Steam community site suffers profile vulnerability but Valve makes quick fix

steam community site suffers profile vulnerability steamdev
If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.

It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.

The exploit was first identified on the Steam subreddit, described as such:

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.”

Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.

Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.

Computing

Smishing sounds funny, but it’s a serious threat to your phone’s security

We all know phishing is a huge security problem, but most people still believe it’s a problem limited to email. According to new reports, however, phishing scams are attempting to exploit your trust in text messages.
Apple

iPhone users are finding themselves randomly locked out of their Apple ID

According to posts on Reddit and Twitter, it looks like users on Reddit and Twitter having some issues with their Apple accounts. Specifically, it seems as though users are getting randomly locked out of their Apple IDs.
Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Want to use one drive between a Mac and Windows PC? Partitions are your best bet

Compatibility issues between Microsoft Windows and Apple Mac OS X may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.
Computing

Microsoft turns on the lights with a new white theme in Windows 10 update

Microsoft is introducing a new light theme in the upcoming version of Windows 10 and is currently beta testing the change with Windows Insiders. The clean-looking theme brings a much-needed facelift to Windows.
Computing

Four Andromeda-related Microsoft patents hint at new ways to use the device

Andromeda might be getting even more real as four Microsoft patents have surfaced recently, all of which hint at possible new use cases and other new configurations for the device. 
Computing

Here's why 64-bit (not 32-bit) dominates modern computing

Today's computing world isn't the same as it once was. With 64-bit processors and operating systems replacing the older 32-bit designs, we look at what 32-bit vs. 64-bit really means for you.
Computing

A Google patent shows a way to make VR even more immersive

Virtual reality can be a really immersive experience, but it does sometimes it does have boundaries. Google has addressed this problem by patenting shoes with a flexible region on the bottom.
Computing

Converting files from MKV to MP4 is quick and easy. Just follow these steps

MKV files have their place, but if you would rather convert your videos from MKV to MP4, there are two methods we consider the best and most efficient for getting it done. In this guide, we'll walk you through them step by step.
Computing

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering changing up your mouse for something ergonomic. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.
Computing

Our 10 favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Deals

All the Best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Computing

Windows 10 notifications driving you crazy? Here's how to get them under control

Are the notifications on Windows 10 annoying you? Here's our guide on how to turn off notifications in Windows, and how to manage alerts so that the important stuff still gets through.