首頁>Security>source

為什麼 Steam 應用程式試圖如此安全? 它似乎迫使你采取比大多數银行更多的安全措施(双因素身份驗證,確认所有交易的電子郵件等)。

這是因為Steam軟體存在一些固有的安全风险,還是因為他们想避免让人抱怨他们的帐戶被黑了?

Steam是否有理由比大多數银行更安全?

最新回復
  • 2019-12-5
    1 #

    Steam拥有大約1亿使用者(隨機鏈接說他们差不多2年前有7500万).如果他们平均每年花费10美元,那麼我们每年說的是1,000,000,000美元 - 而且我认為這是一个保守的估計(隨機鏈接說他们在2010年有10亿美元的收入). That's the same kind of money small banks deal with

    然後几乎可以肯定是 a large number of low tech attackers .许多child使用蒸汽還没有正確理解合法性,因此至少其中一些人会試圖窃取另一个闻起来有趣的child的帐戶.要明確:1亿的"一些"是"很多".這些攻击者经常住在同一个城镇,甚至可能看到另一个child輸入密碼之前,這打破了一些基於IP範圍和密碼的傳統安全.被盗账戶会产生客戶支援费用.關於被盗账戶的廣泛報道造成了糟糕的新闻,這会破壞信任.對於數字市场,信任就是金钱。

    Valve也与众多合作伙伴合作.這些 partners can act maliciously and try to break/abuse the billing process 這將直接损害Steam的声誉,因此会损失Valve一些嚴重的資金,除非發現並迅速處理滥用行為。

    編輯:

    [...] enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers [...] We see around 77,000 accounts hijacked and pillaged each month. - 9 Dec 2015http://store.steampowered.com/news/19618/

    因此,除了大量低技術攻击者之外,還有大量高科技攻击者。

  • 2019-12-5
    2 #

    我认為這是可以理解的,特別是為什麼他们覺得需要對使用者強製采取安全措施:

      A Steam account can be a very valuable asset, many Steam libraries would easily cost hundreds, if not thousands to replace

      People often don't treat their steam account as carefully as other accounts, eg email or a bank account

      Once stolen it's very difficult to determine the legitimate owner. Unlike a financial institution they can't ask a user to take ID to a branch.

      Many children use Steam. Information belonging to children deserves a higher level of protection

      Children using Steam can't necessarily be trusted to be security conscious. They may share their passwords, etc.

      Having your account stolen would create a very negative impression of the Steam distribution model. Many people would blame Steam and the distribution model they're trying to champion, even if the user was entirely to blame.

      There is a huge market for stolen steam accounts, and it's fairly easy to steal one using unsophisticated methods such as phishing

  • 2019-12-5
    3 #

    真正的原因是欺诈.一个典型的骗局看起来像這樣:

    诈骗者使用被盗信用卡或被盗帐戶从Steam商店或 Steam市场上购买遊戲.许多CS:GO,TF2和Dota 2專案value100美元甚至1000美元,所以這些都不是我们所說的便士骗局。

    诈骗者然後使用像 tf2outpost.com 或 steamtrades.com .如果被盗帐戶在该網站上有很高的声誉,很容易說服毫無戒心的使用者使用Paypal付款。

    几天或几週後,信用卡/帐戶的真正所有者意識到他们的凭證被盗並發出退款。

    現在本来可以轉到Valve的钱会轉到诈骗者的口袋裏.這也是因為在Steam Market上购买的商品現在已無法使用7天(遊戲時間為30天)。

    Valve是私人拥有的,並不公開發佈他们的财務報表,但索尼和微软等大公司每年因這類信用卡欺诈而损失數百万美元。

  • 2019-12-5
    4 #

    其他答案中没有提到的另一件事是Valve公司結構的影响及其對可擴充套件解決方案的理解。

    大多數Valve員工(如果不是全部)都被雇用到Valve的文化中,每个人都在自己選擇的專案上工作,特別是如果他们认為這是他们可以為公司做出的最有value的贡献.由於這種文化的原因可以理解,Valve的員工很少關註客戶服務/投诉處理。

    此外,Valve將社區驅動/遊戲化解決方案视為使功能可擴充套件的主要方式.另請參阅:Steam標簽,評論等

    由於這些原因,並且由於TF2和CS:GO專案的真實世界value很高,Steam遭遇了一连串的帐戶盗窃,Valve自然而然地將双因素身份驗證作為一種使用者驅動的减少方式 他们必须處理的令人頭脑麻木的帐戶盗窃案件的數量.他们通過製作新級別的社區徽章並添加双因素身份驗證作為其中一項活動,进一步采用双因素身份驗證,為Steam市场提供双因素身份驗證使用者的有限時間折扣等. / p>

    总結一下, another reason Steam is insistent on security is to free software engineers up to do more engaging work.


    Update 12/10/15:   正如Valve刚刚解釋的那樣:

    Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has increased twenty-fold as the number one complaint from our users...

    We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc.

    每月恢複77,000个帐戶会增加工程师花在其他時間上的大量時間。

      Steam does not care nearly as much about dealing with customer problems - they won't even offer a return policy unless forced to by law. Banks tend to have much more helpful customer service policies.

      Banks are protected by many well established laws and regulations. Your bank account is insured by the government. There is a lot of information, such as SSN, address, and employer that is required by a bank, so it is much easier for them to verify your identity, and resolve disputes (crimes and fraud attempts). Meanwhile, Steam neither enjoys this sort of protection from the government, nor has as many resources available for investigating crimes. If your bank account was stolen, the FBI would easily be all over it, the criminal would be caught, and get many decades in prison. If your Steam account was stolen, would the police even produce a suspect you can take to court?

  • vulnerability:為什麼MITER不会更改明顯不正確的CVE條目?
  • vulnerability:使用来自两个不同供應商的防火墙更安全吗?