AMD Accidentally Leaks 1.7 Million DiRT 3 Keys

← Back to Stories (view on slashdot.org)

AMD Accidentally Leaks 1.7 Million DiRT 3 Keys

Posted by Soulskill on Tuesday September 6, 2011 @08:18PM from the oops-times-one-point-seven-million dept.

An anonymous reader writes "The free game with every graphics card deal has finally backfired for AMD and Codemasters. Due to a lack of .htaccess, 1.7 million keys for a free copy of DiRT 3 on Steam have been leaked. No word from AMD or Codemasters yet, but I'm sure Valve will block all the codes on Steam soon. One question that remains: if you used one of the codes, will Steam ban your account? There could be a few very unhappy gamers later today if that happens." The exact number of keys is in question — reports range from 250,000 to 3 million — but AMD confirmed that a leak did occur.

187 comments

Min score:

Reason:

Sort:

I need to take a leak... by ArsenneLupin · 2011-09-06 20:20 · Score: 0

Wow, that feels good!
1. Re:I need to take a leak... by AMoth · 2011-09-06 20:28 · Score: 0
  
  *Ouch*
2. Re:I need to take a leak... by Sulphur · 2011-09-06 20:31 · Score: 0
  
  Wow, that feels good!
  This is not the leak that they are seeking.
3. Re:I need to take a leak... by Z00L00K · 2011-09-06 22:14 · Score: 1
  
  See it this way - the solution is to release a new version with additional features and take the losses for the version with lost keys. And stop further updates to the version with lost keys.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
4. Re:I need to take a leak... by tomknight · 2011-09-06 22:21 · Score: 0
  
  *Ouch* ??
  You need to see a doctor about that.
  
  --
  Oh arse
What about legit keys? by djsmiley · 2011-09-06 20:23 · Score: 2

What about people with legal keys..... I hope I don't miss out on using this.
I'll likely give the key away as I'm a Linux user and don't care about the Dirt game either, but it'll be a shame if everyone misses out now because of this?

--
- http://www.milkme.co.uk
1. Re:What about legit keys? by delinear · 2011-09-06 21:15 · Score: 1
  
  I thought the same thing - I can't imagine Valve would ban users if there is any risk of banning legitimate users, that would be opening them up to a huge backlash from users. More likely they'll just void the keys and Codemasters/AMD will have to set up a different scheme to compensate the legitimate purchasers.
2. Re:What about legit keys? by Anonymous Coward · 2011-09-06 21:31 · Score: 0
  
  What's the point of a key?
  It's a value you put in memory so the CPU can compare it to another value it generated from a list of commands (machine code) they already gave you.
  Why not simply generate it yourself (using that list) or remove the comparison commands from the list?
  In other words: Any form of "copy protection" is seriously delusional. No exceptions.
  If you want to pay software developers (like me) for their service, then pay them for their service. :)
  The code that is created and is passed on to other people, has been, is, and always will be completely free.
3. Re:What about legit keys? by TubeSteak · 2011-09-07 01:52 · Score: 1
  
  What about people with legal keys..... I hope I don't miss out on using this.
  With 1.7 million keys, I'm guessing some semi-intelligent hacker can reverse engineer Dirt 3's key generator.
  Soon there will be legal keys for everyone.
  
  --
  [Fuck Beta]
  o0t!
4. Re:What about legit keys? by WNight · 2011-09-07 02:39 · Score: 1
  
  Perhaps, but if they generate them cryptographically (hash random strings to generate more-random keys) there won't be a practical way.
  It's (usually) not like it used to be where the keys were just a pattern thing, now your specific key is looked up and if it's not there it doesn't let you in.
5. Re:What about legit keys? by subanark · 2011-09-07 02:40 · Score: 1
  
  Sure I bet the key generator could be well known... too bad that less than 0.1% of those keys are actually active and attempting to use an unactivated key will result in initially an error, and if enough attempts are made an investigation by steam and auto blocking of your account.
6. Re:What about legit keys? by Anonymous Coward · 2011-09-07 04:36 · Score: 0
  
  Since you had to fill out a form to get the legit key they can just scan their DB for keys with blank fields and ban those. You should be fine.
7. Re:What about legit keys? by Ark42 · 2011-09-07 05:10 · Score: 1
  
  It might be theoretically somewhat possible, if the keys are just random number indexes into a database (requiring an online check) and you have 1.7 million in order, maybe you can figure out the seed and formula for the pseudo-random number generator used. With the right information (which may be much more than 1.7 million sequential numbers) I know it's eventually possible to predict the output of a pseudo-random number generator. Although a single reset of the seed number (re-calling srand() with some random time as the seed) would make all your work useless.
  
  --
  Morphing Software
8. Re:What about legit keys? by exomondo · 2011-09-07 13:45 · Score: 1
  
  What's the point of a key? It's a value you put in memory so the CPU can compare it to another value it generated from a list of commands (machine code) they already gave you. Why not simply generate it yourself (using that list) or remove the comparison commands from the list?
  In other words: Any form of "copy protection" is seriously delusional. No exceptions.
  Because the CPU comparing it isn't your CPU, when you register with Steam you send them the code and they verify it against their list.
9. Re:What about legit keys? by Kalriath · 2011-09-07 16:56 · Score: 1
  
  No, there won't be legal keys. Since the key is not so much a Dirt 3 key as it is a Steam Redemption Code. And redeeming a code which Steam has not generated and activated will go badly for you.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
10. Re:What about legit keys? by WNight · 2011-09-08 02:51 · Score: 1
  
  That isn't really a practical attack against a hash which is why they'd very likely be using one as part of their system. Part of the point is that they discard information (if done right) making it very one-way.
  It'd only work if you perfectly guess the plaintext and that'd only work if they used weak strings like 'One' or '1002007'. If you think anyone has ever, or will ever, type exactly the same sequence of letters as you, you shouldn't be using that phrase cryptographically.
11. Re:What about legit keys? by Anonymous Coward · 2011-09-09 04:09 · Score: 0
  
  Holy shit. Talk about being beyond remedy!
  And which CPU do you think executes the list of commands where it says "now send the code and only continue when you get a OK from Steam" in the first place? Just jump over that part then! It boggles the mind how this is not utterly obvious to you...
  Even when the rest of the list is encrypted, even once getting the code to decrypt it, and then saving the decrypted list on your hard disk, will solve that.
Steam policy on account bans by headLITE · 2011-09-06 20:24 · Score: 4, Informative

https://support.steampowered.com/kb_article.php?ref=5406-WFZC-5519

There is a Zero-Tolerance policy for any violations of the Steam Subscriber Agreement and Online Code of Conduct. All accounts in a user's possession for any of the following activities will be suspended:
Piracy or Hacking
This includes using an unauthorized ("hacked") Steam client to access Steam, attempting to register fake CD Keys or attempting to register a CD Key which has been published on the internet.
1. Re:Steam policy on account bans by Stellian · 2011-09-06 20:37 · Score: 2
  
  ...attempting to register a CD Key which has been published on the internet.
  The question is, did the leaked keyset also contained legitimate keys that were distributed with games ? Maybe a mix of:
  - keys yet unused
  - keys printed on CDs not yet sold
  - keys that already in the hands of customers
  If that's the case, not only Valve can't penalize those accounts - they need to actually support online game play as advertised, at the very least for keys in the last category, if they can sort them out.
  I don't care if it's free, and I don't care if the publisher leaked my key: the bundling of a free game skewed my buying decision and I have the right to play it.
2. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 20:47 · Score: 0
  
  You open a support ticket, show proof of purchase and a picture of the media/CD key or whatever they require, and they reallocate the proper CD key back to your account. No biggie.
3. Re:Steam policy on account bans by wmbetts · 2011-09-06 20:51 · Score: 1
  
  That won't stop people from crying, because they had to take 5 minutes out of their day to scan something. They'll also bitch about not having a scanner, digital camera, cell phone with a camera, or knowing anyone with any of those things to prove it.
  
  --
  "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
4. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 20:56 · Score: 2, Insightful
  
  The leak was full of legitimate keys, and also included the IDs that were sold with the hardware.
  The text files were simple rows of Dirt 3 Keys, Hardware IDs, and database identifiers.
  If you wanted, it was simple enough to copy a hardware ID instead of a Dirt 3 key, paste that ID into the amd4u promotion, and receive the appropriate Dirt 3 key in your inbox from AMD themselves.
  If someone did that, there'd be absolutely no way of distinguishing them from a legitimate customer that owned the product, since the hardware ID acted as the proof of purchase. Of course most people didn't register and just copied the Dirt 3 keys directly, so it's possible for AMD and Valve to see what Dirt 3 keys were activated on Steam without their corresponding hardware IDs being registered on amd4u.com. That's probably revoke about 90% of the illegitimate licences.
  The promotion had been running for awhile, so if they just ban all of the keys then some innocent accounts will be hit in the crossfire. At the moment it seems like they are just revoking the licences instead of banning accounts (at least for the users who profess to being tricked into entering the key without knowing where it came from).
  Also, the exact number of keys was 2 million, eight text files with 250,000 keys per file.
5. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 21:07 · Score: 3, Insightful
  
  Why should people have to pay for others mistakes? Why should people have to take those "5 minutes out of their day to scan something", in order to correct a situation they weren't involved with? It's insane to think the customers have to "foot the bill", so to speak, to clean up after AMD's fuck up.
6. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 21:08 · Score: 0
  
  You assume everybody has said "proof" available. Many people discard invoices, get stuff as gifts or have another completely valid reason not to have a "proof of purchase".
  I do hope they ban lots of people, though. At least that way more people realise it's not a good idea to put all your eggs in one basket ... a basket that's stored in somebody else's cellar and to which you have only very limited visitation rights that can be revoked at any time.
7. Re:Steam policy on account bans by mr_lizard13 · 2011-09-06 21:10 · Score: 2
  
  Indeed you are right sir. The game was included in the purchase price, regardless of it being marketed as 'free'.
  
  --
  "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
8. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 21:11 · Score: 1
  
  They'll also bitch about not having a scanner, digital camera, cell phone with a camera, or knowing anyone with any of those things to prove it.
  Why not. None of those things are necessary to buy and play the game.
  If AMD / Codemasters can't keep things tight it should be their problem. If they want to change the deal for one of the users it should be on that users terms, not on conditions forced on him.
9. Re:Steam policy on account bans by delinear · 2011-09-06 21:17 · Score: 1
  
  Sure they will complain that it's effort on their part when it wasn't their fault, that's what people do, but they're far less likely to dump Steam as their distribution system which is ultimately what Valve care about. Compared to banning someone's account outright it's the obvious solution (well, unless AMD/Codemasters are prepared to foot the bill and right off the losses - can't see that happening any time soon).
10. Re:Steam policy on account bans by delinear · 2011-09-06 21:21 · Score: 1
  
  Invoices etc. are only the easy way to provide proof of purchase, they're not the only ways. If you paid by card you can maybe show them your bank/credit card statement. If all else fails maybe you send them a photo of you at home holding the product or they telephone you and ask some details from the disk/card (okay this could be faked if you know someone else with the product, but it's still going to limit abuse to the friends of legitimate users).
11. Re:Steam policy on account bans by Xest · 2011-09-06 22:04 · Score: 1
  
  What exactly happens when Steam bans your account? Do you lose access to every game you've ever paid for? Do they refund you?
  I'd be amazed if it's legal for them to block access to content you've legitimately paid for. Has this been tested thus far?
12. Re:Steam policy on account bans by Shoe+Puppet · 2011-09-06 22:11 · Score: 1
  
  Imagine I paid in cash and threw away the disc as I want to be bothered by as little physical stuff as possible.
  
  --
  (+1, Disagree)
13. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 22:15 · Score: 0
  
  You're fucked.
  Yes.
  No.
  Many, many times, but Valve fanboys will rip you to shreds and eat your entrails if you attempt to talk about publicly.
14. Re:Steam policy on account bans by tomknight · 2011-09-06 22:24 · Score: 1
  
  Best throw away your PC too then.
  
  --
  Oh arse
15. Re:Steam policy on account bans by Shoe+Puppet · 2011-09-06 22:26 · Score: 1
  
  That's bullshit. Without the PC, I can't use the PC. Without the media, I can still use the game.
  
  --
  (+1, Disagree)
16. Re:Steam policy on account bans by Xest · 2011-09-06 22:32 · Score: 3, Informative
  
  Hmm, definetely not buying anything from Steam ever again. I've never done anything illegal with it nor do I intend to but the idea that they can arbitrarily steal back from you what you have purchased from them is sickening.
17. Re:Steam policy on account bans by heypete · 2011-09-06 22:45 · Score: 1
  
  My understanding (based off of a friend who had an account banned because he was using various cheats in online multiplayer games on Steam) of the situation is that you can still play games in your account. However, you cannot play on any "Valve Anti-Cheat"-enabled multiplayer server (which is nearly all of them).
  I'm not sure if the penalties are different for attempting to pirate things with Steam.
18. Re:Steam policy on account bans by RogueyWon · 2011-09-06 22:59 · Score: 1
  
  There are levels of ban. The one you've just described is the "lightest" - basically, you lose the ability to play certain steam games (primarily Valve produced ones) online. This tends to be a response to in-game abuses, such as cheating or general bad behaviour. In other words, stuff that is rude and unpleasant but not, in most jurisdictions, illegal. As a former hardcore online gamer, I am enthusiastically supportive of this bit of the policy.
  The use of stolen or leaked keys, or attempts at using a steam account for social engineering type scams will result in a more extreme form of ban - the account is locked and games associated with it (and which require steam to run - actually, a lot of those games on your steam list, particularly the older ones, can be copied out of your steam cache folder and run normally) cannot be run. As this is only used in cases associated with conduct that is against the law in most jurisdictions, this policy has not, as yet, been successfully challenged. If there's a threat to it, it will come from a case involving somebody whose account was compromised (via malware, social engineering or a third party security failure) and then used for these more serious breaches, resulting in the original owner of the account recovering it, and then finding out he has lost all of his games for good.
  This will become more pertinent if breaches such as the earlier Codemasters one (which saw Xbox/GfW Live account information leaked) leads to a rise in compromised accounts where the user in question hasn't done anything particularly stupid (beyond creating an account with the "wrong" company).
19. Re:Steam policy on account bans by TheRaven64 · 2011-09-06 23:12 · Score: 3, Insightful
  
  I'd be amazed if it's legal for them to block access to content you've legitimately paid for.
  It's perfectly legal. You are not buying anything from Steam. You do not own anything that you pay for on Steam. You are paying for a revokable license, at the sole discretion of Valve. If you confuse this with an actual purchase, then that's your problem.
  
  --
  I am TheRaven on Soylent News
20. Re:Steam policy on account bans by rwa2 · 2011-09-06 23:26 · Score: 1
  
  Meh, doesn't sound like anything of value was lost. I've played Grid and maybe the demo of one of the earlier Dirts, but they're pretty much arcade racers that get boring and monotonous fast. Go play Gran Turismo something, or better yet Live4Speed, those seem to be the only racing games that feel anything remotely similar to driving real cars (at least if you have a wheel & pedals).
  I'm still waiting for some sort of retribution from Steam for cashing in on a stash of high-level loot some random Level 69 pub hack dropped off on us in Borderlands. I grabbed three things out of the pile for the heck of it, and even though I couldn't use them, I sold them for the "Slumskag Millionaire" achievement, and now have more money than the counter can register. Doesn't really matter in the game though, money isn't exactly a limiting factor (loot drops are much better than anything you can buy), and I still run around gathering all the dollar bills for the heck of it. But if I get banned, so much the better, I spend waayy too much time playing games anyway :-P
21. Re:Steam policy on account bans by Anonymous Coward · 2011-09-06 23:37 · Score: 0
  
  Consumer Rights Act begs to differ pal.
  If it appears to be an actual purchase, and behaves like all other actual purchases, then it is an actual purchase - regardless how Valve would prefer it to be treated.
  If I didn't purchase the game from Steam or Valve, then they have no say over whether I can play it or not. If they revoke my access to a game that I purchased (went in to shop, picked up physical copy and paid for it) then they can refund me the amount I paid to the publisher - since its their agreement with the publisher that is causing my access to be revoked.
22. Re:Steam policy on account bans by impaledsunset · 2011-09-06 23:45 · Score: 1
  
  Using the words of their lawyers (e.g. the EULAs) is a great way to describe services of that sort to discredit them, but actually buying their words means that they have won. If I had my account blocked, I'd still sue them, until a judge says so - legal my ass.
23. Re:Steam policy on account bans by TheRaven64 · 2011-09-06 23:46 · Score: 1
  
  If it appears to be an actual purchase, and behaves like all other actual purchases, then it is an actual purchase - regardless how Valve would prefer it to be treated.
  That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree. Any games 'purchased' over Steam come with text that you agree to before the purchase stating that it is not a purchase. If you don't read this... caveat emptor.
  
  If I didn't purchase the game from Steam or Valve, then they have no say over whether I can play it or not.
  
  That's a more tricky situation, however the text is presented when you first install the game makes it clear that you have not, in fact, purchased the game, and instructs you to return it to the shop if you are not happy with this. The shop is required to give you a full refund.
  This case is pretty simple with regard to Valve. The only agreement that they have with regard to the game is the one that you agreed to when you installed it. They can withdraw this service at any time. You are then left with the shiny disk that you purchased. You can return this to the shop as not suitable for the purpose for which sold if Valve withdraws the service from you, but your (legal) disagreement is with the shop that sold it to you, not with Valve.
  
  --
  I am TheRaven on Soylent News
24. Re:Steam policy on account bans by Trigger31415 · 2011-09-06 23:54 · Score: 1
  
  It's true they have 'zero tolerance' for this, but they were forced to retract from another zero-tolerance policy in the past, when their VAC system banned by error 12,000 players of CoD.
  Moreover, another thing needs to be taken in account : with their system of trade of virtual items from Team Fortress 2, a lot of keys were traded. Some people unaware of the leak bought the keys, or received them as gift from 'friends'.
  So, if they ban everyone who entered one of the leaked key, they'll ban inncocent, naïve people.
25. Re:Steam policy on account bans by X0563511 · 2011-09-06 23:55 · Score: 0
  
  Then you reap what you sow.
  Sorry, but you should have known better. Perhaps you do, now.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
26. Re:Steam policy on account bans by Kreigaffe · 2011-09-06 23:59 · Score: 1
  
  They'll have you actually read a number off the video card you purchased.
  It's much more simple than you seem to think it is -- there's little chance someone's going to throw out their brand new video card.
  
  --
  ... still waiting for this free-as-in-beer free beer I keep hearing about. :|
27. Re:Steam policy on account bans by DrXym · 2011-09-07 00:04 · Score: 3, Insightful
  
  You open a support ticket, show proof of purchase and a picture of the media/CD key or whatever they require, and they reallocate the proper CD key back to your account. No biggie.
  No biggie? Legit customers would be treated by default as pirates unless they supplied proof of purchase, and until they did that could risk everything from their account being locked to being perma banned.
  A correct and more sensible option would be for AMD to supply Steam with a list of email addresses of users who registered. Probably 90% of those are using the same email address on Steam and can be eliminated. Then you audit the hardware of the remainder through Steam (and it's already capable of this) and see who is running AMD hardware that the promotion applied to eliminate them too. Then you look for the date that the exploit got into the wild (probably obvious from a graph of # registrations per day) and you eliminate all of them before that date. Finally you're probably looking at a small % of legit owners to track down. You might then mailshot every game owner and tell them the game will be disabled in 10 days unless they run it on the proper hardware and then you eliminate people who do that. Finally you mailshot again and warn them to contact customer service with proof of purchase within 30 days or risk a perma ban.
  Is it a major screwup by AMD? Yes. But Valve and AMD should make all reasonable efforts to not inconvenience legit users. Only as a last resort should a ban or account freeze should be necessary.
28. Re:Steam policy on account bans by trum4n · 2011-09-07 00:12 · Score: 2
  
  Welcome to DRM. It is the ONLY reason i pirate.
29. Re:Steam policy on account bans by AmiMoJo · 2011-09-07 00:14 · Score: 4, Informative
  
  That's what the EULA says, but consumer protection laws override that. In the UK the Sale of Goods Act requires that goods sold be "as described" and "fit for purpose", i.e. if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.
  Contracts can never override your statutory rights, even if you had read and signed it before purchase.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
30. Re:Steam policy on account bans by Hadlock · 2011-09-07 00:16 · Score: 1
  
  They can VAC ban you, which means you can't play certain games on registered servers (i.e. most of them). VAC bans can be for single games, or account wide. You can still open the game and play them in single player/lan mode. That's the least intrusive way. The most intrusive way is locking your account, which is on par with taking away all your toys and stuffing them down the garbage disposal, because you can't even log in to play your single player games or view your steam friends list. Though you can sometimes negotiate with customer service to conditionally unlock your account.
  
  --
  moox. for a new generation.
31. Re:Steam policy on account bans by Joce640k · 2011-09-07 00:23 · Score: 2
  
  Why should people have to take those "5 minutes out of their day to scan something"
  Because they're adults?
  
  --
  No sig today...
32. Re:Steam policy on account bans by delinear · 2011-09-07 00:31 · Score: 2
  
  Exactly, in that case you've trusted yourself entirely to a technology that's proven to fall down at the human level in the past. What's that saying about a fool and his money? I mean, for that matter, what would have happened if the disk was destroyed in a fire in his home before he'd had chance to register it to his account? The insurance probably wouldn't cover it without some proof that the purchase actually took place. It's not fair that customers have to take such steps when the technology should be there to protect them, but that doesn't mean it's not prudent to do so.
33. Re:Steam policy on account bans by GameboyRMH · 2011-09-07 00:42 · Score: 1
  
  That's true in the UK and many other countries but I'm not sure if US law is the same.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
34. Re:Steam policy on account bans by jtownatpunk.net · 2011-09-07 00:50 · Score: 1
  
  Years ago, I bought a Counterstrike Anthology because my new roommate was addicted and wanted me to play. I bought the physical media and was forced to install the Valve client to activate it. I played maybe 20 hours then forgot about it. Tried to play again a year or two later and my account was locked. Jumped thru the hoops like a good dog (write this code next to the activation code for your game and take a picture of it) and they reactivated my account but never explained why it was shut off in the firs place. Again, a few hours of play then I got bored with it. Another year or so later, they gave away a free copy of Portal. Fired up the Steam client and my account was locked AGAIN. So I jumped through the hoops again and got my account reactivated with no explanation.
  That's twice I've been locked out of my content with no warning or explanation and that was an account I was forced to create in order to play a game I bought on physical media in a Brick-n-Mortar store. I'm definitely not a fan of the way Valve/Steam treats its customers.
  OTOH, it's the Wave of the Future(tm)(r)(c). This is the way content will be delivered and this process is still in its Wild West phase. The sad reality is that things won't settle down until enough precedent-setting cases have made their way through the court system. The sellers of content think that they can sell you a revokable license and cut off your access to the content at any time for any reason they want. You know it's bullshit and I know it's bullshit but, until it's declared to be bullshit by SCotUS, we're at their mercy.
  The shitty part is that there are almost no games being published today that aren't subject to some sort of remote kill switch. Even if you're holding a DVD-ROM in your hand, you'll need to be connected to the internet to get your installation blessed (authorized) during the installation at the very least. Likely every time you launch the game as well. Sometimes constant authentication is required. Even for single-player games. But at least "they" can only revoke access to a single key at a time if you go that route.
35. Re:Steam policy on account bans by TheRaven64 · 2011-09-07 01:04 · Score: 1
  
  The Sale of Goods Act applies to sales of goods, not rental of services. Before you buy anything from Steam, it makes it clear in the terms and conditions that you are not actually buying anything. With regards to sale of a boxed game, the Act only applies between the seller and the purchaser. Valve is not one of these entities. They can revoke your copy of the game, and the Sale of Goods Act means that you can sue the shop that sold you the box if they refuse to give you a full refund. You will, however, need to have kept the receipt for the game to be able to prove that you purchased it from them...
  
  --
  I am TheRaven on Soylent News
36. Re:Steam policy on account bans by Xest · 2011-09-07 01:10 · Score: 1
  
  So how does this work where I bought a game such as Dawn of War II as an actual boxed copy but was forced to activate via Steam?
  I do not see how it's my problem to believe that this was an actual purchase. Nor do I think for a second that the courts would disagree in fact.
  I suspect that you are wrong, that in at least some cases such as this it is Valve's problem, they're just playing fast and loose with the law whilst they can get away with it.
37. Re:Steam policy on account bans by Xest · 2011-09-07 01:16 · Score: 1
  
  "That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree."
  That fact EULAs can't trump statutory rights, such as the afformentioned Consumer Protection Act would beg to differ.
  Your argument is basically that Valve can come and murder you, as long as they put that you grant them this right in their EULA. Well, no, actually, they can't. The user not reading it would not act as a defence.
  "The only agreement that they have with regard to the game is the one that you agreed to when you installed it"
  Well, and, you know, that matter of the law that governs both you, the end user, and them, as a company. Let's not forget that elephant in the room shall we?
38. Re:Steam policy on account bans by ZorinLynx · 2011-09-07 01:33 · Score: 1
  
  There's no way to determine the source of a key someone entered.
  What if a friend found the keys on the net, and decided to pretend they're gifting the person a copy of Dirt 3? Boom, suspended account, all because someone thought they were receiving a gift.
  It's a dumb idea to suspend one's entire account for entering a "stolen" key when the key can simply be revoked and the user told that it was stolen. It's the virtual equivalent of throwing someone in jail because a friend bought a stolen laptop at a flea market and gave it to them as a gift.
  Just confiscate the laptop, say "sorry for the inconvenience, blame your friend" and MOVE ON.
39. Re:Steam policy on account bans by nedlohs · 2011-09-07 01:36 · Score: 1
  
  It's a video game, chances are a bunch of them are not adults.
40. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 01:51 · Score: 1
  
  This will become more pertinent if breaches such as the earlier Codemasters one (which saw Xbox/GfW Live account information leaked) leads to a rise in compromised accounts where the user in question hasn't done anything particularly stupid (beyond creating an account with the "wrong" company).
  Unfortunately they've all created an account with the wrong company: Valve. Allowing Steam to be judge, jury and executioner with the power to deny you access to your own property is madness.
41. Re:Steam policy on account bans by FredFredrickson · 2011-09-07 01:57 · Score: 1
  
  I agree with Xest here, the fact of the matter is Steam uses a shopping cart with the word "buy" all over it. I think the manner with which they're treating these licenses -- consumer protection would probably uphold that this is more like property and less like rental.
  
  --
  Belief? Hope? Preference?The Existential Vortex
42. Re:Steam policy on account bans by TheRaven64 · 2011-09-07 02:14 · Score: 1
  
  In this case, as I said in another post, the Sale of Goods Act would apply, but that defines the relationship between buyer and seller, not between buyer and third party. You would be able to return the game to the shop where you bought it and they would be required to give you a refund. Valve is providing you with a service that you agree to when you install the game. They can withdraw this at any time. The product that you bought requires the provision of the service to be suitable for the purpose for which sold, so without the service you can return it. The shop may or may not be able to get the money back, depending on their agreement with their wholesaler.
  It's like buying a mobile phone or mapping GPS locked to a specific provider. If the provider decides to stop offering you the service, then the device is worthless. You may be able to return it to the shop for a refund, but that's between you and the seller, not between you and the service provider.
  
  --
  I am TheRaven on Soylent News
43. Re:Steam policy on account bans by Rakshasa-sensei · 2011-09-07 02:29 · Score: 1
  
  Yes, and since the US is World Police we all must adhere to US law.
44. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:31 · Score: 1
  
  Welcome to the real world, where you often have to fix others injustices towards you. Its life, get used to it.
  
  --
  Good-bye
45. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:32 · Score: 1
  
  Logic fail. If you wanted to be bothered with physical stuff as little as possible you wouldnt be carrying cash.
  
  --
  Good-bye
46. Re:Steam policy on account bans by Xest · 2011-09-07 02:42 · Score: 1
  
  Actually, by law, in the UK, the service provider does now have an obligation to unlock the device for you. Companies like Vodafone recognise this so explicitly now that you can ask before your contract is even up for an unlock code.
  It's really not as clear cut as you think it is. It's a grey area, and I think it's likely a court would side against Valve. Whether the court would have any power to do anything with Valve being based in the US though is a different story I suppose, though few companies would risk isolating any potential business by defying a foreign court.
  I'd honestly be surprised even in the US where consumer laws are weaker if Valve had a case tbh, after a quick Google though it seems no one's dared to try and challenge it in court yet though.
  Fundamentally though you're applying binary logic (which isn't suprising from people who post on Slashdot- that is after all what the community tends to specialise in) to this discussion, and in law it's much less clear cut. There is much more scope for what is generally deemed to be fair regardless of what contract was or wasn't accepted now. It's no longer simply "You signed it, you live with it". This is of course not always a good thing either though as something so arbitrary as "fairness" can work the other way - a year or two back the dogs trust (or some similar charity) was donated around Â£2million in one lady's will, however her daughter contested this in court saying she deserved some, and despite the dogs trust having offered to give her a fair share the court awarded against the dogs trust and took the willed money away from them and gave it to the daughter, personally I think in such a scenario that fucking stinks- clearly the deceased wanted the money to go to charity, not the daughter, but there you have it- the point is, for better or worse, it's not all about the contract anymore as you are proclaiming that it is.
47. Re:Steam policy on account bans by WNight · 2011-09-07 02:44 · Score: 1
  
  Awesome business strategy. Sell something broken and complain about the childish customers who aren't willing to fix it.
  They have an obligation to provide what they said they'd provide. A game isn't anything like "a bunch of hoops involving UPC codes, photos, and ID, then, maybe, a game".
48. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:48 · Score: 1
  
  Jsut shut your pie hole. Dirt was the first GOOD racing game for PC in a LOOONG time. Half the reason i bought consoles in the past was because PCs had shit for driving games. I have Gran Turismo 3-5, they are not that great, especially when you consider Forza.
  
  --
  Good-bye
49. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:50 · Score: 1
  
  you can 'buy' licenses......., your argument falls apart after that.
  
  --
  Good-bye
50. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:52 · Score: 1
  
  Two hours of any competent lawyers time would cost more then my entire investment in Steam. Have fun tilting at windmills....
  
  --
  Good-bye
51. Re:Steam policy on account bans by spire3661 · 2011-09-07 02:53 · Score: 1
  
  Its not your property, its your LICENSES. You dont OWN the game, you license it. Last night a friend gifted me Dead Island. I found the verbage on the gift email quite interesting. "You have been granted a gift SUBSCRIPTION to Dead Island."
  
  --
  Good-bye
52. Re:Steam policy on account bans by Anonymus · 2011-09-07 03:01 · Score: 3, Informative
  
  And as adults they are beholden to fixing AMD's fuck up?
53. Re:Steam policy on account bans by scumdamn · 2011-09-07 03:10 · Score: 1
  
  This is a shitty situation for everybody. The people AMD hired to do their fulfillment didn't do proper security so AMD is left trying to figure out how to not screw over people who bought their hardware, Codemasters now has a bunch of people playing their game for free and Valve has a support nightmare. Handling transactions on the web really shouldn't be this hard but apparently it is and you have to do your due diligence when picking an agency to handle data on the web.
54. Re:Steam policy on account bans by TheRaven64 · 2011-09-07 03:35 · Score: 1
  
  Actually, by law, in the UK, the service provider does now have an obligation to unlock the device for you.
  
  Yes, because a law was specifically passed in this area. Before this law was passed, they did not have to.
  
  however her daughter contested this in court saying she deserved some
  Again, in the UK there are specific laws covering how little you can leave to your surviving relatives. If a will violates these, it can be overturned in it entirety and it acts as if you died intestate. It's completely irrelevant in this case, because you're talking about an area with very specific laws.
  
  --
  I am TheRaven on Soylent News
55. Re:Steam policy on account bans by jandrese · 2011-09-07 03:42 · Score: 1
  
  They could also revoke everyone using the key on a machine with an nVidia graphics card (or Intel).
  
  --
  
  I read the internet for the articles.
56. Re:Steam policy on account bans by adam.dorsey · 2011-09-07 03:59 · Score: 1
  
  Because no one plays their Steam game on two different machines, perhaps a PC (with the AMD graphics card) and a laptop (with a different graphics card).
  
  --
  You are still innocent until proven guilty. What's changed is what they do to innocent people. - notnAP, #26891325
57. Re:Steam policy on account bans by idontgno · 2011-09-07 04:05 · Score: 1
  
  Because, you know, no one would every buy an AMD video card for one machine but install the game on another machine, one with an nVidia card.
  Unless, of course, there's some secret codicil to the license of the "free" version of the game restricting it to use with an AMD product... which would be so blatantly improper product tying that even Microsoft would facepalm.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
58. Re:Steam policy on account bans by idontgno · 2011-09-07 04:11 · Score: 1
  
  So, if they ban everyone who entered one of the leaked key, they'll ban inncocent, naÃve people.
  Which, of course, Valve won't care the slightest about, unless there's some serious PR blowback. All of which will happen well after the fact.
  Bans of mass destruction in 5... 4... 3...
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
59. Re:Steam policy on account bans by Cyfun · 2011-09-07 04:55 · Score: 1
  
  Makes you wonder if the list included any or all of the current Dirt 3 owners. Could they be banned for using a key that was later posted on the innernet? Any Dirt 3 owners on here who could search the list to see if their key is in it?
  
  --
  In Soviet Russia, dot slashes YOU!
60. Re:Steam policy on account bans by WNight · 2011-09-07 05:00 · Score: 2
  
  And your prickish attitude is why I crack everything I buy. It's bad enough shelling out $60 for a buggy product, but to jump through a bunch of hoops to have some monkey tell me it's defective by design is unbearable.
  I bought a Blizzard game (WC2 era) and it wouldn't run because I had a CD burner. I emailed Blizzard and asked for a workaround - they suggested I buy a new CD drive (then $80 or more). I suggested a crack, they told me it'd be illegal, I told them knowingly selling a defective product was illegal... It stalled there.
  Now I don't buy a game (a big title with DRM - Indie Bundle stuff is different) until working cracks are available. Especially as I like to replay games (years later, in emulators, under wine, etc) and DRM is ridiculously fragile.
61. Re:Steam policy on account bans by X0563511 · 2011-09-07 05:10 · Score: 1
  
  I'm not sure where "throwing out the physical media" comes into this. My point was you would be stupid to do so, saving only the key, and if you did so and it burned you, then it's your own fault.
  DRM doesn't come into this at all, since you wouldn't have kept a backup copy to begin with. Unless you refer to the digital copy you might keep, which I do have to say... if you can't keep the digital copy, keep the physical one PRECISELY because you can't! If you have your digital copy, then really what's the problem?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
62. Re:Steam policy on account bans by sabt-pestnu · 2011-09-07 05:14 · Score: 1
  
  > if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.
  If you got the box for free, your "money back" is "nothing".
  If you paid for the box, the cost of the box (relative to the lawsuit required to enforce your rights) is negligible. Although in the UK, you might also have a "loser pays" legal system....
63. Re:Steam policy on account bans by AmiMoJo · 2011-09-07 05:21 · Score: 1
  
  Small claims court, Â£30 to set up, loser pays and you get time off work and travel expenses too. Generally it isn't necessary though, most retailers will honour their legal obligations.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
64. Re:Steam policy on account bans by AmiMoJo · 2011-09-07 05:27 · Score: 1
  
  Before you buy anything from Steam, it makes it clear in the terms and conditions that you are not actually buying anything.
  No judge would ever accept that. That has been tested in court. Some ringtone sellers were actually signing people up to a monthly service but fell foul of the law.
  If companies could get away with that then nothing would ever be sold to anyone, just rented indefinitely.
  You are correct in saying that you would get a refund from the shop, who would then be rather upset with their supplier who in turn would be upset with Valve. However you don't have to have the receipt, merely proof that you bought it from that shop. A credit card statement is usually enough, or you can ask for CCTV footage from the shop itself. Often the shops put their own price stickers on the box anyway, which is enough to meet the legal requirement of "balance of probabilities".
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
65. Re:Steam policy on account bans by WNight · 2011-09-07 05:28 · Score: 2
  
  A correct and more sensible option would be [...] email addresses of users who registered [...] audit the hardware of the remainder through Steam (and it's already capable of this) [...] a small % of legit owners to track down [...] mailshot every game owner [...] game will be disabled in 10 days [...] proper hardware [...] mailshot again [...] proof of purchase within 30 days or risk a perma ban.
  Oh yeah, that sounds like a simple, non-intrusive, and useful plan. What could go wrong?
  At this point they're looking at a PR nightmare. One wrong permaban could keep this in gamer news for months, influencing a lot of purchases.
  They should go the other way with it. Say that it's too bad some people have to try to spoil things, etc, but that it's important to not let that happen and as such release the game free to all Steam users who have any AMD GPU or CPU without any further checks. That way absolutely nobody would be wrongfully denied and their other Steam-using customers would get a freebie just for having an AMD product.
  It should be easy to do. Most of a game's sales come in the first few months. Negotiating a larger giveaway after that spike in sales (if there is one) should be pretty cheap as the publisher is looking to bargain-bin it at that point anyway. It'd probably cost AMD less than other ad campaigns and seeing a company trying to make things right instead of pointing the finger would be a better ad - to me - than more bogus benchmarks.
66. Re:Steam policy on account bans by Golddess · 2011-09-07 05:37 · Score: 1
  
  Why should people have to take those "5 minutes out of their day to scan something"
  Because they're adults?
  Ok. So why can't the same be said of AMD? Do adults not run that company?
  
  --
  "I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
67. Re:Steam policy on account bans by rwa2 · 2011-09-07 05:54 · Score: 1
  
  Heh, I won't argue that there's a dearth of driving sims, period. The passenger giving you pointers for speeds to take the next turn in Dirt was a nice touch, but actually controlling the cars felt more like sledding than driving; I'd just as soon be playing tuxracer :-P I bought Grid because it got fairly good reviews and worked with my Logitech G25 wheel (yeah, the PS2 + GT4 I picked up a few years ago was merely an accessory for the wheel), but it still feels more like an arcade racer than a sim.
  I'm still looking for a nice driving sims (not necessarily racing), and I really like the lessons and challenges from GT and L4S that focus on your understanding of the physics. Never played with Forza, so far the only PC sims I really enjoyed toying around with were L4S and the EuroTruckSim demo. I do enjoy the occasional arcade racer, but those tend to be much less serious fun/puzzle/twitch games suited for the control pad, like Burnout or Trackmania.
68. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 06:15 · Score: 0
  
  this is NOT true in the US, it's a license here and they can revoke it (and do) at their whim, per all those nice little "I agree" thingys you clicked while signing up for steam :)
69. Re:Steam policy on account bans by KingMotley · 2011-09-07 06:15 · Score: 0
  
  Nothing illegal about product tying -- unless you are a monopoly, and using the monopoly power to gain an advantage in a different market.
  Or you are in a 2nd rate country, like the EU.
70. Re:Steam policy on account bans by nedlohs · 2011-09-07 06:35 · Score: 2
  
  The EU is a country?
  Man, things just keep changing...
71. Re:Steam policy on account bans by Xest · 2011-09-07 06:59 · Score: 1
  
  "Again, in the UK there are specific laws covering how little you can leave to your surviving relatives. If a will violates these, it can be overturned in it entirety and it acts as if you died intestate. It's completely irrelevant in this case, because you're talking about an area with very specific laws."
  This is completely false, there is no such law, it was entirely based on a judicial decision.
72. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 07:02 · Score: 0
  
  You're saying I can't get kicked out of a movie theater in the UK?
73. Re:Steam policy on account bans by Darinbob · 2011-09-07 07:46 · Score: 1
  
  But Steam is first and foremost about DRM. That means you never purchase a game from them and end up owning it, you only rent them for an unspecified duration of time (presumably until they go out of business). Now if the box says "free access to download a DRM restricted game" then it'd be up front and honest, but if it said "free game!" then it'd be lying.
74. Re:Steam policy on account bans by DrXym · 2011-09-07 08:01 · Score: 1
  
  I didn't say it would be easy, but it would have to be what they do if they don't want to treat their customers as pirates. I'd note that requiring all potentially 1 million+ registrants to contact customer service as the GP suggested would likely be MORE work than this way would be. A few largely automated processes would whittle the list of probable pirates down to a fraction.
75. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 08:02 · Score: 0
  
  That's not 100% full proof. What if I buy that AMD hardware but decide to use the game on a different PC? Then my audit wouldn't show that I am legit when I actually am.
76. Re:Steam policy on account bans by FredFredrickson · 2011-09-07 08:35 · Score: 1
  
  Right, my point is that steam uses the word "buy" in their store.
  
  --
  Belief? Hope? Preference?The Existential Vortex
77. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 09:05 · Score: 0
  
  Your first rate education system teach you the EU is a country? Retard.
78. Re:Steam policy on account bans by flowwolf · 2011-09-07 11:13 · Score: 1
  
  It's a little different of a situation when the keys published on the internet come from a recognized partner. AMD leaked their legitimate keys. This wasn't some illegal collection of keys. I'm sure action will be taken on any accounts that used one of these keys, but I dont think steam would suspend their account permanently. The context of this problem is entirely different than the one their zero tolerance policy describes.
  
  Does anyone have any leads on what steam is doing in regards to anyone who obtained one of these keys? Its definatly a tricky situation for them, as man of these keys leaked were shipped with amd graphic cards already.
79. Re:Steam policy on account bans by theArtificial · 2011-09-07 13:36 · Score: 1
  
  It's a video game, chances are a bunch of them are not adults.
  You may be surprised.
  
  --
  Man blir trött av att gå och göra ingenting.
80. Re:Steam policy on account bans by exomondo · 2011-09-07 13:51 · Score: 1
  
  Why should people have to pay for others mistakes? Why should people have to take those "5 minutes out of their day to scan something", in order to correct a situation they weren't involved with? It's insane to think the customers have to "foot the bill", so to speak, to clean up after AMD's fuck up.
  Yeah, let's get a class action lawsuit happening...or you could just spend the 5 minutes and fix it, what is with the 'oh i was slightly inconvenienced, i must be compensated' entitlement attitude?
81. Re:Steam policy on account bans by exomondo · 2011-09-07 13:56 · Score: 1
  
  Or you are in a 2nd rate country, like the EU.
  lol
82. Re:Steam policy on account bans by Anonymous Coward · 2011-09-07 14:18 · Score: 0
  
  No, it's a group of 2nd rate countries.
83. Re:Steam policy on account bans by exomondo · 2011-09-07 15:19 · Score: 1
  
  They'll have you actually read a number off the video card you purchased.
  It's much more simple than you seem to think it is -- there's little chance someone's going to throw out their brand new video card.
  oooh but you're forgetting that in addition to me paying cash, discarding proof of purchase and throwing away the disc i also discarded everything that came with my video card and succumbed to my penchant for spray painting my hardware and thus being unable to read any numbers from the video card...so now what do i do? ;)
84. Re:Steam policy on account bans by nedlohs · 2011-09-07 15:27 · Score: 1
  
  You seriously think that none of them would be children just because the average age happens to be in the 30s?
  if not, then why would you think I'd be surprised? The use of the words "a bunch" rather than "they" didn't give any hints?
85. Re:Steam policy on account bans by exomondo · 2011-09-07 15:31 · Score: 1
  
  Makes you wonder if the list included any or all of the current Dirt 3 owners. Could they be banned for using a key that was later posted on the innernet?
  I'd say it would be pretty easy to determine who registered their key before and after the leak.
86. Re:Steam policy on account bans by Kalriath · 2011-09-07 17:00 · Score: 1
  
  Fuck that.
  What's good for the goose is good for the gander.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
87. Re:Steam policy on account bans by KingMotley · 2011-09-08 00:41 · Score: 1
  
  No, it didn't. First of all, the EU didn't exist when I was in school. Second of all, yes, I knew the EU isn't a country, but the retards that made slashdot forgot to add an edit, and instead of replying to myself, I assumed that most people (minus the oversensitive EUians) would figure it out. Sorry you got butthurt.
  For all the butt hurt EUians, "Or you are in a 2nd rate country full of butt hurt people, like those from in the EU".
88. Re:Steam policy on account bans by Anonymous Coward · 2011-09-08 01:03 · Score: 0
  
  You do realize what you said makes absolutely no sense at all. How does that even apply?
89. Re:Steam policy on account bans by WNight · 2011-09-08 01:50 · Score: 1
  
  DRM comes into it because it's what keeps you from making a HD-backup of a CD or DVD (and having it work).
90. Re:Steam policy on account bans by Kalriath · 2011-09-08 13:01 · Score: 1
  
  It makes perfect sense. If one organisation is not allowed to tie products together, neither should any other.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Uuuuh by Anonymous Coward · 2011-09-06 20:25 · Score: 0

No word from AMD [...] yet
(later)
AMD confirmed that a leak did occur
1. Re:Uuuuh by game+kid · 2011-09-06 20:39 · Score: 1
  
  AMD is a very open company. It's just that its AMD division can be quite secretive sometimes.
  
  --
  You can hold down the "B" button for continuous firing.
2. Re:Uuuuh by c0lo · 2011-09-06 21:12 · Score: 1
  
  AMD is a very open company
  Given the 1.7 mils of key that leaked, I tend to agree with you. Except that "AMD is a very cracked company" describes better the situation.
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
Not exactly "AMD leaks"... by Ecuador · 2011-09-06 20:25 · Score: 1

The keys were on a site kept by a 3rd party fulfillment partner that had really bad security (or really great lack of it if you prefer)...

--
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
1. Re:Not exactly "AMD leaks"... by mitashki · 2011-09-06 20:27 · Score: 0
  
  Or perhaps they have left out .htaccess on purpose? ;)
  
  --
  "When all you have is a hammer, everything starts looking like a nail."
2. Re:Not exactly "AMD leaks"... by ZeroExistenZ · 2011-09-06 20:43 · Score: 1
  
  Or perhaps they have left out .htaccess on purpose? ;)
  "Officer, he left his cardoors open on purpose. I entered just to take his laptop because he was offering it to me."
  
  --
  I think we can keep recursing like this until someone returns 1
3. Re:Not exactly "AMD leaks"... by Anonymous Coward · 2011-09-06 21:01 · Score: 0
  
  The difference is that a web server is a publication method. It's designed to offer you things to download.
  It's reasonable to assume that anything you can reach on a web server is something the owner is OK with you having.
  There's no reason to put something in a web server's public_html directory that you don't want people to download...
4. Re:Not exactly "AMD leaks"... by Anonymous Coward · 2011-09-06 21:14 · Score: 0
  
  It is a publication method, provided you have published the url. If there was never a public link to the specific directory, it was not publication.
5. Re:Not exactly "AMD leaks"... by Anonymous Coward · 2011-09-06 21:19 · Score: 0
  
  That's a bad analogy, as it is a web server's explicit purpose to make unprotected documents available to the public.
6. Re:Not exactly "AMD leaks"... by Anonymous Coward · 2011-09-06 22:48 · Score: 0
  
  And cars are designed to let people get in and drive them. It even protects them in the event of an accident, even if they're not the owner.
Big Deal, the keys were easy to get anyway. by Anonymous Coward · 2011-09-06 20:27 · Score: 0

Just order a card of Amazon and return it when you receive it. You should have the game key which is sent out promptly after the purchase.
My car got stolen by atari2600a · 2011-09-06 20:27 · Score: 1

turns out I left the keys in the ignition, the door wide open with a bright giant neon sign on the windshield that said FREE CAR, & the title was in the glove box already signed off for sale at $0 (just in case).
1. Re:My car got stolen by Anonymous Coward · 2011-09-06 23:43 · Score: 0
  
  Actually, it's more like that just happened at the local car rental place, and thousands of cars were driven off. What's worse, those cars were already reserved by their legitimate customers. The customers looking for their cars are rather annoyed.
.htaccess exploit? by Anonymous Coward · 2011-09-06 20:31 · Score: 0

"The codes were discovered in a .sql database and accessed with a simple .htaccess exploit. "
How does failure to type
touch .htaccess
filling it's contents with
DENY FROM ALL
become an exploit? Please explain or please be fired for incompetence.
1. Re:.htaccess exploit? by Anonymous Coward · 2011-09-06 21:56 · Score: 0
  
  Indeed, the lack of any .htaccess protection on the files is not an exploit, any more than walking through an unlocked door is "exploiting" lock technology.
Wow by atomicbutterfly · 2011-09-06 20:41 · Score: 1

We've got some real morons working in the security area of the gaming industry.
1. Re:Wow by Krneki · 2011-09-06 21:35 · Score: 1
  
  It always amaze me how people know the problem without even looking into the details.
  
  Security costs money and if no one is willing to pay for it, who will deploy it?
  
  --
  Love many, trust a few, do harm to none.
2. Re:Wow by delinear · 2011-09-06 21:59 · Score: 1
  
  Given the industry's reputation for overworking and underpaying, I can't say I'm that surprised. The real problem is they all seem to get away with it, on the whole customers don't care unless it has a direct negative impact on them, and even then if it's too much effort to go elsewhere they don't seem to care. It seems to be the herd mentality at work, there are so many users/purchasers that everyone thinks it won't be them that gets hurt... right up until it is.
3. Re:Wow by mlts · 2011-09-07 02:56 · Score: 1
  
  The gaming industry has been a race to the bottom now for a number of years. We have seen this in the way game releases have been done, where quality essentially has gone from a true release version to quality equal to an early beta, then if you are lucky, get a patch that gets the game to a late state beta in terms of bug fixes and such. If you are unlucky, the game remains unplayable, and a waste of the $70 you plunked down.
  I'm not surprised at all about the lack of security. Most businesses provide at best lip service when it comes down to locking down data.
  It wouldn't have taken much to have done this job right. One quick example follows:
  Step 1: Generate the keys using a cryptographically secure PRNG. This can be as simple as pulling bytes from /dev/random (not /dev/urandom) and putting them in a format for a CD key. Make sure the format of the key is one that can be checked to be valid (check digit, 16 bit CRC, etc.)
  Step 2: Keep the actual keys on a separate database and machine. The only use for the actual keys will be to print, one by one, and put on physical cards, or to e-mail to people. So, controls can be put into place to limit access to the keys to which ones are not used and which ones have been used.
  Step 3: Store a hash of the keys in a separate database, the same way you store passwords, preferably hashed with a salt and run through a number of encryption rounds to deter brute force guessing. At the minimum, SHA-256 the key and store the hash.
  Step 4: For local checking, the game can use the CRC to make sure a CD key is valid. Then pass it to the server via TLS for vetting on that end.
  This way seems roundabout, but all the servers need to validate the key is the hash. The actual key material never really needs to be accessible by anyone other than to print out key cards, install the keys in Steam, and to send keys via E-mail for electronic registration. Generating keys via a cryptographically secure RNG means that a keygen can't be used, other than a key that passes the check digit test. This method may not be perfect, but it keeps raw key material out of the hands of all but the most sophisticated attackers.
4. Re:Wow by scumdamn · 2011-09-07 03:13 · Score: 1
  
  Agency. It's an agency. Look at the whois for AMD4U.com.
Keep internal files outside DocumentRoot by Anonymous Coward · 2011-09-06 20:44 · Score: 0

It's not that hard to do it right. Proper file permissions would've worked too, as would prefixing the names with ".ht" or even denying the location in a reverse proxy. TRWTF is suggesting .htaccess as the solution, it's bad practise and should be avoided. Don't rely on having Apache httpd and don't rely on it to accept your .htaccess, I never configure Apache to do that. Configuration goes in /etc, served-up content goes in /var/www/whatever.
Also, advertising companies often employ a "PHP guy" who will fire up Adobe Dreamweaver to write a "quick script" for you. To give you an idea of how terrible this is, more often then not they see "chmod 777" as a solution for permission denied errors. It's shit like that which causes dead simple hacks like the one in the linked article.
You should be allowed to use these keys by Anonymous Coward · 2011-09-06 20:46 · Score: 0

There should be a law that ensures that when a person or company leaves something open for being accessed by anyone, then anyone has the right to use it.
And before you ask, yes, when someone does not lock the door of his house or car, anyone should be allowed to enter besaid house or car and replicate anything inside with his personal replicator. Oh wait, there is no personal replicator? I guess then the analogy is flawed....
1. Re:You should be allowed to use these keys by MischaNix · 2011-09-06 20:56 · Score: 1
  
  Because laws are made in the interests of those without money? Right...
2. Re:You should be allowed to use these keys by GigaplexNZ · 2011-09-06 21:32 · Score: 1
  
  Oh wait, there is no personal replicator? I guess then the analogy is flawed....
  I'm pretty sure the keys are single use, so the "it's not stealing because it's only a copy" style argument doesn't work in this case.
3. Re:You should be allowed to use these keys by logjon · 2011-09-07 02:19 · Score: 0
  
  Good Lord, you're right! Where, oh where will they ever get more NUMBERS when they run out?
  
  --
  The stories and info posted here are artistic works of fiction and falsehood.
  Only fools would take it as fact.
Finally backfired? by PhunkySchtuff · 2011-09-06 20:50 · Score: 1

Why has this "finally backfired" - in what way was this an accident waiting to happen? What was it about the promo that leads the submitter to believe it was set up to fail from the start?

--
Specialist Mac support for creative pros, Melbourne
1. Re:Finally backfired? by hairyfeet · 2011-09-06 22:23 · Score: 1
  
  Well for one thing Codemasters has already been hacked recently. I got one of those "Hi, we've been pwned! Please change any passwords that you used and we hope you didn't use them anywhere else! kthnksbai" from Codemasters. So their record on security wasn't great to start with.
  Second of all and slightly OT, but why Dirt? Ever since the Intel bribery scandal I've been buying nothing but AMD yet that promo was a giant turn OFF for me, can't think of any of my customers that would give a crap either. All the racing guys I've known played NASCAR or GT on consoles, is PC racing even the tiniest bit popular? They couldn't give us a shooter or RTS?
  So while i'm sorry you got bit in the ass AMD i'm just glad none of my customers are having to deal with this mess, because the ones that qualified don't care about Dirt. hell if you want to show off your GPU make a deal with the guys that make Just Cause II. Watching those oil towers blow up in glorious DirectX 10 mode was well worth my card upgrade. Anytime I want to sell a customer on a GPU upgrade all I have to do is fire that game up and start blowing shit up. All those fireballs and ragdolls filling the screen and they always go "oooohhhhh...that's so damned cool!".
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
2. Re:Finally backfired? by goose-incarnated · 2011-09-07 01:03 · Score: 1
  
  Wait, what? You're comparing the least-skilled racing (nascar) with the most skilled racing (rally)? Whats wrong with this picture?
  
  --
  I'm a minority race. Save your vitriol for white people.
3. Re:Finally backfired? by spire3661 · 2011-09-07 02:59 · Score: 1
  
  Dirt 1 brought racing back to the PC, thats why. Any racing 'guy' that plays Nascar is jsut sad. Not only is PC racing popular, but they also have the best setups. Triple screens and very nice steering wheels/pedals
  
  --
  Good-bye
4. Re:Finally backfired? by hairyfeet · 2011-09-08 00:43 · Score: 1
  
  Riiight, because those with triple screens and steering wheels are totally the big market in PC gaming. Why I bet they are a whole 1/18th of 1% of the market! Meanwhile look at the numbers on the latest FPS and RTS games, Dirt on its best day would kill yo mama for those kinds of numbers.
  Non console racing has always been a teeny tiny niche, like non console sports. That is why EA doesn't even bother with PC versions of that those categories anymore, as they said there simply wasn't enough money in the PC to make it worth it. Racing and other competitive sports are more fun with a bunch of buds around so you can trash talk as you run them into a wall, simple as that. FPS is MORE fun away from your buds, so they can't see where you are getting ready to pwn their asses, and with RTS you don't want them seeing you are loading up on tanks before you roll them down their throats.
  It is just the way the games are designed, that's all. But triple screen gaming, no matter how badly AMD wishes it weren't, is just a teeny blip on the radar. Last Steam poll I saw had multi monitor at less than 2% of the total gamers. When you are trying to entice folks to buy expensive hardware appealing to less than 2% of the market really ain't the smartest of moves, but considering AMD went nearly a year without a CEO and have let Intel get away with some pretty illegal shit with the compilers sadly as much as I like the company dumb shit like TFA from AMD really don't surprise me, and this is from someone who has been selling AMD exclusively for nearly 3 years now.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Statement from Codemasters by Anonymous Coward · 2011-09-06 20:53 · Score: 0

Via Kotaku:

"You may have heard this weekend, activation keys for free Dirt 3 game vouchers shipping with a few AMD products were compromised. The keys were hosted on a third-party fulfillment agency website, AMD4u.com, and were not on AMD's website. Neither AMD nor Codemasters servers were involved.
We're working closely with everyone to address the situation. AMD will honor all valid game vouchers, but just a heads up, the current situation may result in a short delay before the vouchers can be redeemed."
Doubt any ban will occur by Anonymous Coward · 2011-09-06 20:58 · Score: 0

With that huge of a leak, they will probably invalidate the keys and remove the game from the list of people who used the leaked keys.
Bans unlikely by Anonymous Coward · 2011-09-06 21:09 · Score: 0

Steam account bans are unlikely to happen, although Valve can ban you if they so choose. I registered a Metro 2033 cd key a few months ago when Nvidia had a similar promotion and goofed up in a similar way. The game simply disappeared from my Steam library the next day.
It is very worrisome that they have the power to revoke access to all the games you legally acquired, but they have not yet exercised this power in these circumstances.
Is it really a 'leak' ? by unity100 · 2011-09-06 21:25 · Score: 1

after apple losing their prototype a SECOND time, in the exact SAME fashion they did last time, and sending goons to look for it in exact SAME fashion, i dont trust any such stuff. - wait, apple goons told that they were from SF police dept this time - thats something new.

cant this be something to make people download dirt, get them hooked ?

--
Read radical news here
Can't be the first time by jeti · 2011-09-06 21:25 · Score: 1

When I bought my Radeon HD 5770 something like a year ago, it contained a Steam code for Dirt 2. When I tried to register it, the code had already been used.
1. Re:Can't be the first time by Ogive17 · 2011-09-06 23:24 · Score: 1
  
  When Steam was first in its' infancy, I received a code for a free version of Half-Life 2 due to purchasing a specific vcard. The game was not yet released at the time and Steam never gave me a copy of the game when it did release.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
2. Re:Can't be the first time by Anonymous Coward · 2011-09-06 23:49 · Score: 0
  
  That was probably just unscrupulous shop staff opening the box. Not like anyone's going to be able to prove it when they can shrink-wrap it up again.
3. Re:Can't be the first time by spire3661 · 2011-09-07 03:04 · Score: 1
  
  I DID get my free copy of HL2. The code came on a card that came with the 9600 pro i bought. I held onto that code for over a year. ( this was during the period where Valve delayed the release for a year.) Worked perfectly on HL2 launch day. It is still listed in my Steam purchase history as "ATI Bundle"
  
  --
  Good-bye
4. Re:Can't be the first time by Anonymous Coward · 2011-09-07 03:33 · Score: 0
  
  Me, too! I do have an extra HL2 now, though, since I bought the Orange Box.
5. Re:Can't be the first time by zippthorne · 2011-09-07 11:27 · Score: 1
  
  ATI Radeon 9something XT?
  I got my free copy. IIRC there was a time limit on the giveaway that started when HL2 was released. I remember not paying close enough attention and almost missing the window. Is that what happened to you?
  
  --
  Can you be Even More Awesome?!
Leak my foot! by warp_kez · 2011-09-06 21:27 · Score: 1

They are pissing blood!
This is going to suck for legitimate owners for sure.
'Zero tolerance policy' - i find this funny ... by unity100 · 2011-09-06 21:29 · Score: 1

when companies' clueless legal departments produce bullshit like this, it is a hilarious read. like, how there was endless crap surrounding assassin's creed 2 regarding its drm, and the tough talk and bullshit from ubisoft. what happened in the end ?

you cant force or coerce 'the people'. they are many. they eventually do what they see fit. it is much better for a company to tell their legal department - which are proven to be totally clueless about how things work on the internet btw - to shut the fuck up, and handle their consumer relations more carefully. (not leave it to marketing dept. goons either - they screw it up so grandly in another way).

--
Read radical news here
1. Re:'Zero tolerance policy' - i find this funny ... by Co0Ps · 2011-09-06 22:25 · Score: 3, Interesting
  
  I got PERMANENTLY banned from the steam forums for simply stating that piracy exists and people pirate games. Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.
2. Re:'Zero tolerance policy' - i find this funny ... by GameboyRMH · 2011-09-07 00:28 · Score: 3, Informative
  
  Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.
  I think this also explains how people who are normally anti-DRM see Steam as acceptable.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
3. Re:'Zero tolerance policy' - i find this funny ... by flowwolf · 2011-09-07 11:07 · Score: 1
  
  There's defiantly more to this story that "simply stating piracy exists". Getting banned from a forum is also no big deal. You can make a new forum account very easily. There are clear rules there that say do not talk about piracy. It is a reasonable request. You got banned because you defied their request, not because they're pretending the issue doesn't exist. Policy is policy.
4. Re:'Zero tolerance policy' - i find this funny ... by atomicbutterfly · 2011-09-07 13:07 · Score: 1
  
  Not all mods are created equal. I've noticed that the majority of moderators on the Steam forums (at least the most active ones anyway) are total Valve fanboys who don't see anything Valve does as wrong, and some of them are also quite paranoid at leaving anything controversial open for discussion. Bans are not uncommon if you try to open discussion regarding taboo subjects such as piracy - they won't even bother reading the comment, they'll just ban first and not ask questions later.
This isn't the first time, is it? by DarkXale · 2011-09-06 21:56 · Score: 1

I seem to remember a very similar type of incident a year or two ago - although for what game I can't remember. It did involve Steam though, again.
WTF? by Megane · 2011-09-06 22:05 · Score: 5, Insightful

The reason access to all these keys has been granted is due to a lack of .htaccess on AMD’s site.
What's all this stupid talk about .htacess anyway? Those are the kind of files that should not be below a web server's DocumentRoot in the first place. The reason access to all these keys has been grated is because some moron put them in a live area of the web server where they didn't belong.

--
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
1. Re:WTF? by Anonymous Coward · 2011-09-07 02:19 · Score: 0
  
  and as the article says, it wasn't AMDs site, it was the site owned by a third-party fulfillment center
2. Re:WTF? by bill_mcgonigle · 2011-09-07 02:23 · Score: 1
  
  That's what happens when you let stories be written by some guy with a $9 web hosting account.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
3. Re:WTF? by Anonymous Coward · 2011-09-07 04:27 · Score: 0
  
  That's what happens when a developer has to bend over a take it from the Marketing Department or face the wrath of Human Resources for failure to accomplish an unrealistic goal that the marketing department dreamed up.
4. Re:WTF? by Dhalka226 · 2011-09-07 06:21 · Score: 1
  
  I don't know what kind of anti-corporate nonsense rant this was supposed to be, but there is nothing unrealistic at all about providing a CD key you've been supplied when given proof of purchase of a graphics card, and certainly nothing unrealistic about securing those keys by not putting them in the fucking web root.
  You could whip up a nicely secure front-end for getting a key in less than an hour, easy. How much more complicated it gets beyond that largely depends on how "proof of purchase" is determined and to what degree things are automated.
5. Re:WTF? by Anonymous Coward · 2011-09-08 17:10 · Score: 0
  
  And they were also stored in plain text txt files. Also, when you googled the webpage, the directory tree was one of the listings
It's a shame... by peterb · 2011-09-06 23:54 · Score: 1

It's a shame that they didn't leak the keys for a game that someone actually wants to play.
KEygen in 3....2....1 by Lumpy · 2011-09-07 00:06 · Score: 1

That many keys will guarantee a keygen is butt easy to make.

--
Do not look at laser with remaining good eye.
1. Re:KEygen in 3....2....1 by Anonymous Coward · 2011-09-07 01:42 · Score: 0
  
  That many keys will guarantee a keygen is butt easy to make.
  Really? How's that work, when the keys all have to be validated against Valve's servers before use?
2. Re:KEygen in 3....2....1 by Anonymous Coward · 2011-09-07 02:08 · Score: 1
  
  dirt3Keygen() {
  return arrayOfOnePointSevenMillionKeys.pop();
  }
3. Re:KEygen in 3....2....1 by flimflammer · 2011-09-07 04:24 · Score: 1
  
  I'm pretty sure when it comes to online activation, all game developers keep their own lists like this which blocks out anything but keys in the list, which makes keygen keys invalid.
  Not that keygen writers actually need a list of keys to reverse engineer the key structure. They just analyze the code that checks the key in order to figure out how to generate keys that will validate the installer key check.
4. Re:KEygen in 3....2....1 by marcosdumay · 2011-09-07 05:24 · Score: 1
  
  If they use good crypto, it won't help at all.
  Not that I expect them to use good crypto. It seems everybody fails to do so, even when all the algorithms and code are freely available for everybody (or maybe the problem is really that the algorithms and code are freely available for everybody, some people simply like to pay for things).
  
  --
  Rethinking email
5. Re:KEygen in 3....2....1 by Anonymous Coward · 2011-09-07 09:57 · Score: 0
  
  About as "butt easy" as reversing a cryptographic hash, if they used two brain cells to produce the keys. Good luck with that.
Ban? by gmerideth · 2011-09-07 00:17 · Score: 1

In the case that x million keys were used, would Steam really ban x million of its own clients and lose all of that ongoing revenue just for AMD?

--
Why do overlook and oversee mean opposite things?
Lost steam.. will carpool by Anonymous Coward · 2011-09-07 00:24 · Score: 0

Bad puns aside.. I have a personal beef with Steam so I am biased, but to me the policy and company approach seems arrogant. Words like 'zero tolerance' and 'user's possession' are quite naturally what people got used to over the past with years, what with the war on terror, war on drugs, war on poverty and now ( announced by the unions of all places btw) war on jobs and war on rebublicans. Not that it makes it any more palatable.
More to the point, I dislike bundling, I especially dislike Steam who has already shown they are willing to penalize the customer if it does not fit into their grand scheme of controlling all known universe. Had I my code invalidated by this I would be whining to their support reps right now.
As it is now, I am whining, but about their BS deus ex 'bundling' with Gamestop.
But.. in the end, I am stopping to care about this. I have decided after the deus experience that I am done with games. Done with their lawyers, CEOs, EULAs and publicly traded companies that all treat me like a farm animal. I am also doing my best to convince my friends to drop Steam aka The Good DRM.
Short version. Meh you Steam.
ps. I know the story is more about amd than steam, but amd rarely disappointed me thus far. steam has
1. Re:Lost steam.. will carpool by VGPowerlord · 2011-09-07 01:48 · Score: 1
  
  As it is now, I am whining, but about their BS deus ex 'bundling' with Gamestop.
  The GameStop Deus Ex fiasco involved Square-Enix and OnLive. Valve/Steam had nothing to do with it.
  Also, in case you missed it, GameStop owns one of Steam's competitors, Impulse, which was why this whole fiasco between them and OnLive happened in the first place.
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
2. Re:Lost steam.. will carpool by FredFredrickson · 2011-09-07 02:08 · Score: 1
  
  My big gripe with steam was one day, they were running an amazing deal, but it was for 24 hours only. I spent the entire day getting "declined" messages when trying to charge my credit card. But there was a catch- my card was working fine and had plenty of cash. I looked it up and various people also had the same issue. It appears some accounts that weren't all that active were marked high risk and would decline transactions no matter what credit card was used during the sale. Immediately after the sale, my card started working again, but I didn't get the sale price.
  
  I haven't seen the issue since, but I don't put a lot of stock in steam.
  
  --
  Belief? Hope? Preference?The Existential Vortex
Better Question by Anonymous Coward · 2011-09-07 00:32 · Score: 0

Who plays DiRT?
1. Re:Better Question by Stormwatch · 2011-09-07 03:54 · Score: 1
  
  Yeah, I like racing games, but why bother with this... a racing game without music during the races, what the fuck?!
  
  --
  Circumcision is child abuse.
So in other words... by Anonymous Coward · 2011-09-07 01:59 · Score: 0

...make a second account if you want to play this game.
so... by Anonymous Coward · 2011-09-07 02:47 · Score: 0

solution: pirate game. save money. less hassle. win.
Home run by mpbrede · 2011-09-07 03:42 · Score: 1

Great. Buy an AMD graphics card, register for your free game and lose your Steam account.
1. Re:Home run by TheyTookOurJobs · 2011-09-07 08:20 · Score: 0
  
  If I could +1 this I would. I fear for my life when I do anything with steam and adding games. Now I only buy FROM them, which I am sure is their strategy anyway.
PR Stunt? by Anonymous Coward · 2011-09-07 05:46 · Score: 0

They are giving the game away for free, why not turn this into good publicity and say "Hey, just use the keys, try it out, and oh, by the way, if you have our video card it'll look a lot nicer than on our competitors video card. If it looks like crap, you really should upgrade to AMD."
This has so much potential, now that they are out there. Make the most of it AMD.
Free Steam Game by Anonymous Coward · 2011-09-07 06:04 · Score: 0

When I bought my 5850, it came with the free copy of Dirt 2. I'd never remotely considered buying games on Steam before, but have bought about $400 of games since. The pack-in certainly worked out well for Steam in my case.
AMD Pays by Anonymous Coward · 2011-09-07 06:31 · Score: 0

I guess Steam won't ban users, or anyone... instead, they should just pay Codemasters for the "loss"... not for legit customers who got their key used by someone else, they could just go ahead and ask a new one from AMD... I think this is the easiest solution to this problem... and it all end up AMD getting the blame and suffering a loss (with a small annoyance for some customers)...
Now, if it had been a Micro$oft server... by Anonymous Coward · 2011-09-07 18:35 · Score: 0

...the name of the configuration file would have been different!
ps. fuck steam drm