back to article XSS marks the spot: Steam vuln dangles potential phishing line

Security researchers have discovered a significant security vulnerability in Steam, Valve's digital distribution platform for PC gaming. The bug, which has since been patched, allowed users to add malicious code to their profile, bypassing Steam's security measures. The trick, discovered by security researcher cra0kalo, could …

  1. John G Imrie Silver badge

    Visit another users profile page

    Thank $DEITY I'm an antisocial bugger.

  2. not.known@this.address Bronze badge

    I'm only (t)here for the Licence...

    I admit it - I am a 'Sins Of A Solar Empire' whor^H^H^H player and the only way I could get the latest one is through Steam...

    If I wanted to play with other people, I'd play football!

  3. John 104

    Valve can kiss my ass. Ever try to contact them for support?

    1. gypsythief

      Yes.

      ... and a lone tumbleweed blows gently through the silent wasteland...

  4. lglethal Silver badge
    Go

    You gotta give credit to valve in this case

    They fixed the bug within about 4 hours of being informed of it... Not many other sites act that fast...

  5. EnviableOne Bronze badge

    XSS, SQLI and CSRF are all just sloppy coding as the fast fix time indicates, when are people gonna priorities Security over time to market?

    1. John G Imrie Silver badge

      when are people gonna priorities Security over time to market?

      When the cost of not fixing the security hole rises above the cost of fixing it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019