DreamPirates DreamPirates

Widely-publicized Steam Invite hack has been fixed

Author : jeraldinehambly
Publish Date : 2021-04-19 11:31:31
Widely-publicized Steam Invite hack has been fixed

After two years, Valve has patched the critical remote code execution exploit disclosed by @floesen_

Early last week a non-profit group dedicated to software reverse-engineering publicly announced that a dangerous exploit it had found in the Steam backend had gone unfixed for nearly two years, and worse, Valve was allegedly attempting to prevent them from publicly disclosing its existence. The exploit, involving Steam Invites, allegedly allowed a hacker to gain full control of a victim's system via a remote code execution.

Members of Secret Club, the non-profit organization that found the exploit, went public on Twitter about its existence after Valve had not taken action to fix the exploit for two years since Secret Club had notified it about the problem.

White-hat hacker and software reverse-engineer communities often find exploits in software and report those discreetly to companies. They're often paid for that work through so-called "bug bounty" programs and organizations like HackerOne, however in this case the bounty program was widely perceived as a shield that let the exploit go unfixed: If the good guy discloses the bug they found publicly to try and get it fixed, the reward is put at risk.

The original finder of the exploit has confirmed the fix and says Valve has provided them with permission to disclose details. They are working on a detailed technical writeup for release in the future.

Good news! Valve fixed my recent exploit and gave me permissions to disclose details. That being said, I am working on a detailed technical write-up which I am going to release soon. 

Public concern has now moved to other alleged Source Engine exploits reported by Secret Club which have gone unfixed. These include a Team Fortress 2 community server exploit and two separate CS:GO RCE exploits.
After two years, Valve has patched the critical remote code execution exploit disclosed by @floesen_

Early last week a non-profit group dedicated to software reverse-engineering publicly announced that a dangerous exploit it had found in the Steam backend had gone unfixed for nearly two years, and worse, Valve was allegedly attempting to prevent them from publicly disclosing its existence. The exploit, involving Steam Invites, allegedly allowed a hacker to gain full control of a victim's system via a remote code execution.

Members of Secret Club, the non-profit organization that found the exploit, went public on Twitter about its existence after Valve had not taken action to fix the exploit for two years since Secret Club had notified it about the problem.

White-hat hacker and software reverse-engineer communities often find exploits in software and report those discreetly to companies. They're often paid for that work through so-called "bug bounty" programs and organizations like HackerOne, however in this case the bounty program was widely perceived as a shield that let the exploit go unfixed: If the good guy discloses the bug they found publicly to try and get it fixed, the reward is put at risk.

The original finder of the exploit has confirmed the fix and says Valve has provided them with permission to disclose details. They are working on a detailed technical writeup for release in the future.
 

 

https://sites.google.com/view/pes2020freecoinsg/home
https://sites.google.com/view/pes2020freecoinsge/home
https://sites.google.com/view/pes2020coinsgenerator/home
https://sites.google.com/view/pes2020unlimitedfreecoinsgener/home
https://sites.google.com/view/pes2020frecoins/home



Category : world

SPAANK The Virtuoso Full HD 720p Online BRRip Home RAGBRAI

SPAANK The Virtuoso Full HD 720p Online BRRip Home RAGBRAI

- A lonesome stranger with nerves of steel must track down and kill a rogue hitman to satisfy an outstanding debt. But the only information hes been given


Tips For Choosing the Right Racking System Manufacturer

Tips For Choosing the Right Racking System Manufacturer

- Accountancy service firms offer a complete range of services from preparing payroll to processing payments to managing accounting procedures and documentati


Guidelines and Tricks For An Effective Symantec 250-556 Exam Preparation

Guidelines and Tricks For An Effective Symantec 250-556 Exam Preparation

- Regardless of the it will eventually consider to reach all common community university learners, especially at-risk higher


headlines for that scene featuring former New York mayor Rudy Giuliani. It immediately put her on the map – and squarely among the year’s best

headlines for that scene featuring former New York mayor Rudy Giuliani. It immediately put her on the map – and squarely among the year’s best

- headlines for that scene featuring former New York mayor Rudy Giuliani. It immediately put her on the map – and squarely among the year’s best