There’s little doubt that our new web distribution systems often fail to do the best job in protecting information. Sometimes, as in the case of the massive loss of federal government information and the theft of retail credit card info, the problems are desperately in need of improvement.
But sometimes problems turn out to be downright miserable in ways that can cause ridiculous amounts of trouble. This week, I was looking for additional examples of information theft as I am trying to build suggestions for more protection. Good approaches are often being used especially for new services and eventually even the government will be forced to make things better. Others are another story.
I came across an interesting account from Master Herald with the headline “Accounts Hacked!” It may not have been terribly important, but it shows how screwed a company can be. A report claimed intruders found an opportunity to steal a “forgotten password” for access to Valve’s Steam, a service that makes a variety of online games available on the internet. There was a published account found through a Google search of considerable detail on the alleged attack. Usually when something like this occurs, there are multiple internet reports but here the detail seemed only to repeat the text from Master Herald. I’m not going to link to it because the link has some very nasty components; search on you own if you want to risk it.
Master Herald declares itself a news service based in Muscat by Al-Mashroot Akhbar Co., unrelated, as best I can tell, to any other network service. The one thing we can be grateful for is the Steam report did not get much coverage. The only secondary report was on Y Hacker News and it was a bunch of comments that referred back to the Master Herald report–with dozens of suggestions that turned out to have little to do with the alleged Steam issue.
Still, the Y Hacker News report is very safe compared to the Master Herald web page. The Master Herald page looks very confusing, filled with non-working links. DO NOT click on the links; you won’t get what you want and what you get may cause trouble.An example of the text (links delinked):
Valve’s Steam is the biggest platform in the PC gaming market, with Valve themselves being one of the most prominent companies in the gaming industry as a whole. Steam has millions of accounts all over the world, and in some cases people have invested literally thousands of dollars into their own accounts. Which is why a security breach like the one that just occurred a few days ago is something to take very seriously.
Click on any of those links and you generally get an ad totally unrelated. It brings a box—uncopyable—that takes you to a new screen of something. Mostly the web screen you get is pointless but harmless. But sometimes it will lock your browser with a blue screen that cannot be copied. Then you get one of several boxes like:
This then locks up your browser, if you are lucky, or freezes the system. As best I can tell, the ultimate goal of all this junk is to get you to call the “toll free helpline” for assistance. I wasn’t willing to go that far.
What is this sort of thing all about? I found it essentially impossible to make sense. But I guess there must be enough uninformed silly users that they will actually try. Still, it is troubling that what begins as a report on a somewhat scary (if false) Valse Steam problem ends up doing a good job of messing up your system temporarily.
The proof that it’s possible to put up really dreadful web sites. It’s your job to be careful.