Steam spawns vulnerabilities, say researchers A new security research outfit called ReVuln has presented its letter of introduction to the world in the form of a paper that analyses how the Steam protocol can expose gamers to attacks. In this document (PDF), the company analyses what happens when a URL using the protocol steam:// is redirected. Of the major browsers, …
Why not! The linux power users will find loads of these vulnerabilities and valve will be swamped with bug reports. The platform will have its security and stability improved across all platforms as a result.
The Unreal Engine bugs arent valves problem anyway, its upto the engine devs to fix those vulnerabilities
Wrong answer! DRM + DMCA will prevent anyone from looking at those vulnerabilities. And why should the Linux community work to improve that "platform" which will severely limit their freedoms ? Any particular incentive ? You don't seem to know much about Linux power users do you ?
In what way does providing a DRM platform to allow wide spread deployment of commercial applications "crippling linux" ... I think you need to learn more about the system you're using and the difference between application/desktop manager/kernel/generic application suite.
Saddly you strike me as the kind of person who'd like any band as long as it was "underground" and then rage when they "sell out" and become "commercial." Even if the band was rubbish to start with.
Half-life And Counter-Strike run on GoldSrc not Source.
The Steam web browser can only be forced to redirect to a malicious page if the command comes from a page hosted at one of Valve's domains because it's hard coded. I'm no security expert but I'd guess that means you'd either need to break into their servers, hijack their domain or (possibly, I'm not sure,) use XSS.
The reinstall feature will only work with local backups so you'd need to get your files onto the computer some other way before you could use the integer overflow vuln. If you can already remotely drop files onto a computer why would you need this Steam exploit? Privilege escalation? Surely Steam doesn't run as Admin?
The Unreal Engine is not maintained by Valve.
doesn't steam use webkit nowdays anyway?
on an interesting note, wouldn't you be able to get files onto the local machine using a game like counter strike as those auto download mods (which is far preferable to any of the alternatives...) but games are bound to be full of exploits - but you know what bugger it. Computers are full of exploits and there's not much we can do about it. Except not using computers I suppose.
What is scary here is the range of vulnerabilities that the researchers have found in the Steam software. What started off as abuse of the URI handler then went on to code execution through an integer overflow vulnerability in the parsing of images. There are a range of vulnerabilities and Steam have alot of work to address this and give us re-assurances that they are taking steps to develop secure code. They haven't been keen on using compiler defensive technologies (ASLR, DEP, stack cookies) because of performance reasons but they are making a trade off when it comes to security.
I have a Steam account, bought a game through them because it was the cheapest option. Doing it that way annoyed me so I bought the stand alone desktop version of the game and forgot about Steam. Then about 2 months ago I start to get alert emails from them with a link to click to reset my password, someone is trying to access my account. Annoying but since I no longer want it I ask Steam if they will kindly delete my account and why. They are apparently utterly unable to delete an account so I have a Steam account until the day I die.
Fuckwits.
What annoyed you about it? Was it the simplicity of the purchase, the automatic updates and patches, or the ability to contact friends for easy multiplayer gaming?
Yes, getting emails about your account being locked is annoyed, but that's why we have email filters and rules.
Hurray for automatic updates. Like the one for Civ V a few months ago that irreversibly corrupted all saved games? That's progress!
Hurray for being able to contact friends. It's amazing that the internet existed for so long without Steam - how on Earth did people communicate?
With nuclear weapons?
Anyway it isn't steams fault Firaxis released a crap patch, and if you're the kind of person that doesn't auto install updates and instead waits to see what the forum says (these people don't really exist there are two kinds of patchers those who auto patch and those who patch when they find something horribly broken) just turn off the auto update management. It's not rocket science.
What I like about steam other than obviously my addiction to CS is the fact that you can buy games on steam and 5 years from now install the client on another machine and boom you have all the games you purchased right there no finding long lost DVDs etc. This was a pleasant surprise for me when I installed the steam client on my Mac and was able to download the majority of the games I had purchased years ago for my old PC (obviously some games never ported to Mac).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
