With over 50 million members, Steam has become the number one online digital content delivery platform for PC games. Perhaps it is for this reason that Valve, Steam’s developer, quietly applied a fix to a HTML-related vulnerability that was discovered by Ars Technica’s Senior Gaming Editor Kyle Orland.
Orland discovered the vulnerability while fiddling with Steam’s profile settings and examining the source code – which is easily accessible on today’s browsers. The vulnerability allows for information for accounts set to “Private” or “Friends Only” to be viewable via the browser’s source code viewer. By adding extensions to the URL and then looking at the HTML code, anyone can view a user’s info stored on Steam such as their game library, recent purchases and even load the Achievement page from a game on their libary.
Upon finding – and documenting – the vulnerability, Orland contacted Valve to notify them about it. Interestingly, it was found that Valve applied a fix to the vulnerability within three hours after being notified. However, the company did not reply to Orland to acknowledge his discovery. Nor was there any official statement regarding the matter. Ars notes that Valve’s silence is vastly different to other software giants such as Microsoft and Google, who actively participates in user feedback regarding the security of its software. The company’s silence, Orland postulates, may “discourage future private disclosure of security flaws”.
For a more detailed description of the vulnerability, head on to the source link below.
(Source: Ars Technica)
The latest addition to Lowyat.NET's family is a freshly-converted tech geek and footie fanatic who dabbles with the occasional game or two.
Find us on Facebook
- Facebook’s New Security Partners to Help Eradicate Spam Posts - 46995 Views
- The Nokia N9: Is This the World’s Most Underrated Smartphone? - 32987 Views
- Update: The (Almost) Complete iPhone 5 Telco Price Comparison - 29945 Views
- Even at RM1799, the Nexus 4 is Still a Good Deal - 26064 Views
- Home: The New Facebook Experience For Android, Coming To Select Smartphones On April 12 - 23178 Views
- Why I Said the Rumoured Retail Price of the Nexus 4 is “Still a Good Deal” - 19417 Views
- Apple iPhone 5 To Arrive In Malaysia On December 14 - 19251 Views
Chief Chapree says:As mentioned in the article, not at this moment....
acer Android Apple Asus Blackberry blackberry 10 Celcom Celcom Phone Bundle CES 2013 DiGi DiGi Phone Bundle Facebook Google HTC HTC One Huawei iOS iPad iPhone iPhone 5 Jolla Lenovo LG Lumia Lumia 920 Malaysia Maxis Maxis Phone Bundle microsoft MWC Nexus 4 Nokia Nokia Lumia Phone Bundle Samsung samsung galaxy Sony Sony Mobile sony xperia windows windows 8 Windows Phone Windows Phone 8 WP8 Xperia