968 |
Page 2 of 3 |
| Author: | PeJpepiG [ Saturday, 05 Mar 2011, 17:56 ] |
| Post subject: | Re: Steam Guard |
Steam Support wrote: Q: Does Steam Guard take advantage of the IntelĀ® Identity Protection Technology solution that Valve and Intel recently announced? A: No, not in this beta. We hope to offer additional forms of authentication soon though, so you'll have your choice of secondary authentication methods with Steam Guard. There goes all the discussion about IPT, at least for now. Flitskikker wrote: So there goes the idea of "with your Steam account you can log on to any computer and play your games everywhere" ? No. |
|
| Author: | .Rar [ Saturday, 05 Mar 2011, 19:00 ] |
| Post subject: | Re: Steam Guard |
peshkohacka wrote:
Wow, an e-mail address as Steam username. Those were the times... |
|
| Author: | ChrisTX [ Saturday, 05 Mar 2011, 19:27 ] |
| Post subject: | Re: Steam Guard |
Durp Derp wrote: Why not? If Steam can access stuff, why can't your malware? Consider it like this: You have in the Management Extensions (ME) on your motherboard a runspace for a generation routine. IPT generates a time dependant code (changes every 30 seconds) that can only be generated by the hardware. The actual key used for generation is not available. You can only generate the current ticket. One could steal these tickets, but after 30 seconds, it would become invalid. Malware could in theory generate such a code - though very unlikely as this is really complicated - but it would be also valid only 30 seconds. However, there is no way to access the keys used for generation from software, what brings the security. Without access to the hardware, there's no way to access the account. If you know how Kerberos V works, the ticket idea is the same, only KRB5 uses 30 minutes as timeout interval. |
|
| Author: | Steve Jobs [ Saturday, 05 Mar 2011, 21:52 ] |
| Post subject: | Re: Steam Guard |
ChrisTX wrote: Durp Derp wrote: Why not? If Steam can access stuff, why can't your malware? Consider it like this: You have in the Management Extensions (ME) on your motherboard a runspace for a generation routine. IPT generates a time dependant code (changes every 30 seconds) that can only be generated by the hardware. The actual key used for generation is not available. You can only generate the current ticket. One could steal these tickets, but after 30 seconds, it would become invalid. Malware could in theory generate such a code - though very unlikely as this is really complicated - but it would be also valid only 30 seconds. However, there is no way to access the keys used for generation from software, what brings the security. Without access to the hardware, there's no way to access the account. If you know how Kerberos V works, the ticket idea is the same, only KRB5 uses 30 minutes as timeout interval. No, no. I wasn't talking about stealing the key or a single generated code. I was talking about putting something on victim's machine that sends a fresh code to the attacker on an interval so the attacker always have a usable key. |
|
| Author: | ChrisTX [ Sunday, 06 Mar 2011, 02:01 ] |
| Post subject: | Re: Steam Guard |
Durp Derp wrote: No, no. I wasn't talking about stealing the key or a single generated code. I was talking about putting something on victim's machine that sends a fresh code to the attacker on an interval so the attacker always have a usable key. That would work, but it wouldn't be very reliable without any portforwarding, and would need a direct request of the attacker. |
|
| Author: | esx [ Sunday, 06 Mar 2011, 02:07 ] |
| Post subject: | Re: Steam Guard |
Wow, did some of you guys even read the news post? Quote: With Steam Guard enabled, anyone attempting to login as you from an unrecognized computer must first provide additional, one-time authorization. A special access code will be sent to your contact email address, and this code must be entered into Steam before your first login on an unfamiliar computer is complete. You will also be notified if any login attempts from computers other than those you've authorized occur. You will still be able to use your account on multiple PCs. |
|
| Author: | ChrisTX [ Sunday, 06 Mar 2011, 02:54 ] |
| Post subject: | Re: Steam Guard |
Siyo wrote: You will still be able to use your account on multiple PCs. http://ipt.intel.com/how-it-works.aspx <- last but one question. IPT would be designed pretty badly if that wasn't possible. |
|
| Author: | Steve Jobs [ Sunday, 06 Mar 2011, 13:41 ] |
| Post subject: | Re: Steam Guard |
ChrisTX wrote: Siyo wrote: You will still be able to use your account on multiple PCs. http://ipt.intel.com/how-it-works.aspx <- last but one question. IPT would be designed pretty badly if that wasn't possible. Quote: In the unfortunate event that your PC is apprehended by a thief, they would also have to know your PC boot-up password, your Windows* password, ... *Completely ignores the asterisk* So if they steal your Mac, they can't get in because they need to know your Windows password too! Mac's are secure once again! Fuk yea! ChrisTX wrote: Durp Derp wrote: No, no. I wasn't talking about stealing the key or a single generated code. I was talking about putting something on victim's machine that sends a fresh code to the attacker on an interval so the attacker always have a usable key. That would work, but it wouldn't be very reliable without any portforwarding, and would need a direct request of the attacker. I didn't say that it should listen to a port and send on request. That's retarded. I was talking about an app that generates a code and sends an HTTP request to some address like "attacker.com/?victim=ChrisTX&code=123234" every 30 seconds or something. You don't need to setup a server that listens to requests. |
|
| Author: | Steam006 [ Sunday, 06 Mar 2011, 16:32 ] |
| Post subject: | Re: Steam Guard |
| Fake, of course |
|
| Author: | Steve Jobs [ Sunday, 06 Mar 2011, 16:42 ] |
| Post subject: | Re: Steam Guard |
Moar liek: 
|
|
| Author: | .Rar [ Sunday, 06 Mar 2011, 19:38 ] |
| Post subject: | Re: Steam Guard |
Haha, nice screenshots! 
|
|
| Author: | h8Steam [ Monday, 07 Mar 2011, 13:22 ] |
| Post subject: | Re: Steam Guard |
soooo shopped! |
|
| Author: | Steve Jobs [ Monday, 07 Mar 2011, 21:39 ] |
| Post subject: | Re: Steam Guard |
More IPT: http://www.youtube.com/watch?v=ZvrrU14dslA |
|
| Author: | sudo [ Tuesday, 08 Mar 2011, 00:57 ] |
| Post subject: | Re: Steam Guard |
You can still play it on any PC/MACucks.. I think you just have to check email and click on the special link which allows you to login on another computer... or something like that... |
|
| Author: | cYCyIYoRDf [ Wednesday, 09 Mar 2011, 00:45 ] |
| Post subject: | Re: Steam Guard |
... |
|
| Page 2 of 3 | All times are UTC + 3 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|