Browsing the Steam catalog at the weekend would have been possible to come across Watch paint dry. In fact this name does not match any game, as the product page in question has been inserted by a hacker to less than 20 years who managed to exploit a Steam exploit now patched.
Ruby, which is the nickname by which you identify the hacker on the network, explained how he managed in his intent with a post on Medium. The exploit was not available to all users of Steam, but only to those registered at the Steamworks Developer Program.
Ruby went in search of weak spots within the HTML of the Steamworks backend. It forced the value of an "editor ID" to "1", assuming that such variable corresponded to an employee of Valve. In this way Ruby has had access to a form in which it has been able to enter the value "approved" for his play with regard to the support of Steam collectible card system. Clearly, if a game is approved for the collectible card system for Steam it is already released.
This security flaw has allowed Ruby to accept Watch paint dry as a regular video game without obtaining express permission from Valve. Of course it is not the first time that Steam is attacked by hackers: like other similar gaming services, in fact, confirms the preferential victim to cybercriminals. Recent DDoS attacks are only one of the examples in this regard, while the computer security company Revuln had in the past played a very detailed study.
Subscribe to:
Post Comments (Atom)
-
Image Credits: TechCrunch We had to talk about the news that rocked the crypto world this week in our Thursday episode : the Binance/...
-
Welcome back to The Interchange, where we take a look at the hottest fintech news of the previous week. If you want to receive The Interchan...
-
Hello and welcome back to Max Q! Happy Memorial Day everyone. In this issue: Astranis’ novel approach to GEO satellites Virgin Galactic’...
No comments:
Post a Comment