+ Reply to Thread
Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Slipmat

Thread: Steam had a 'hack' bug for the past 10 years

  1. #1
    RIFT Community Ambassador Slipmat's Avatar
    Join Date
    Jan 2011
    Location
    Ireland
    Posts
    6,254

    Default Steam had a 'hack' bug for the past 10 years

    Not surprising this was kept a bit quiet, seems Steam had an exploit vulnerbility for the past 10 years that left it wide open to remote code execution (RCE) in all 15 million active clients.


    Luckliy we have these 'white hat' hackers who informed Valve and in fairness it got patched in a few hours, makes you wonder what damage was done in those 10 years though, what's more frightening if you read the blog all the way through and watch the video at the end how a 'hacker' could totally take over your PC remotely.


    Source: https://www.contextis.com/blog/frag-...e-steam-client


    Video, if you didn't read the tech stuff:


    https://www.youtube.com/watch?v=0QaozC8S0Aw
    Last edited by Slipmat; 06-03-2018 at 09:58 PM. Reason: Added video

  2. #2
    General of Telara Challengere's Avatar
    Join Date
    Jan 2014
    Posts
    964

    Default

    Quote Originally Posted by Slipmat View Post
    Not surprising this was kept a bit quiet, seems Steam had an exploit vulnerbility for the past 10 years that left it wide open to remote code execution (RCE) in all 15 million active clients.


    Luckliy we have these 'white hat' hackers who informed Valve and in fairness it got patched in a few hours, makes you wonder what damage was done in those 10 years though, what's more frightening if you read the blog all the way through and watch the video at the end how a 'hacker' could totally take over your PC remotely.


    Source: https://www.contextis.com/blog/frag-...e-steam-client


    Video, if you didn't read the tech stuff:


    https://www.youtube.com/watch?v=0QaozC8S0Aw
    no surprise there, pissed off nerds who get nothing but bullied in real life find any power they can including all the trolls and devs with inferiority complexes across the gaming market who shut down anyone they view as successful or happy in spite of the lives they were forced to grow up living

    good to see the more concerned ones doing something to stop them, hope they all go get counselling and talk about their mommies when they are caught

  3. #3
    Plane Touched Gharn's Avatar
    Join Date
    Jun 2016
    Posts
    235

    Default

    What do you mean by kept quiet? Did you expect a fanfare of "OMG! We're terribly sorry for this!" posts on all possible websites?

    Makes me wonder what you'd except from Meltdown and Spectre then :P
    Sanzor@Zaviel
    Guild - The Pack

  4. #4
    RIFT Community Ambassador Slipmat's Avatar
    Join Date
    Jan 2011
    Location
    Ireland
    Posts
    6,254

    Default

    Quote Originally Posted by Gharn View Post
    What do you mean by kept quiet? Did you expect a fanfare of "OMG! We're terribly sorry for this!" posts on all possible websites?

    Haha chance would be a fine thing, at least now with Valve we know it's all about the bottom dollar, their latest "venture" to release anything on Steam with no Moderation at all proves this, i have no doubt that exploit would still be running in another 10 years if that group didn't highlight it.

  5. #5
    Plane Touched Gharn's Avatar
    Join Date
    Jun 2016
    Posts
    235

    Default

    Quote Originally Posted by Slipmat View Post
    Haha chance would be a fine thing, at least now with Valve we know it's all about the bottom dollar, their latest "venture" to release anything on Steam with no Moderation at all proves this, i have no doubt that exploit would still be running in another 10 years if that group didn't highlight it.
    We can agree there is a crapload of odd games being released, especially the eastern anime types. Luckly you have a "Not Interested" option for anime, so they all dissapear from my feed. Any kind of description related to other games I play are highlighted instead.

    As for the bug, then you can't expect anyone to find all bugs. As I mentioned, Spectre and Meltdown was open and extremely serious bugs on CPUs, which affects a bit more than 15mill users. Sometimes things look fine, because the way it works won't pop up as an error during your reports, like like the article said about the Steam bug. We operate with data at my company, and I've lost count when customers mentioned they had a serious webpage, client or hardware bug that's been around for years and then suddenly discovered by freak accident. It's just a miracle the poor guys haven't been exploited.
    Sanzor@Zaviel
    Guild - The Pack

  6. #6
    Soulwalker
    Join Date
    Nov 2012
    Posts
    2

    Default Steam was responsible in patching

    It is very good Steam programmers fixed it in a timely manner. All software, even security software, has security flaws, even hidden flaws which exist for a long time. Something that can mitigate any potential remote code execution vulnerability is running as a non-admin account. Also, keep the system up-to-date with automatic updates. In addition, back up files to offline storage, and have a full O/S recovery plan in place and optimally test it out. Good luck and may you all not get struck by hackers.

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts