Website Finds Chink In Steam's Security Armour

Ars Technica's Kyle Orland recently found a security issue with Valve's online marketplace, Steam. "Out of respect for the privacy of Steam's more than 50 million users", Ars didn't immediately publish the article. Instead, it contacted Valve.

Barely three hours after being notified, the exploit had been fixed. That's fast. But what's really interesting is that Valve kept its mouth shut the entire time, neither commenting on the site or even publicly admitting that the exploit had been discovered.

The full piece on Ars details how the exploit was discovered and how easy it was to do, while also raising the point that by keeping quiet on the matter Valve is potentially discouraging further acts of voluntary "white hat" security existence.

HTML holes exposed sensitive data for "private" Steam user accounts [Ars Technica]


Comments

    Will it discourage other acts of White Hat? Maybe. But remember this is the interwebz. Where malicious sentiment outnumbers positive sentiment 100 million to 1. If a service like Steam opens up about security issues like this, they'll be practically be inviting groups like the one that took down Sony to take a shot at them. Though haven't Steam rewarded White Hatters who've informed them of exploits in the past? I know Apple has a policy of threatening or pressing charges against them...

      I thought most did it for the sake of improving security, not rewards or recognition. I am failing to really see what Valve did wrong here. Someone notified them of a security problem, and in a scant handful of hours, it was fixed. Isn't this the desired result?

    Doesn't every security system have its flaws?

    Last edited 08/02/13 9:34 am

    I would bet someone out there reads Chink and thinks of the derogatory term for Chinese.

    Then it would be an expectation that the article is about a Chinese person in a physical armor that secures the Valve/Steam office.

    Last edited 08/02/13 10:32 am

Join the discussion!

Trending Stories Right Now