Teen hacker exposes security flaws by publishing unapproved game on Steam

steam
A teenager revealed security holes in Valve’s developer site that allowed him to upload a game about watching paint dry to Steam without any approval.

Ruby Nealon, a computer science student in the U.K., discovered that the Steamworks site’s approval process could be skipped when he uploaded his game Watch Paint Dry, a riveting role-playing adventure in which the gamer watches paint dry.

steam-watch-paint-dry

Nealon detailed his experiment on Medium. First he managed to obtain an account on Steamworks and some in-game trading cards last month. Then he found flaws in the HTML form data that was being sent to Valve’s servers, which allowed him to alter the code into the thinking his cards had been approved by an editor. After that he was able to spoof his session ID number and publish the game.

The student has already been in contact with Valve and the holes were plugged before he went public. It was never his plan to cause any problems for other users or attempt to sell the game to anyone, he added. (And after all, who would buy it?) It was instead always his intention to expose the holes and he has also purposefully omitted some particular details on how he pulled this off.

“Something I’ve definitely learned from doing this is when working with user-generated content that first needs to be approved, do not have ‘Review Ready’ and ‘Reviewed’ as two states of existence for the content,” said Nealon in his advice to Valve and other sites in the future.

“Instead, maybe take an approach where the review of the item has an audit trail by giving each piece of content a ‘review ticket’ or something similar and not allowing the content to switch to the Released state until there is a review ticket for the content,” he said. “Or just don’t allow users to set the item to ‘Released.’”

Computing

Mueller report releases on CD, forces Congress to find PCs with disc drives

The Mueller report was released this week to Congress via CDs and congressional members had to find PCs with working disc drives to access the 400-page document. The redacted report was also released to the public on a website.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

Skip the flowers and sunshine this spring and watch the best shows on Hulu

It's often overwhelming to navigate Hulu's robust library of TV shows. To help, we put together a list of the best shows on Hulu, whether you're into frenetic cartoons, intelligent dramas, or anything in between.
Movies & TV

The best movies on Netflix in March, from Buster Scruggs to Roma

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Movies & TV

The best shows on Netflix right now (April 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Gaming

Kick off your streaming career with our complete guide to Twitch broadcasting

Streaming games on Twitch for the first time can be daunting to say the least, but with a few simple steps, it's remarkably easy to do. Here's how to do so using a PC, Mac, Xbox One, or PlayStation 4 console.
Computing

Google Chrome will get a Reader Mode for distraction-free desktop browsing

If Google's testing of Reader Mode on the Chrome Canary desktop browser is successful, soon all Chrome users will gain access to this feature. Reader Mode strips away irrelevant content on a webpage for distraction-free browsing.
Computing

Former student uses USB Killer device to fry $58,000 worth of college’s PCs

A former student used a USB Killer device to short circuit more than $58,000 of computers at a private New York college earlier this year. The student pled guilty to the charges and sentencing is scheduled to begin in August.
Computing

AMD Ryzen CPU prices get slashed ahead of Ryzen 3000 release

AMD's Ryzen CPUs have had their prices slashed as we edge towards the release of their third generation. Whether you're a gamer or someone who needs multi-threaded performance, there's a deal for everyone with some heavy discounts to take…
Computing

The number pad on HP’s Chromebook 15 makes spreadsheet work a breeze

HP's Chromebook 15 comes with a 15.6-inch display, a metal keyboard deck with full-size keys, and a dedicated number pad, making it the second Chromebook model, following Acer's Chromebook 715, to be suited for spreadsheet work.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.