Hello Guest, welcome to torrentinvites.org - Your #1 source for Torrent Invites!
CLICK HERE to register for free and gain full access to TI.org!
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
4Likes
-
3
Post By sedna
-
1
Post By LagunaLoire
-
sedna
Guest
For over a decade a bug in Steam meant someone could take over your PC
Don't worry, it's fixed now.
On March 22 one of Steam's regular updates was rolled out, complete with fixes to the in-game overlay and problems involving corrupt items on the Steam Workshop. It also dealt with a bug that made it possible for someone to get access to the computer of anyone with Steam run code remotely, effectively taking over their computer.
Security researcher Tom Court has blogged about the bug and its potential misuse, explaining that, "At its core, the vulnerability was a heap corruption within the Steam client library that could be remotely triggered, in an area of code that dealt with fragmented datagram reassembly from multiple received UDP packets."
What that means is that, as he demonstrated in the video below, he could hijack a computer and run software remotely. In this test case it was just a calculator app, but obviously more malicious effects would have been possible.
Fortunately it was fixed quickly once Valve were made aware of the vulnerability, with a patch on the beta branch of Steam going live eight hours after it was discovered. As Court says, "this was a very simple bug, made relatively straightforward to exploit due to a lack of modern exploit protections. The vulnerable code was probably very old, but as it was otherwise in good working order, the developers likely saw no reason to go near it or update their build scripts. The lesson here is that as a developer it is important to periodically include aging code and build systems in your reviews to ensure they conform to modern security standards, even if the actual functionality of the code has remained unchanged."
-
Scary stuff, glad it's fixed now. Thanks for sharing.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules