Jump to content


Google Me This: Zero-Day in Steam Client

Windows Bug vulnerability attacker bug

  • Please log in to reply
16 replies to this topic

Ace_BOTlistic_Cosmo #1 Posted 16 August 2019 - 04:12 AM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

If you use Steam, you might want to read this.

jus' sayin'

Gamers Beware: Zero-Day in Steam Client Affects All Windows Users

https://threatpost.c...windows/147225/

 


if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


Stygian_Alchemist #2 Posted 16 August 2019 - 04:41 AM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018

Oh noes, everyone better stock up on the tinfoil. 

 

 

Make sure to jam it between the RJ-45 and your network card or if you're wireless... use LEAD foil and make sure to entirely cover your router.

 

 

 


Edited by Stygian_Alchemist, 16 August 2019 - 04:53 AM.


CorvusCorvax #3 Posted 16 August 2019 - 05:01 AM

    Captain

  • Member
  • 4238 battles
  • 4,311
  • [OWSS] OWSS
  • Member since:
    01-26-2012

View PostStygian_Alchemist, on 16 August 2019 - 04:41 AM, said:

Oh noes, everyone better stock up on the tinfoil. 

 

 

Make sure to jam it between the RJ-45 and your network card or if you're wireless... use LEAD foil and make sure to entirely cover your router.

 

 

 

Did you actually read the article? 

 

Well, I have used Steam for years, and the article convinced me that I need to do at least one thing:  prevent Steam from auto-starting when I light up my PC.  While I only use Steam to run Valve games (and two Bethesda games, now that I think about it), not having an exploit-ready piece of software running all the time might be good.

 

Sort of like killing the Wargaming processes after I get out of the game - the ones that run even after the game is closed.



Stygian_Alchemist #4 Posted 16 August 2019 - 05:10 AM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018

View PostCorvusCorvax, on 15 August 2019 - 11:01 PM, said:

Did you actually read the article? 

 

Well, I have used Steam for years, and the article convinced me that I need to do at least one thing:  prevent Steam from auto-starting when I light up my PC.  While I only use Steam to run Valve games (and two Bethesda games, now that I think about it), not having an exploit-ready piece of software running all the time might be good.

 

Sort of like killing the Wargaming processes after I get out of the game - the ones that run even after the game is closed.

Yes. I've read the article, multiple on the subject before this. I've also read the supposed exploit, valve's response, etc. and I'm not exactly what you would call concerned by any measure.

It's a good click-bait title and supposition though and the game industry doesn't get much these days that can pull eyeballs away from other things in the news. The article supposes validity of the bug in the first place though and that's a failure in journalism. There's a reason every reputable site dealing with it has said "claims" and "possible" and etc. regarding it. No one else has duplicated it and it hasn't been peer-reviewed in any sense. Nor has anyone actually managed to use it in a real world situation. There are plenty of vulnerabilities in lots of code.. that are impossible to exploit for various other reasons that have nothing to do with whether that specific part is vulnerable. 

She also took the journalism of others and re-rolled it into an inflammatory article, that's why at the end she admits that she had reached out and neither had contacted her back. :P 


Edited by Stygian_Alchemist, 16 August 2019 - 05:16 AM.


Ace_BOTlistic_Cosmo #5 Posted 16 August 2019 - 12:43 PM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

View PostStygian_Alchemist, on 15 August 2019 - 11:41 PM, said:

Oh noes, everyone better stock up on the tinfoil. 

 

 

Make sure to jam it between the RJ-45 and your network card or if you're wireless... use LEAD foil and make sure to entirely cover your router.

 

 

Spoiler

 

wow,

jus sayin'

here is a google search on firefox browser:

"Zero-Day in Steam Client"

https://www.google.com/search?client=firefox-b-1-d&q=Zero-Day+in+Steam+Client

 

take a look,

every website based on internet safety has written an article regarding this...

not just this "girl for clickbait"... whatever the hell that means

but, I know I also have been reading about this since early summer

I don't claim to know the exploits and the vulnerabilities

but,

it's making it way back into the news cycle which could mean something

or not, I dunno

I didn't mean to offend your sensibilities...

I was trying to informing other, more sensible people

jus' saying... wow


Edited by Ace_BOTlistic_Cosmo, 16 August 2019 - 12:44 PM.

if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


Ace_BOTlistic_Cosmo #6 Posted 16 August 2019 - 12:59 PM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

here...

they know more than me

arstechnica.com

https://arstechnica.com/gaming/2019/08/severe-local-0-day-escalation-exploit-found-in-steam-client-services/


if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


Stygian_Alchemist #7 Posted 16 August 2019 - 03:27 PM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018
HackerOne's response is spot on. It's just not really an issue. Your phone is more insecure than Steam. Frankly. Tried their little exploit.. gee.. would you look at that... requires you to put files on the computer or have access to regedit :P They claim that a malicious dev could just pop a game on the steam platform and do whatever.. yet.. there's no proof of this and there's no usage of the exploit in the wild. They also broke protocol, period for infosec work and admit this while saying they are justified even though Valve itself, per their own admittance, had not yet responded and still had 45 days per normal industry standards to do so. Feels and smells like someone looking for 5 seconds of blipdom and not much else to me. 

I can claim I'm the real heir to the throne of Britain.. might even be true in some sense.. doesn't mean it meshes with the reality of how things actually work.

Your concern is appreciated, but I laugh when I see most reports like this after having been in and out of IT for most of two decades. Lots of "zero day exploits" (and doesn't that phrase just sound terrifying even though it's just an overused buzzword) exist in lots of other code. Your OS has a few laying around in it if you're running Windows of any flavor. Exploits vs. used/usable exploits are two different things. Similarly someone long ago did a proof of concept virus out of a GIF, to my knowledge its never been a really "usable" vector and we all constantly use GIFs. :)

Ace_BOTlistic_Cosmo #8 Posted 16 August 2019 - 11:21 PM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

View PostStygian_Alchemist, on 16 August 2019 - 10:27 AM, said:

HackerOne's response is spot on. It's just not really an issue. Your phone is more insecure than Steam. Frankly. Tried their little exploit.. gee.. would you look at that... requires you to put files on the computer or have access to regedit :P They claim that a malicious dev could just pop a game on the steam platform and do whatever.. yet.. there's no proof of this and there's no usage of the exploit in the wild. They also broke protocol, period for infosec work and admit this while saying they are justified even though Valve itself, per their own admittance, had not yet responded and still had 45 days per normal industry standards to do so. Feels and smells like someone looking for 5 seconds of blipdom and not much else to me. 

I can claim I'm the real heir to the throne of Britain.. might even be true in some sense.. doesn't mean it meshes with the reality of how things actually work.

Your concern is appreciated, but I laugh when I see most reports like this after having been in and out of IT for most of two decades. Lots of "zero day exploits" (and doesn't that phrase just sound terrifying even though it's just an overused buzzword) exist in lots of other code. Your OS has a few laying around in it if you're running Windows of any flavor. Exploits vs. used/usable exploits are two different things. Similarly someone long ago did a proof of concept virus out of a GIF, to my knowledge its never been a really "usable" vector and we all constantly use GIFs. :)

agreed...

but, that one time...

is the one we always remember

and damn it pisses us off when it gets us

:sceptic:


if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


Stygian_Alchemist #9 Posted 16 August 2019 - 11:46 PM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018

View PostAce_BOTlistic_Cosmo, on 16 August 2019 - 05:21 PM, said:

agreed...

but, that one time...

is the one we always remember

and damn it pisses us off when it gets us

:sceptic:

Fair, I think the last time something took down a system of mine was the code red fiasco under WinXP. It's been a -long- time. Partly because I'm paranoid about security and partly because just following intelligent practices will usually catch the things that are known about. It's the exploits that aren't published that worry me and the security at Valve on -their- servers that seems a greater worry.. considering the # of public companies that have lost millions of users' data. Since I can't control either of those things, I just go with best security practices and an image of my HDD every month or so "just in case". All of which is automated at this point because I'm lazy and there are so many ways to make it all thoughtless in terms of managing recovery of the system to a usable state. Personal data/info of course is always a worry, but again.. more concerned that my e-mail, or my steam account itself would be compromised than this. As both of those are more likely from -my- view. Mostly just offering that up here along with my critique of the purported exploit and the breach of infosec industry general protocol.

My initial response post was admittedly perhaps overly cheeky while I half asleep and just grumbling about the click-baity headline and buzzword heavy writing that makes it sound far scarier than it -actually- is. I think that makes sense? So I apologize if it came across as -overly- dismissive.



Captain_Underpants53 #10 Posted 17 August 2019 - 12:20 AM

    Captain

  • Member
  • 23480 battles
  • 3,349
  • [A-S-S] A-S-S
  • Member since:
    04-17-2017
:medal:
MSgt, USAF, (ret)

Ace_BOTlistic_Cosmo #11 Posted 17 August 2019 - 01:17 AM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

View PostStygian_Alchemist, on 16 August 2019 - 06:46 PM, said:

Fair, I think the last time something took down a system of mine was the code red fiasco under WinXP. It's been a -long- time. Partly because I'm paranoid about security and partly because just following intelligent practices will usually catch the things that are known about. It's the exploits that aren't published that worry me and the security at Valve on -their- servers that seems a greater worry.. considering the # of public companies that have lost millions of users' data. Since I can't control either of those things, I just go with best security practices and an image of my HDD every month or so "just in case". All of which is automated at this point because I'm lazy and there are so many ways to make it all thoughtless in terms of managing recovery of the system to a usable state. Personal data/info of course is always a worry, but again.. more concerned that my e-mail, or my steam account itself would be compromised than this. As both of those are more likely from -my- view. Mostly just offering that up here along with my critique of the purported exploit and the breach of infosec industry general protocol.

My initial response post was admittedly perhaps overly cheeky while I half asleep and just grumbling about the click-baity headline and buzzword heavy writing that makes it sound far scarier than it -actually- is. I think that makes sense? So I apologize if it came across as -overly- dismissive.

huh...
are you hitting on me...

I'm happily married and old enough to be your dad...

hehe...

I love you too

:hiding:

 


if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


Captain_Underpants53 #12 Posted 17 August 2019 - 01:42 AM

    Captain

  • Member
  • 23480 battles
  • 3,349
  • [A-S-S] A-S-S
  • Member since:
    04-17-2017

View PostAce_BOTlistic_Cosmo, on 16 August 2019 - 08:17 PM, said:

huh...
are you hitting on me...

I'm happily married and old enough to be your dad...

hehe...

I love you too

:hiding:

 


:medal:

 

I think you're old enough to be my dad!


MSgt, USAF, (ret)

Stygian_Alchemist #13 Posted 18 August 2019 - 03:29 AM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018

View PostCaptain_Underpants53, on 16 August 2019 - 07:42 PM, said:


:medal:

 

I think you're old enough to be my dad!

Are you saying Ace is your Father? Do we need to get you two on Maury? I'd throw a 5 spot toward that show.



Stygian_Alchemist #14 Posted 18 August 2019 - 03:37 AM

    First Lieutenant

  • Member
  • 11064 battles
  • 2,104
  • [A-S-S] A-S-S
  • Member since:
    10-08-2018

View PostAce_BOTlistic_Cosmo, on 16 August 2019 - 07:17 PM, said:

huh...
are you hitting on me...

I'm happily married and old enough to be your dad...

hehe...

I love you too

:hiding:

 

Tell your Wife I said thanks for taking one for the team!!! :medal::medal:

In all seriousness.. you're an odd grinch mister duck 
It's a good thing you're on our side.
Or else the world... boom.
ya know?
like manbearpig 

it's ok to blow kisses with the wrong end of your intestines

YANKEE DOODLE DO OR DIE! 


And now, back to your regularly scheduled programming.

 


Edited by Stygian_Alchemist, 18 August 2019 - 03:38 AM.


Four_Leaf_Tayback #15 Posted 18 August 2019 - 03:54 AM

    Senior Master Sergeant

  • Member
  • 352 battles
  • 142
  • Member since:
    06-28-2017

"We call them caboose whistles" *

 

Name the book and you get a cookie.   

 

 


Saving my last two forum warnings since July 31, 2019.  

Ace_BOTlistic_Cosmo #16 Posted 18 August 2019 - 05:04 PM

    Captain

  • Member
  • 1174 battles
  • 4,730
  • [3NIC] 3NIC
  • Member since:
    01-26-2014

she's telling me she likes me too...

friend code

:trollface:


if the pilot's good, see, I mean, if he's really..sharp, he can barrel that baby in so low [he spreads his arms like wings and laughs],

you oughtta see it sometime, it's a sight. A big plane like a '52. VRROOM! There's jet exhaust, fryin' chickens in the barnyard.


trikke #17 Posted 19 August 2019 - 01:34 AM

    Captain

  • Member
  • 3520 battles
  • 3,435
  • [R-A-W] R-A-W
  • Member since:
    01-26-2012

View PostFour_Leaf_Tayback, on 17 August 2019 - 11:54 PM, said:

"We call them caboose whistles" *

 

Name the book and you get a cookie.   


To Kill a Mockingbird?


Spittoon says #smarterpilotswinmore




1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users