Sign in with
Sign up | Sign in
Your question
Closed

Security Firm Report Reveals Steam Loopholes

Last response: in News comments
Share
October 21, 2012 7:08:13 PM

what happened with Safari being a part of the the most secure OS in the world....FAIL
Score
24
October 21, 2012 7:09:44 PM

Quote:
For instance, games like APB Reloaded, because they use anti-cheat programs such as PunkBuster, require administrator access. If users give administrative access to APB Reloaded, exploiters can be granted access to the entire system.


No, you're giving administrator access to PunkBuster, not APB.

Also, people who are smart and know how to secure their passwords have at least a 10 character password for their Steam account with Steam Guard enabled AND have it linked to their Gmail with a DIFFERENT 10 character password and Gmail has their phone number for the access code when the Gmail account is trying to be accessed on a different computer.

Also, most of us even go through another setup where we put a backup email linked to our Gmail one with a 3rd 10 character password if we need to get out primary Gmail account back.

If you don't have it setup this way and are not using the Steam Wallet codes, then you're just asking for trouble.
Score
-10
October 21, 2012 7:13:50 PM

Wait, this seems to have nothing to do with Steam but the games that are on Steam.
Score
12
October 21, 2012 7:50:34 PM

In the comments above, not sure what this has to do with safari. I don't think it has to do with passwords or being logged into your steam account either.

I think it's just saying steam has vulnerabilities when using the steam URL handler. This means someone could somehow give you a steam://link.whatever (which is normally just a link to start a game), you just click it in whatever browser you have, then code runs without any other user intervention. The potential is always really bad, but how easy a real attack would be is not at all described.
Score
-7
October 21, 2012 9:33:44 PM

URLs? I recall last year, there was a bank that had a major online accounts breach. The hackers discovered they could bypass all of the security by simply changing the numbers in the URL, thus automatically logging them into random accounts.

Logically, they built a random number generator tailored for the website, and they broke into over 100k accounts, but only stole a few million for some reason.

The bank's website designer said, "If we add security, it will break features."
Score
2
October 21, 2012 9:58:20 PM

nebunwhat happened with Safari being a part of the the most secure OS in the world....FAIL


Everything's secure until someone decides to break into it.
Score
3
October 21, 2012 10:00:18 PM

echondo not everyone is as paranoid as you and not everyone uses Gmail. But still, thanks for the information I will try and implement it to my benefit.
Score
1
October 21, 2012 10:44:09 PM

nebunwhat happened with Safari being a part of the the most secure OS in the world....FAIL


Maybe the reason it doesn't ask for permission is because the OS is so secure?
Score
-1
October 21, 2012 11:23:15 PM

Safari is an OS?
Score
0
October 22, 2012 12:29:50 AM

mugiebaharSafari is an OS?

:lol: 
Score
0
October 22, 2012 1:10:27 AM

mugiebaharSafari is an OS?


Well, it could be a VM if you have Java on it...
Score
0
October 22, 2012 3:02:48 AM

nebunwhat happened with Safari being a part of the the most secure OS in the world....FAIL


Don't fall for Apple hype; OS X has never been more secure than Windows - quite the opposite. (Linux follows and has been the least secure of the 3 commonly used desktop computers of today. This is not my opinion, it is the opinion of a security expert whose name I don't remember at the moment at the moment. Tomshardware did an article featuring her a while back.)
Score
-1
October 22, 2012 3:10:48 AM

Kami3kWait, this seems to have nothing to do with Steam but the games that are on Steam.


I can see why you would say that, but it's done through Steam and by Steam. Many games published these days have bought into the Steam co-op experience these days, and simply don't do their own homework to make sure their customers are not exploited by Valve or anyone else. (I'm not saying Valve does anything inappropriate with the information it gathers on you, I'm just saying there is little in place to make sure the company or someone in it doesn't.)
Score
0
October 22, 2012 6:53:15 AM

3 things.

1. How is the exploit being done? (thru a game? Steam? Web browser? what?)

2. I've never even herd of this so called "Security Firm" and their twitter 1st made a "tweet" not even 2 weeks ago. Doesn't sound like a legit company to me. ( said twitter handle @revuln)

3.Isn't this why people use paypal or some other service now a days? to avoid putting their credit card info out there?


I'm calling this a troll security company given the lack of history/activity and then out of the blue they make this kind of "discovery"....
Score
1
October 22, 2012 8:51:50 AM

Well, first time i bought a game on valve and it asked me if i wanted to save my credit card information i was like "What for"? If i lose the damn credit card i have to inactivate it anyway right?
This new era of "we do everything for you" is simply making us mindless monkeys...
Score
0
October 22, 2012 12:55:40 PM

mugiebaharSafari is an OS?

eh?
nebunwhat happened with Safari being a part of the the most secure OS in the world....FAIL
Score
0
October 22, 2012 2:28:50 PM

Cats_PawWell, first time i bought a game on valve and it asked me if i wanted to save my credit card information i was like "What for"? If i lose the damn credit card i have to inactivate it anyway right?This new era of "we do everything for you" is simply making us mindless monkeys...


Saving your credit card info could protect you from having your info stolen by a key-logger at a later date.

Basically, this has nothing to do with steam servers anyway. It's a user vulnerability on your computer, exposed by the way steam launches games, that would allow a malicious program to be granted privileges along with a game that requires administrator privileges.
Score
0
October 22, 2012 7:40:03 PM

what the hell is steam?
Score
0
October 22, 2012 8:37:54 PM

Quote:
as the browser doesn't ask for user permission before programs are launched.


doesn't sound like a steam problem to me as much an apple problem to begin with, but then again how are they going to be able to charge customers $400 for letting their 4 year old play with their iCrap and rck up those charges for feeding virtual game pets.
Score
-1
October 23, 2012 1:10:05 PM

The so called "Security Firm" is anything but. Here's a small clue for starters, spell the name backwards.....the rest is up to you.
Score
0
October 24, 2012 4:22:56 PM

nebunwhat happened with Safari being a part of the the most secure OS in the world....FAIL

Safari was never part of the most secure OS in the world. It is part of an OS developed by a company who convinced its gullible user base that it was secure, when in fact it is the easiest OS to hack. Just look at any hacking competition to see which OS falls first. Apple OS *every* time. It is the LEAST secure OS right now.
Score
-1
!