Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

39. You are wrong again. Oct 17, 2012, 20:26 hb3d
hb3d wrote on Oct 17, 2012, 19:41:
Glad to see you're good on the fear mongering 101 though.
It's not fear mongering. It is the truth. This exploit can allow remote code execution, and since it can, there is virtually no limit to what it can do.

Steam url's aren't scripted.
They can be. A website can script the URL's to execute in the browser without clicking on anything, i.e. redirection.

See "Aside from tricking users to manually click on rogue steam:// URLs, attackers can use JavaScript code loaded on malicious pages to redirect browsers to such URLs, Luigi Auriemma said Tuesday via email."

I have followed Luigi's work in game hacking for over ten years. He has reported the vulnerabilities he finds in games to companies like Epic and id for years, and they have been subsequently fixed. When he says something about games and exploits, it is the truth.

Even someone from h-online figured that one out. "disabling the steam:// handler will disable or severely limit this vulnerability."
I said the same thing below. The problem is that Steam will restore that functionality when it launches or automatically updates.

This comment was edited on Oct 17, 2012, 21:02.
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.


Blue's News logo