Slashdot Mirror

← Back to Stories (view on slashdot.org)

Steam Bug Allowed Password Resets Without Confirmation

Posted by Soulskill on from the users-rather-steamed dept.

An anonymous reader writes: Valve has fixed a bug in their account authentication system that allowed attackers to easily reset the password to a Steam account. When a Steam user forgets a password, he goes to an account recovery page and asks for a reset. The page then sends a short code to the email address registered with the account. The problem was that Steam wasn't actually checking the codes sent via email. Attackers could simply request a reset and then submit a blank field when prompted for the code. Valve says the bug was active from July 21-25. A number of accounts were compromised, including some prominent streamers and Dota 2 pros. Valve issued password resets to those accounts with "suspicious" changes over the past several days.

62 comments

  1. That's funny by Anonymous Coward · · Score: 5, Funny

    That's pretty funny considering the NIGHTMARE I went through getting my steam account reset as the email account I used to register (DOH!) was a previous work email that is no longer active, so sending me an email asking if I want to change my email is pointless. And now I find out that if I had have waited, it wasn't even verifying the code?

    FFS

    1. Re:That's funny by Anonymous Coward · · Score: 0, Flamebait

      what dumbass uses a work email address for personal accounts? You're a fuckwit.

      -CM

    2. Re:That's funny by Anonymous Coward · · Score: -1

      Yet another reason not to use Steam spyware/DRM. If you do, then you put all of your game purchases at risk.

      If Valve can't get something like a web page frontend working properly, just imagine all of the bugs and security holes in their games.

  2. dumbasses by Anonymous Coward · · Score: 0

    Glad I still have my account...

  3. Frosty? by Anonymous Coward · · Score: 0

    Damn straight.

    -CM

  4. HL3HL3HL3 by Anonymous Coward · · Score: -1

    Where is my HL3?

    1. Re:HL3HL3HL3 by jones_supa · · Score: 2, Informative

      The Half-Life wiki has a good article called Future of the Half-Life series where you can follow the latest developments.

      On March 19, Gabe Newell, when asked about Half-Life 3, replied: "The only reason we'd go back and do like a super classic kind of product is if a whole bunch of people just internally at Valve said they wanted to do it and had a reasonable explanation for why [they did]." This, like all of Valve's other statements regarding Half-Life 3, neither confirms nor denies the possibility that the game will eventually be made.

    2. Re:HL3HL3HL3 by Anonymous Coward · · Score: 0

      "WHY"? The most idiotic thing he could ask.

    3. Re:HL3HL3HL3 by drinkypoo · · Score: 1

      "WHY"? The most idiotic thing he could ask.

      If you're in the game for the long haul then you don't just throw away your reputation. You make the game when it makes sense to make the game. You have some new level of competence to display, usually. That's when HL2 came out.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:HL3HL3HL3 by Qzukk · · Score: 1

      At this point, HL3 (or even just "HL2 episode 3") is going to become Valve's Daikatana or Duke Nukem Forever. Just following on from the end of Hl2e2 is going to be a huge hurdle (their writer must be at least this good in order to get on this ride) never mind whatever Source engine technology they want to show off.

      I think that Newell sees only two possibilities: 1) they never make the game or 2) they make the game and everyone hates it.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    5. Re:HL3HL3HL3 by Anonymous Coward · · Score: 0

      Essentially that means it will never happen, which I can understand. It would be like going backwards with game development and, let's face it, HL2's gameplay and visuals were already pretty stale back when it came out.

    6. Re:HL3HL3HL3 by PRMan · · Score: 1

      They need to mix Half-Life 3 and Portal 3 with a great story. THAT would be an amazing game.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    7. Re:HL3HL3HL3 by Pubstar · · Score: 1

      Speaking of Source 2, it should be released in full with some games at some point. Its already powering the DotA 2 Reborn client.

    8. Re:HL3HL3HL3 by Anonymous Coward · · Score: -1

      Obviously you didn't play games in the year of its release to make a statement such as this. I challenge you to produce two examples of contemporary games that beat its visuals.

    9. Re:HL3HL3HL3 by Anonymous Coward · · Score: 0

      Time for you to put down the crack pipe, take off the rose-tinted shades and put on your prescription glasses.

      I challenge you to produce two examples of contemporary games that beat its visuals.

      Off the top of my head:

      Far Cry
      The Chronicles of Riddick: Escape from Butcher Bay
      Doom 3
      Thief: Deadly Shadows
      Max Payne 2
      Star Wars: Knights of the Old Republic
      Star Wars: Battlefront
      Silent Hill 4
      Enclave
      The Elder Scrolls III: Morrowind
      Beyond Good & Evil
      TRON 2.0
      Fable
      Psychonauts
      Need for Speed: Underground 2
      Painkiller
      Xpand Rally
      BloodRayne 2 .kkrieger

      I'd go so far to say that Elite Force II, Jedi Academy and the original Call of Duty pretty closely match the visual quality seen in Half-Life 2 and those games run on the id Tech 3 engine, which was old even back then.

  5. If something like this slips through testing by gweihir · · Score: 5, Insightful

    Then testing either sucks completely or ignores security functionality. This really is an absolute basic thing to test, just as testing that giving a wrong password does not give you access. The state of practical software engineering seems to still be abysmal, even after this problem has been known for a few decades. It is high time to legally bar amateurs from doing software that has any security functionality that protects customer assets and data.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:If something like this slips through testing by Anonymous Coward · · Score: 0

      I can say from experience that I have mistyped a password reset code and it definitely checked. There's more context that allowed this bug to appear than the summary lets on.

    2. Re:If something like this slips through testing by gweihir · · Score: 1

      Possibly. If the summary is correct, this would be abysmally bad. Although it seems the vulnerability was only there for a short time, and they possibly did not fix, but roll-back to get rid of it. Fixes take some time, roll-backs are almost instantaneous. Roll-backs can only be done for an not very old previous version though, so they likely had one that was still fine.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:If something like this slips through testing by Anonymous Coward · · Score: 0

      As someone who has worked with the SteamAPI code, I can say that yes, the standard of coding and bug-prone nature of the code, isn't the best.

      Valve have commonly stated in the past that they encourage everyone there to code, no matter what their area of expertise - and non-hierarchical workplace structure, seems to mean that security may not get prioritized unless some of the devs there feel like doing that - so it's no surprise that that can lead to some pretty poor code.

    4. Re:If something like this slips through testing by Bengie · · Score: 4, Interesting

      Obviously they don't unit test their failure cases, only their success cases. I've programmed many security APIs for stuff around validation and authentication, and there are many many more failure cases, but you need to test them all. My general rule of thumb is to unit test all edge cases I can think of.

      The only thing more important than something working how I want it is for it to fail how I want it.

    5. Re:If something like this slips through testing by Anonymous Coward · · Score: 0

      Correction: Worked-with, meaning, worked with the external API, not the internal Steam API code - some of the API is very bug prone.

    6. Re:If something like this slips through testing by omnichad · · Score: 1

      Probably a bad SQL query join that checked for the existence of a value. If you mistype a code it might be found. If you enter no code, there might be matches.

    7. Re:If something like this slips through testing by ArhcAngel · · Score: 1

      I called to get support for software I was using. After explaining the problem the support person said they were confused and asked me to elaborate. I said the x was no longer working and I had tried a, b, & c to fix it. The tech was like our product doesn't do x! And I was like well I've been using it to do x for months. It seems a feature I had been using for months turned out to be a bug and gotten fixed in the newest release.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    8. Re:If something like this slips through testing by Bengie · · Score: 1

      I can't say one way or the other for whatever you bug was, I like to do validation as much as possible in my code until there is a valid performance issue. Several times in the past few years I've had outside developers start using my code only to have their front-ends blow up with some helpful error messages. They would complain that my backend code was causing their frontend code to fail, but I explained that they were making undefined calls and my backend code was just making sure calls were being used in a way consistent with the envisioned data model.

      I've gained a reputation for thoroughly checking edge cases that I am now "that guy" people go to first. This can be annoying because 95% of the time it's an issue with the frontend, but the person who made the frontend doesn't do any useful logging and lets default exception handling drop a "object null" error or whatever. Even the frontend devs come to me asking why their program is breaking. JUST PASS SOME VALID PARAMETERS! They're too used to things silently failing, leaving stuff in invalid states, but only causing errors when they attempt to use the invalid state.

      My goal is that when using my code, it either works beautifully or fails spectacularly with a clear reason why. The sooner code breaks, the better. None of this code seems to work but something is in an invalid state and someone forgot the check the state. No, it goes BOOM and is never in an invalid state. All states are accounted for and how you can use something in a certain state is enforced.

      A simple example is authentication. I've seen people write auth APIs where the programmer is supposed to request the user object, if found, then attempt to validate it. I don't do that. I let you pass in the auth data, and I'll pass back an immutable user object if the validation was successful. With the other way, I've seen programmers who have forget to validate the user object. oops.

      Another example is SQL sprocs. Many programmers like to use internal identifiers. Yay incrementing integers, no chance of accidentally flipping around some arguments and still getting a valid response because those identities exist in more than one table. /sarc Nope, UniqueIdentifiers. Virtually no chance of accidentally passing in a UUID to the wrong parameter and not getting an error. But UUIDs fragment the index more quickly... boo freaking hoo. I'll worry about it when it becomes a performance issue.

    9. Re:If something like this slips through testing by Bengie · · Score: 1

      [ResetCode] check( [ResetCode] > '') NOT NULL

    10. Re:If something like this slips through testing by omnichad · · Score: 1

      Seems a little silly to put the user input checking in db code instead of server code.

    11. Re:If something like this slips through testing by Bengie · · Score: 1

      Until some knob-head inserts an empty string into the database and breaks code that assumes empty will never happen. If something should NEVER happen, then make sure it never happens. That's the whole point of constraints in databases, forcing the business logic to at least conform to basic data model rules.

    12. Re:If something like this slips through testing by Anonymous Coward · · Score: 0

      You should pretty much check everywhere... If you don't, in some specific places, for serious performance reasons, then you have to take triple the time to assert and test the code.

    13. Re:If something like this slips through testing by Anonymous Coward · · Score: 1

      Valve doesn't have testers. They literally have zero testers. Developers are supposed to test their own code but many of the teams have zero automated tests. The 'contract' with the customers is basically that will Valve will ship cool stuff and the customers will forgive their mistakes.

      This contract works okay for the games, mostly, but falls down pretty hard for Steam. Steam does have tests, but not really enough.

      TL;DR Many Valve developers have a shocking disregard for code quality and failures like this are not surprising. I should know, I used to work there.

    14. Re:If something like this slips through testing by gweihir · · Score: 1

      Sounds very plausible.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    15. Re:If something like this slips through testing by gweihir · · Score: 1

      On the other hand, a check whether the result of the DB query matches an expected format is easy to do. Of course, real men do not verify assumptions. They just know.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    16. Re:If something like this slips through testing by gweihir · · Score: 1

      Indeed. Incidentally, a professional penetration-test does exactly that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. I agree by Anonymous Coward · · Score: -1

    OP is a fuckwit.

    So, got any good abo jokes?

  7. Oh noooz...free gamez by Anonymous Coward · · Score: -1

    ahhhhwwwww its all over now...free WAS good

  8. Dota 2 pros by Anonymous Coward · · Score: -1

    lol virgins

  9. Continuous Deployment! by chuckugly · · Score: 0

    Continuous Deployment is so awesome.

    1. Re:Continuous Deployment! by Anonymous Coward · · Score: 0

      ^^ Spotted the aging IT drone!

    2. Re:Continuous Deployment! by chuckugly · · Score: 1

      Ageing security professional, but close enough. CD is OK *IF* all the other stuff is in place but it seldom is all in place, often unit testing and CD and "ship it". For a graphic example of why unit testing isn't enough, spend 90 seconds watching the initial launch of Ariane 5 pass it's unit tests all over the place.

  10. They tell you to ignore it too... by Anonymous Coward · · Score: 1

    I got one of the password reset emails during this "attack". The email you receive specifically states:
    If you are not trying to reset your Steam login credentials, please ignore this email. It is possible that another user entered their login information incorrectly.

    Yep, if you didn't try to reset your password, ignore the fact that you got the password reset email.

    Lucky me, apparently I enabled Steam Guard back in 2013.

    1. Re:They tell you to ignore it too... by Bengie · · Score: 2

      I had a similar thing a month ago. I got an email that stated I got a password reset request. Just to test things, I logged out of Steam and logged back in. It said someone else from another IP "logged in" to my account, that was after I entered my original password. That left me confused. How could someone log in if my password was the same. I saw a reset request, but I never got an email that my password got changed.

      I decided to change my password, and just to test things out I issues a password reset instead of just changing my password the normal way. I got the email saying a password reset was requested, then I changed my password and I got another email saying my password was changed.

      since nothing was amiss, I assume that someone did not log into my account but only issued a password reset. This scares me. To me this indicates that the web page thought the Chinese IP address actually logged in. If I was to write a program to notify a user that an unknown IP logged into their account, I would tie that in with the authentication logic that on a successful login, an email get sent. Does this mean the Steam code that handles password resets technically calls a code path that authenticates as that user? Shitty programming is all I can say.

  11. Nafarious intent by Anonymous Coward · · Score: 0

    How come I always find out about these bugs AFTER they'd have been useful?

    1. Re:Nafarious intent by JustAnotherOldGuy · · Score: 1

      I know, it's like they're teasing us.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    2. Re:Nafarious intent by Anonymous Coward · · Score: 0

      Because otherwise they would have just fixed it quietly and we would have never heard about it.

  12. Come on now... by JustAnotherOldGuy · · Score: 1

    ....stop complaining about these hidden features and start thanking the developers for making it so easy for $random_hacker to ruin years of work.

    It's funny, though, because resetting the password on a STEAM account the way you're supposed to can be a total clusterfuck that will leave you cursing for days, if not weeks. Ask me how I know.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Come on now... by Binestar · · Score: 1

      Ask me how I know.

      How do you know?

      --
      Do you Gentoo!?
    2. Re:Come on now... by JustAnotherOldGuy · · Score: 1

      How do you know?

      I tried it once, and to put it succinctly, I'd rather have back-to-back root canals than go through that shite again.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  13. Wait, what? by JustAnotherOldGuy · · Score: 1

    > The problem was that Steam wasn't actually checking the codes sent via email.

    Really, Steam? Really? You really, truly didn't even bother to check the code you sent as "confirmation"? The code that is the raison d'être for sending the code in the first place?

    This is the kind of mistake I'd expect from a newbie who's still getting the hang of "Hello, World!", not from a multi-million dollar team of professional developers.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Wait, what? by ledow · · Score: 2

      I think it's more of a side-issue.

      If there was a code in the box, it checked it. And refused incorrect codes.

      But nobody tested it when there wasn't a code in the box.

      Still pathetic, but a little less so.

    2. Re:Wait, what? by Bengie · · Score: 1

      The fact that the front end logic implements the business logic that handles password reset is a bad practice. The front end should call an internal API that has a signature like this "bool TryPasswordReset(string username, string resetCode, out userObject user)". If unccessfuly user is null, but if the try is successful, then user is a valid user object that can be passed into the change password API that looks like this "bool TryChangePasswordWithReset(UserObject user, string newPassword, string resetCode)".

      This API could be unit tested to hell and back to make sure the business logic works, and it keeps the front end dev from making stupid mistakes that affect security.

      Shit like resetCode being null, empty, or whitespace will throw a lovely exception that the front end dev should have checked for. Not to mention that resetCode must be a valid value.

    3. Re:Wait, what? by drinkypoo · · Score: 1

      If there was a code in the box, it checked it. And refused incorrect codes.

      But nobody tested it when there wasn't a code in the box.

      In what world is (null) not an invalid code? What color is the sky there?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Wait, what? by ledow · · Score: 1

      You're missing the point (though the practical implications are the same).

      The check on whether the code was valid was only run if the user typed a code into the box. Typing in random letters wouldn't validate. Typing in a valid code would.

      It was an oversight that the checks existed but never actually took place in the case of null, not that they were not capable of validating codes.

      As such, rather than just "Let's make up random codes and then ignore them and validate anything", the thought process was "Let's generate codes, validate them properly, but oh shit, we forgot to validate this path".

      Although the results are the same, the implication that they never intended to use the code for checking against is wrong. As such, it appears to be a coding oversight which allows an authentication bypass, rather than deliberate laziness masquerading as security.

  14. Spammy by Anonymous Coward · · Score: 0

    That explains why i receive tons of steam password reset code spam recently... SO has steam devs learned their lesson? Always check input values ;)

  15. FiRst by Anonymous Coward · · Score: -1

    would be a bad Of Jordan Hubbard product, BSD'S may also wan+t THINKING ABOUT IT.

  16. Microsoft had something similar by RogueyWon · · Score: 2

    Microsoft's Xbox Live system had something similar a few years ago. In that case, the "bug" was actually a flaw in their online and phone support protocols and is pretty well documented here.

    This was used to compromise a large number of accounts in 2011 and 2012, with the compromised accounts generally being used to make tradeable FIFA DLC purchases, allowing Xbox Live purchases to be laundered back into real cash.

    I got stung by it myself, which utterly shocked me as my XBL password was a strong password that had only ever been entered into my 360 console - so even if my PC were compromised (and I was pretty sure it wasn't), the password certainly hadn't been extracted via a keylogger. MS were very prompt in responding and gave the impression that they were dealing with a lot of these cases. They refunded the £50 that the scumbag had spent and gave me 3 months free XBL Gold subscription as well, which seemed odd given I was still convinced the slip-up must have been on my end.

    Wasn't until I saw that Kotaku article a few months later that I realised what had happened. The irony is that this was going on at the same time as the Sony PSN breach and, unlike the PSN breach, it resulted in accounts actually being compromised and fraudulent purchases being made. But as it was a steady drip-drip-drip of compromised accounts rather than an eye-catching big-bang "hack", the mainstream media never picked up on it.

    1. Re:Microsoft had something similar by RogueyWon · · Score: 1

      Ugh, lost the link - here.

  17. Dear Valve - please try Kaje Picture Passwords by garyebickford · · Score: 1

    "Dear Valve: Please go to http://ka.je/ to see a solution to your authentication problem. The Kaje Picture Password SAAS removes all passwords from your website, eliminates transmission of passwords across the net - they are converted to an encrypted hash in the browser - and prevents phishing attacks. The Kaje SAAS never knows anything about the user, so there is no way (short of hacking two different operating systems run by two different companies on completely separate networks, at least one of which is designed to prevent even a hack from being useful) for a black hat to get the user's info and password or other Proof of Knowledge. Kaje has built-in features to prevent keyboard and mouse snooping as well, and the vendor works diligently to know nothing about the user. There is no more private and secure method for user authentication or step-up authorization. And since the user uploads his/her own test challenge (picture or other), it acts automatically as two-factor authentication - much better than that "site key" that some banks are using, while being easier to remember."

    Proofs of Knowledge include picture passwords, text passwords, cognitive self-tests, Captcha's and a bunch of others. NB - I work for the company. The founder is also the inventor of Self Encrypting Drives and has several patents related to online security.

    --
    It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    1. Re:Dear Valve - please try Kaje Picture Passwords by Anonymous Coward · · Score: 0

      I just looked into kaje.

      It appears they charge money after the first 10,000 successful uses, but there is no information on the site about how much they charge. I don't do business with companies that do not have upfront pricing information.

      I will NOT sign up to find out how much something costs...

  18. gweihir, it's abysmal if YOU did it, lol by Anonymous Coward · · Score: 0

    "Run, Forrest: RUN!!!" vs. a fair challenge http://news.slashdot.org/comme...

    * I find it UTTERLY HILARIOUS seeing a bullshit artist mere talk TROLLING done zero loser like you has the NERVE to state what you did - especially after you RAN in that link above, gweihir... lol!

    You don't HAVE the ability to code & the link above evidences it - you're a bullshit blowhard, nothing more - a MERE TECHIE MENIAL @ best/most!

    (FACT: Minus coders like myself, you TECHIE or NETWORK ADMIN MENIALS ARE HELPLESS - just as you've SHOWN yourself to be in that link above!).

    AS FAR AS SECURITY WARES?

      Well, the day YOU can get the likes of malwarebytes' folks to recommend & HOST your wares as mine is??

    THAT'S THE DAY AN INCOMPETENT MENIAL STOOGE LIKE YOURSELF CAN EVEN BEGIN TO SPEAK TO ME, you utter LIMITED little techie moron!

    You can't even CODE, you fucking blowhard wannabe loser... & YET you're "telling us how it is"?? Please, make us laugh some more!

    APK

    P.S.=> Keep on shooting your blowhard done nothing in computing mouth off gweihir - I'll be RIGHT THERE AGAIN to expose your crap yet again (have fun with the shame you'll have to publicly endure here & YOU STARTED IT WITH ME YOU USELESS TROLLING LOSER WITH NO SKILLS BUT LOTS OF MERE "TALK", lmao)... apk

  19. gweihir you're a hotair bs'er blowhard by Anonymous Coward · · Score: 0

    "Run, Forrest: RUN!!!" vs. a fair challenge http://news.slashdot.org/comme...

    * I find it UTTERLY HILARIOUS seeing a bullshit artist mere talk TROLLING done zero loser like you has the NERVE to state what you did - especially after you RAN in that link above, gweihir... lol!

    You don't HAVE the ability to code & the link above evidences it - you're a bullshit blowhard, nothing more - a MERE TECHIE MENIAL @ best/most!

    (FACT: Minus coders like myself, you TECHIE or NETWORK ADMIN MENIALS ARE HELPLESS - just as you've SHOWN yourself to be in that link above!)

    UNBELIEVABLE!

    This DOLT wannabe that couldn't write any code to save his LIFE is "telling us how it is" - what an incredible douchebag, talking out his ass!

    E.G.=> Per the link above, He put down an app I wrote that the likes of MALWAREBYTES own people RECOMMEND & HOST FOR ME NO LESS - what's his ass done?

    ZERO!

    APK

    P.S.=> Keep on shooting your blowhard done nothing in computing mouth off gweihir - I'll be RIGHT THERE AGAIN to expose your crap yet again (have fun with the shame you'll have to publicly endure here & YOU STARTED IT WITH ME YOU USELESS TROLLING LOSER WITH NO SKILLS BUT LOTS OF MERE "TALK", lmao)... apk

  20. gweihir knows ZERO about coding by Anonymous Coward · · Score: 0

    "Run, Forrest: RUN!!!" vs. a fair challenge http://news.slashdot.org/comme...

    * I find it UTTERLY HILARIOUS seeing a bullshit artist mere talk TROLLING done zero loser like you has the NERVE to state what you did - especially after you RAN in that link above, gweihir... lol!

    You don't HAVE the ability to code & the link above evidences it - you're a bullshit blowhard, nothing more - a MERE TECHIE MENIAL @ best/most!

    (FACT: Minus coders like myself, you TECHIE or NETWORK ADMIN MENIALS ARE HELPLESS - just as you've SHOWN yourself to be in that link above!)

    APK

    P.S.=> Keep on shooting your blowhard done nothing in computing mouth off gweihir - I'll be RIGHT THERE AGAIN to expose your crap yet again (have fun with the shame you'll have to publicly endure here & YOU STARTED IT WITH ME YOU USELESS TROLLING LOSER WITH NO SKILLS BUT LOTS OF MERE "TALK", lmao)... apk

  21. Real men don't run vs code challenges gweihir by Anonymous Coward · · Score: 0

    "Run, Forrest: RUN!!!" vs. a fair challenge http://news.slashdot.org/comme...

    * I find it UTTERLY HILARIOUS seeing a bullshit artist mere talk TROLLING done zero loser like you has the NERVE to state what you did - especially after you RAN in that link above, gweihir... lol!

    You don't HAVE the ability to code & the link above evidences it - you're a bullshit blowhard, nothing more - a MERE TECHIE MENIAL @ best/most!

    (FACT: Minus coders like myself, you TECHIE or NETWORK ADMIN MENIALS ARE HELPLESS - just as you've SHOWN yourself to be in that link above!)

    APK

    P.S.=> Keep on shooting your blowhard done nothing in computing mouth off gweihir - I'll be RIGHT THERE AGAIN to expose your crap yet again (have fun with the shame you'll have to publicly endure here & YOU STARTED IT WITH ME YOU USELESS TROLLING LOSER WITH NO SKILLS BUT LOTS OF MERE "TALK", lmao)... apk

  22. gweihir gets his ass PENETRATED, lol by Anonymous Coward · · Score: 0

    "Run, Forrest: RUN!!!" vs. a fair challenge http://news.slashdot.org/comme...

    * I find it UTTERLY HILARIOUS seeing a bullshit artist mere talk TROLLING done zero loser like you has the NERVE to state what you did - especially after you RAN in that link above, gweihir... lol!

    You don't HAVE the ability to code & the link above evidences it - you're a bullshit blowhard, nothing more - a MERE TECHIE MENIAL @ best/most!

    (FACT: Minus coders like myself, you TECHIE or NETWORK ADMIN MENIALS ARE HELPLESS - just as you've SHOWN yourself to be in that link above!)

    APK

    P.S.=> Keep on shooting your blowhard done nothing in computing mouth off gweihir - I'll be RIGHT THERE AGAIN to expose your crap yet again (have fun with the shame you'll have to publicly endure here & YOU STARTED IT WITH ME YOU USELESS TROLLING LOSER WITH NO SKILLS BUT LOTS OF MERE "TALK", lmao)... apk