sirikon

Just saw the video and was wondering... The fact that the caching server works just like this, without any advanced configuration on the end machines (using Steam to download the games), isn't itself a security problem? This seems to work because the requests made to download steam games are using HTTP, not HTTPS. This means that anyone could make a MitM attack and replace the game we're downloading with some malicious software. Or, as the DNS configuration was made on the entire network/computer, any information downloaded using http could be affected. The difference here is that we're just trusting the server we just built... but anyone could do this in a Lan Party or Cybercafe without us noticing at all and doing some bad stuff. I think that Steam and many other providers should enforce HTTPS always, including game (software) downloads. This way, this server cache wouldn't work without some configuration on the machines using Steam (installing a trusted certificate provided by the Lan Party host) but the security overall would improve.