For Steam Users Only

[DavidYokosukaJapan]

Users of the Steam gaming and media distribution platform are at risk for remote compromise.

 

I read about this at the threatpost.com website.

Not really sure if this is the 'right' forum for this announcement but I'd hate to see fellow gamers pwned by hackers because they didn't know.

Hope Steam patches this up soon.. since a lot of people got Skyrim via Steam

 

http://threatpost.com/en_us/blogs/steam-gaming-platform-vulnerable-remote-exploits-50-million-risk-101912

 

http://arstechnica.com/security/2012/10/steam-vulnerability-can-lead-to-remote-insertion-of-malicious-code/

[JanusForbeare]

That's disturbing. I'm running on Chrome, but I think I'll set Steam to offline mode until I hear about a fix. Thanks for the heads-up.

[acidzebra]

By getting a user to click a link to a specially formed Steam URL

 

Browsers such as Chrome and Internet Explorer present users with an explicit warning when they click a Steam link, telling them they're about to open or use an external program, and Firefox asks users for confirmation (without explicitly warning of potential vulnerability). Browsers including Apple's Safari and Webkit, though, allow Steam URLs to launch the program without any warnings, letting a potential attack go completely unnoticed

If you are running Steam and using a vulnerable browser, you can protect yourself by going into the settings and disabling automatic launching of Steam:// URLs. If you're already using a browser that gives warning when URLs try to launch external programs, keep a special watch for any suspicious links that try to launch Steam.

 

In short, don't click suspect links and use proper browser security. Which is sane advice under any circumstances :thumbsup:

Edited November 20, 2012 by acidzebra