GUIDs have mainly become unsafe.

Heist recently got his cd key stolen by someone so I'm quoting this text from the iceops community forum:

Hi! 

As most of you are aware, 3xP has been stealing CD-Keys for quite some time now. Due to that (and to the ammount of the keys that have been stolen, which is said to be about 8k) we were forced to remove GUID authorization in the new CoD4X update. Instead of that, we are forced to use the new authorization system, which consists of register-login-like system.
 
Admins can be registered with authSetAdmin command (and removed with authUnsetAdmin), default power required is 95. Rcon has 100 power (max), so just use that 
 
The admin can then login with the authLogin command, it is worth noting that failing to type the $ at the start might result in the command with the login and password appearing in the chat. We recommend either binding it to a key or disabling console chat server-side and admins typing it in the console.
 
The passwords are stored in nvconfig, they are salted and hashed. That means, the main admin is not able to see them at all.
 
A password can be changed with authChangePassword command.
 
Each admin is assigned a unique UID (for identification) and power.
 
The files are available on github, they are still under testing. As soon as they are stable we will add the new build to auto updater.
 
Even though this may seem unnecessary and uncomfortable, this is the only safe admin authorization method available at the moment.

With this new information it might happen that in the future some admin functions will require you to login and manuadminmod might become more as a part to allow vip functions to be used. what it does give as benefit that command that are executed will not be visible for other other players. more information will be given after my exams when i have more time to think of ideas or solutions.

here is another quote with some tips from the iceops community:

Well what was for long theoretical possible to program is ongoing now for some month in reality. However I unfortunately heard just yesterday about this 1st time from NNJ.
There are now indeed servers out there which are reading and storing your CoD4 CD-Keys.
One server which is doing this we are aware of is:
 
91.121.21.210:28968 - 3xp' 24/7 Nuketown TDM/SD
 
There maybe even more out there we don't know it.
Well I recommend to stay away from any server with the IP: 91.121.21.210 or "3xP" inside the name.
Also it is recommend to stay away from any server you don't trust when the following 2 conditions are met:
#1 It downloads any content to your PC
#2 You have a valid and legally bought CD-KEY entered in CoD4.
 
You can enforce such a policy by entering into console \cl_allowdownload 0
Or if you don't like console go from Main-Menu to: Options -> Multiplayer Options -> Allow Downloading
 
You have to do this whenever you join an untrusted server as this can got reset by any server.
 
How can I detect a cdkey stealing server ?
You can detect it on this way (However when you have detected it, it is already too late):
 
Whenever you have not opened the cdkey-dialog by self before but after you have joined a server the cvars cdkey1 - cdkey5
are set you have joined a server which did at least read your CD-KEY. You can check this by opening console and type only into it "cdkey". "cdkey1" - "cdkey5" will show up here.
 
So be careful now until there is a fix available.
 
Looks like they are doing it since August 2013 so it had happened for quite a long time already. (See attachment)
 
Adding evidence...
Extract the modfolder and play the demo inside the modfolder. If you are done with demo cdkey1 - cdkey5 will be set. This demo got recorded on this 3xP server of course.
Playing this demo won't expose your CDKEY to anyone if you quit your game after you have played the demo.
Attached Files

•   cdkey_stealer.png   245.63KB   16 downloads
  
•   ^73xp_^5promod.zip   7.1MB   46 downloads
  

Dunciboy wrote:what it does give as benefit that command that are executed will not be visible for other other players.

I have been waiting this for so long. No more noobs complaining about "What is !a?" "Don't !a me?!" and people spamming the server with "!pl" whenever another admin does so.

well some functions are only possible with manuadminmod like !a but !pl won't be needed anymore you can use $ministatus now. after exams all the perms are gone be highly restricted on manuadminmod kicking, banning and temp banning will be done with this new system. all admins will get a login etc. This login also gives them an unique uid that they get assigned when they login. If i ban someone my uid will be inside the ban.

Heist to you i suggest you don't buy a new key since we are getting a new system you can use an illegal key code for all i care.

Thanks for noting this up, I've been playing on their servers for the last few weeks and I really can't believe they're doing this. Shame on them.

If 3xP' was a living person i would i kick them in the balls for doing this.

Will do, Dunci, but can't you just unban my old key? They won't be able to do a lot of harm anyway. (Been looking on the internet for carcked keys, mostly guid spoofers, which I don't want to download)

Heist wrote:Will do, Dunci, but can't you just unban my old key? They won't be able to do a lot of harm anyway. (Been looking on the internet for carcked keys, mostly guid spoofers, which I don't want to download)

I first need to think off things but yeah but you won't have any perms till i got the system ready.

3xp' did that? thats just messed up....    

Heist wrote:Will do, Dunci, but can't you just unban my old key? They won't be able to do a lot of harm anyway. (Been looking on the internet for carcked keys, mostly guid spoofers, which I don't want to download)

Grab one from the key generators in the meantime. You can always buy a new key if you really want it, they're about 10 euro max.

Lol you would name your self 'UberHaxor' you damn kid.

Great job, kid. Your mom must be very proud of you. I'll buy you a Happy Meal for this great achievement in your life.

+1