Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

19. This goes way beyond being a browser exploit. Oct 17, 2012, 17:07 hb3d
 
Mashiki Amiketo wrote on Oct 17, 2012, 13:24:
Looking at this a bit more, it appears that unless you've been able to compromise the machine before hand and lay a batch file(and know what games are installed). This is pretty much useless, so if someone has already compromised the machine that far. You've got other things to worry about than steam urls.

Though I might have missed something.
You missed a lot. Read the whole article (slowly for you) on Computerworld. This goes way beyond being a browser exploit. The browser is just used an attack vector into the Steam client itself and Source engine games. See "The researchers released a video in which they demonstrate how steam:// URLs can be used to remotely exploit some vulnerabilities they found in the Steam client and popular games." Valve's wonderful security triumphs again. I wonder if we will see Half-Life 3 source code soon.

In a different example, a steam:// URL can be used to execute legitimate commands found in Valve's Source game engine in order to write a .bat file with attacker-controlled content inside of Windows Startup folder. Files located in the Windows Startup directory are automatically executed when users log in.
That is really, really bad. As bad or worse than that Uplay exploit everyone bashed Ubisoft over (but not the researcher who found the exploit, hypocrites), but was fixed in a day or less. At least that exploit only affected users with the installed plug-in. This attack affects all browsers and Steam client users and since it can be scripted with Javascript, it is relatively easy to implement and get past the user especially on some browsers and settings.

This comment was edited on Oct 17, 2012, 18:08.
 
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

Blue's News logo