Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
spartaman64

researcher publishes second steam 0 day, valve doesn't care

Recommended Posts

Posted · Original PosterOP
Quote

A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn't do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform.

Quote

Security researchers and regular Steam users alike are mad because Valve refused to acknowledge the reported issue as a security flaw, and declined to patch it.

When the security researcher -- named Vasily Kravets-- wanted to publicly disclose the vulnerability, a HackerOne staff member forbade him from doing so, even if Valve had no intention of fixing the issue -- effectively trying to prevent the researcher from letting users know there was a problem with the Steam client at all.

Kravets did eventually publish details about the Steam zero-day, which was an elevation of privilege (also known as a local privilege escalation) bug that allowed other apps or malware on a user's computer to abuse the Steam client to run code with admin rights.

Quote

Valve did eventually ship a fix, more as a reaction to all the bad press the company was getting.

The patch was almost immediatelly proved to be insufficient, and another security researcher found an easy way to go around it almost right away.

Quote

Today, Kravets published details about a second Valve zero-day, which is another EoP/LPE in the Steam client, allowing malicious apps to gain admin rights through Valve's Steam app. Demos of the second Steam zero-day are embedded below, and a technical write-up is available on Kravets' site.

https://amonitoring.ru/article/onemore_steam_eop_0day/

Quote

All of Valve's problems seem to come from the fact that the company has placed EoP/LPE vulnerabilities as "out-of-scope" for its HackerOne platform, meaning the company doesn't view them as security issues.

Nelson, a security researcher who has made a name for himself for finding a slew of interesting bugs in Microsoft products, doesn't agree with Valve's decision.

Quote

EoP/LPE vulnerabilities can't allow a threat actor to hack a remote app or computer. They are vulnerabilities abused during post-exploitation, mostly so attackers can take full control over a target by gaining root/admin/system rights.

While Valve doesn't consider these as security flaws, everyone else does. For example, Microsoft patches tens of EoP/LPE flaws each month, and OWASP considers EoP/LPE as the fifth most dangerous security flaw in its infamous Top 10 Vulnerabilities list.

By refusing to patch the first zero-day, Valve inadvertantly sent a message out that it doesn't care about the security of its product, putting the company's 100+ million Windows users in danger just by having the Steam client installed on their computers.

Sure! Valve is right, in its own way. An attacker can't use an EoP/LPE to break into a Steam user's client. That's a fact. But, that's not the point.

source: https://www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/

 

tl;dr: valve doesn't care about security flaws their steam client causes as long as it doesn't help in an initial break in.

This is like saying as long as something can't help in starting a fire its not a fire hazard. Maybe OSHA should go investigate valve's offices if this is how they view things. Combating viruses isn't just about preventing them from getting in but also limiting what they can do when they do get in. Just like fire hazards are not just stuff that can cause a fire to break out but also what might contribute to the fire getting worse or preventing people from escaping the building. It feels like over the years valve is becoming more and more lazy and complacent and I guess that's what happens when you become essentially a monopoly. As much as I don't like some of epic's philosophy this changed my mind about them a little and showed me that we need them to compete with steam. 

Link to post
Share on other sites
3 minutes ago, emosun said:

wait a minute.... you're saying valve are a bunch self absorbed buttheads that only care about money?

giphy.gif

Noooooo, Valve good, Epic bad, don't you get it?

2 minutes ago, VegetableStu said:

kinda wonder if they treat this like how they treat steam support ._.

They don't even bother responding to support tickets


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, rcmaehl said:

https://nvd.nist.gov/vuln/detail/CVE-2019-14743

their fix can still be bypassed and the researcher is still banned so until valve backs it up with some action its just empty PR speak

Link to post
Share on other sites

Welcome to modern Valve, where Team Fortress 2 sits without updates for two months or more, where CS:GO hasn't had an Operation in over two years and the Steam client re-do is perpetually stuck in development hell. You know, just like any Valve product.


Local dickhead and VHS collector. Voted Most Offensive and Most Idiotic 5 Years in a Row!

Volume / Normalized 100% / 100% (content loudness -0.1dB)

 

 

@handymanshandle x @pinksnowbirdie | Jake x Brendan :^

moo floof enthusiast, pm me moo rabbit pics

Link to post
Share on other sites
1 hour ago, ThePD said:

But I thought Steam Good, Epic games bad!

With Epic (10 cent) we are knowingly allowing ourselves to be monitored at a Admin level. 


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MS30 M.2 SATA III, CoolerMaster HAF XM Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Viotek GN24C 24" 1080p 144hz curved and Hannspree HF207 as 2nd monitor

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out (getting its facelift as of June 2020 have new air cooler, drives etc.  About 60% finished.  Will no longer be a closed loop system.  Slight update, upgraded to larger SSD, and air cooling installed Arctic Alpine cooler.

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, Corsair H100i GTX 240mm AIO w/ 12mm thick fans to fit in top exhaust, 256gb TIMETEC SSD, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman gaming mouse

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV 

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 4gb ram tinker toy at the moment.  Running Manjaro XFCE at the moment.

Home Security: ZOSI 8 channel CCTV (4 used at this time, 1080p) DVR H.265+, 3tb HGST Enterprise HDD, ASUS monitor for display

Link to post
Share on other sites
4 hours ago, Dan Castellaneta said:

Welcome to modern Valve, where Team Fortress 2 sits without updates for two months or more, where CS:GO hasn't had an Operation in over two years and the Steam client re-do is perpetually stuck in development hell. You know, just like any Valve product.

Its because Valve doesn't have traditional team orginization or managers or anyone that actually tells employees what to do. I can't find it right now, but there was an article not too long where a reporter for a DOTA-based site got to tour Valve and they had all of five people running the entirety of Steam. Any, or all, of those five people were free to take their desk and go join another team the moment they stopped being interested in working on Steam.

 

4 hours ago, Tristerin said:

With Epic (10 cent) we are knowingly allowing ourselves to be monitored at a Admin level. 

Going to need some proof to back that statement up. As much as people cry "spy program" with EGS there is very little actual data to back it up. And don't give me the "but China" excuse. Tencent has a minority share in Epic, they do not own the company. If Tencent were in charge of everything I'd imagine EGS would actually be a half-way decent application by this point since at least Tencent has people that actually know what they're doing.

Link to post
Share on other sites
27 minutes ago, Derangel said:

Its because Valve doesn't have traditional team orginization or managers or anyone that actually tells employees what to do. I can't find it right now, but there was an article not too long where a reporter for a DOTA-based site got to tour Valve and they had all of five people running the entirety of Steam. Any, or all, of those five people were free to take their desk and go join another team the moment they stopped being interested in working on Steam.

 

Going to need some proof to back that statement up. As much as people cry "spy program" with EGS there is very little actual data to back it up. And don't give me the "but China" excuse. Tencent has a minority share in Epic, they do not own the company. If Tencent were in charge of everything I'd imagine EGS would actually be a half-way decent application by this point since at least Tencent has people that actually know what they're doing.

They scrape the shit out of my system for information.  You too have the internet, go, research.  People a lot smarter than I watched the web traffic, root scrapes, etc and have all linked the information and its available for you too - if you want to know about it.  

 

But as I already said - Im cool with it cause free games, and secure banking /shrug


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MS30 M.2 SATA III, CoolerMaster HAF XM Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Viotek GN24C 24" 1080p 144hz curved and Hannspree HF207 as 2nd monitor

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out (getting its facelift as of June 2020 have new air cooler, drives etc.  About 60% finished.  Will no longer be a closed loop system.  Slight update, upgraded to larger SSD, and air cooling installed Arctic Alpine cooler.

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, Corsair H100i GTX 240mm AIO w/ 12mm thick fans to fit in top exhaust, 256gb TIMETEC SSD, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman gaming mouse

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV 

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 4gb ram tinker toy at the moment.  Running Manjaro XFCE at the moment.

Home Security: ZOSI 8 channel CCTV (4 used at this time, 1080p) DVR H.265+, 3tb HGST Enterprise HDD, ASUS monitor for display

Link to post
Share on other sites
1 minute ago, Tristerin said:

They scrape the shit out of my system for information.  You too have the internet, go, research.  People a lot smarter than I watched the web traffic, root scrapes, etc and have all linked the information and its available for you too - if you want to know about it.  

C'mon dude, you should know how this works - no one is asking you to do the packet sniffing or traffic captures yourself. But if you're aware of the situation, you should be able to fairly easily grab a source that did go through the research that confirms what you're saying.

 

You're effectively saying "do your own research". You made a claim, you back it up.

 

For the record, I wouldn't be surprised if you're right. But post a source that confirms it, or else it's just something some guy said on the internet.

 


For Sale - iPhone SE 32GB - Unlocked - Rose GoldSold

Spoiler

 

 

* Intel i7-4770K * ASRock Z97 Anniversary * 16GB RAM * 750w Seasonic Modular PSU *

* Crucial M4 128GB SSD (Primary) * Hitachi 500GB HDD (Secondary) *

* Gigabyte HD 7950 WF3 * SATA Blu-Ray Writer * Logitech g710+ * Windows 10 Pro x64 *

 

Link to post
Share on other sites
Just now, dalekphalm said:

C'mon dude, you should know how this works - no one is asking you to do the packet sniffing or traffic captures yourself. But if you're aware of the situation, you should be able to fairly easily grab a source that did go through the research that confirms what you're saying.

 

You're effectively saying "do your own research". You made a claim, you back it up.

 

For the record, I wouldn't be surprised if you're right. But post a source that confirms it, or else it's just something some guy said on the internet.

 

Just as easy for them to use Google and the vast wealth of information available to them at their fingertips, Im doing other stuff that are more important to me than debating the logs and hashes from individuals on the internet and trying to convince someone to trust these sources.  Again, all of its out there especially on reddit - and its my conclusion that its a spyware - and I morally don't care would rather have free games ;)

 

 

 


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MS30 M.2 SATA III, CoolerMaster HAF XM Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Viotek GN24C 24" 1080p 144hz curved and Hannspree HF207 as 2nd monitor

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out (getting its facelift as of June 2020 have new air cooler, drives etc.  About 60% finished.  Will no longer be a closed loop system.  Slight update, upgraded to larger SSD, and air cooling installed Arctic Alpine cooler.

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, Corsair H100i GTX 240mm AIO w/ 12mm thick fans to fit in top exhaust, 256gb TIMETEC SSD, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman gaming mouse

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV 

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 4gb ram tinker toy at the moment.  Running Manjaro XFCE at the moment.

Home Security: ZOSI 8 channel CCTV (4 used at this time, 1080p) DVR H.265+, 3tb HGST Enterprise HDD, ASUS monitor for display

Link to post
Share on other sites

@dalekphalm re-read that and it sounds douche - so wanted to explain - Im back and forth afk with limited time and trying to learn Manjaro with the time I have today (and also kill time between downloads on this forum)


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MS30 M.2 SATA III, CoolerMaster HAF XM Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Viotek GN24C 24" 1080p 144hz curved and Hannspree HF207 as 2nd monitor

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out (getting its facelift as of June 2020 have new air cooler, drives etc.  About 60% finished.  Will no longer be a closed loop system.  Slight update, upgraded to larger SSD, and air cooling installed Arctic Alpine cooler.

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, Corsair H100i GTX 240mm AIO w/ 12mm thick fans to fit in top exhaust, 256gb TIMETEC SSD, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman gaming mouse

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV 

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 4gb ram tinker toy at the moment.  Running Manjaro XFCE at the moment.

Home Security: ZOSI 8 channel CCTV (4 used at this time, 1080p) DVR H.265+, 3tb HGST Enterprise HDD, ASUS monitor for display

Link to post
Share on other sites
1 minute ago, Tristerin said:

Just as easy for them to use Google and the vast wealth of information available to them at their fingertips, Im doing other stuff that are more important to me than debating the logs and hashes from individuals on the internet and trying to convince someone to trust these sources.  Again, all of its out there especially on reddit - and its my conclusion that its a spyware - and I morally don't care would rather have free games ;)

Again if it's all out there on Reddit, you should find the thread and post it as your source. It's not anyone else's job to do your own research for you but your own, or to confirm what you say is correct.

 

And whether you care or not is totally okay and your own choice - each person will have to make their own mind up about whether to trust the software or whether they care about the potential privacy issues.


For Sale - iPhone SE 32GB - Unlocked - Rose GoldSold

Spoiler

 

 

* Intel i7-4770K * ASRock Z97 Anniversary * 16GB RAM * 750w Seasonic Modular PSU *

* Crucial M4 128GB SSD (Primary) * Hitachi 500GB HDD (Secondary) *

* Gigabyte HD 7950 WF3 * SATA Blu-Ray Writer * Logitech g710+ * Windows 10 Pro x64 *

 

Link to post
Share on other sites
Just now, Tristerin said:

@dalekphalm re-read that and it sounds douche - so wanted to explain - Im back and forth afk with limited time and trying to learn Manjaro with the time I have today (and also kill time between downloads on this forum)

Oh okay - well, I want to apologize for how my post may come off as well.

 

I get that you're busy, and IRL stuff is frankly more important than LTT. But when you've got some down time, I'm sure we'd all appreciate a link to one of those Reddit posts where someone goes through and shows why the EGS client is spyware.

 

That's definitely good info to know.


For Sale - iPhone SE 32GB - Unlocked - Rose GoldSold

Spoiler

 

 

* Intel i7-4770K * ASRock Z97 Anniversary * 16GB RAM * 750w Seasonic Modular PSU *

* Crucial M4 128GB SSD (Primary) * Hitachi 500GB HDD (Secondary) *

* Gigabyte HD 7950 WF3 * SATA Blu-Ray Writer * Logitech g710+ * Windows 10 Pro x64 *

 

Link to post
Share on other sites
7 hours ago, ThePD said:

But I thought Steam Good, Epic games bad!

DRM bad!


Specs: CPU - Intel i7 8700K @ 5GHz | GPU - Gigabyte GTX 970 G1 Gaming | Motherboard - ASUS Strix Z370-G WIFI AC | RAM - XPG Gammix DDR4-3000MHz 32GB (2x16GB) | Main Drive - Samsung 850 Evo 500GB M.2 | Other Drives - 7TB/3 Drives | CPU Cooler - Corsair H100i Pro | Case - Fractal Design Define C Mini TG | Power Supply - EVGA G3 850W

Link to post
Share on other sites
7 hours ago, spartaman64 said:

researcher publishes second steam 0 day, valve doesn't care

Incorrect. Both the vulnerabilities have already been fixed and Valve did address this whole debacle.

 

https://arstechnica.com/information-technology/2019/08/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake/

 

EDIT: Oh, I completely missed that others had already posted the same link.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
Posted · Original PosterOP
35 minutes ago, WereCatf said:

Incorrect. Both the vulnerabilities have already been fixed and Valve did address this whole debacle.

 

https://arstechnica.com/information-technology/2019/08/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake/

 

EDIT: Oh, I completely missed that others had already posted the same link.

their fix for the first 0 day was faulty so idk if they revised it or they are still sticking with it and considering it "fixed" and the second one is still untested. also the researcher is still banned so until their fix is tested to make sure they didnt half ass it again and they unban the researcher the statement still stands. ill edit it out when we get confirmation from the researcher saying its resolved to a satisfactory degree. talk is cheap we need proof of action from steam.

 

edit: also why does the national vulnerability database still say that they dispute the significance of the vulnerability

Link to post
Share on other sites
1 minute ago, spartaman64 said:

also the researcher is still banned

That's apparently HackerOne's doing, though. At least my understanding is that Valve didn't tell them to ban him. It's a pretty shitty deal, the whole damn thing, and HackerOne ain't making themselves look good at all.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
Posted · Original PosterOP
Just now, WereCatf said:

That's apparently HackerOne's doing, though. At least my understanding is that Valve didn't tell them to ban him. It's a pretty shitty deal, the whole damn thing, and HackerOne ain't making themselves look good at all.

and they can also tell them to unban him right? they are their customer they can tell them how to run the bug bounty program for steam

Link to post
Share on other sites
1 minute ago, spartaman64 said:

and they can also tell them to unban him right? they are their customer they can tell them how to run the bug bounty program for steam

I can't say that I know how much Valve has over banning/unbanning people as a customer since banning/unbanning someone most likely comes from HackerOne's own policies. I mean, Valve is a customer and they make the guidelines on what they want/don't want HackerOne to forward to them, but does Valve have a say in how HackerOne polices their own forums? I doubt it.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×