Security Company Finds Chink In Steam's Armour

Of course, an online security company has a vested interest in pointing out security loopholes, but still, this makes for interesting reading.

Revuln has taken a look at how Steam runs and has found a tiny security loophole in the way the Steam browser protocol uses a URL handler to perform basic tasks like installing and executing games.

Seems Apple's Safari can run these commands without the user knowing, meaning attackers could potentially use the browser as a means of sliding in and compromising all kinds of games.

I know, Safari, but a hole is a hole, and the way Revuln found it and detail it is pretty good reading.

STEAM BROWSER PROTOCOL INSECURITY [Revuln, via PC Gamer]

WATCH MORE: PC Gaming News


Comments

    Safari..... That guy did a great job finding that loophole. No MAC users are that smart.

      Big words from the guy that doesn't know Mac isn't an acronym.

        2/10 apply yourself

        You mean that he isn't talking about the Media Access Control Addresses?

    Very clever!

    Though to be fair the attack relies on the insecurity of another parties product [ie: safari]. It isn't a gaping hole which lets anyone into the steam infrastructure.

    But good to know this is all which has been uncovered, especially after the incident last year where some of their databases were breached externally.... I'd almost forgotten about that actually :s

    The title is racist omg *shock horror* everybody freak out

      This. There are tonnes and tonnes of normal English words with acquired racist connotations. Taking it out of context is ridiculous and immature.

        I still find it amusing we have a cheese brand named "Coon".

          do they still make Red skins candy?

          Given that it is named after its creator Edward Coon there is nothing racist about it.

    You do realise that the phrase "chink in one's armour" is a VERY old medieval phrase that PRE-DATES the racial use of the word? In fact, I had to read the title multiple times until I noticed it because, you know what, I read the title IN CONTEXT to the article.

    People these days have such a "politically correct agenda", it really does scare me.

    As for the article, it was a good read. I like these kind of technical articles.

    So you guys did read the paper right? Whilst the risk is there, who clicks on links they don't trust?

      Mac users who believe they are immune to getting a virus? :P

Join the discussion!

Trending Stories Right Now