AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 17th October, 2012, 09:42 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Steam adds vulnerabilities to your PC

This popped up yesterday - Donato (recently ex-RIM) and Luigi at ReVuln have spent some time breaking Steam, and have discovered that Steam introduces a bunch of vulnerabilities onto your PC. It's all to do with the way that a scheme name is handled, so your web browser can work with Steam.

As it turns out, it also means that a malicious website can also use Steam to attack your computer. Anyhow, the video is here: Steam Browser Protocol Insecurity (although you need some infosec knowledge to understand the significance of stuff) and their whitepaper is here: Steam Browser Protocol Insecurity.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 17th October, 2012, 12:27 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Would I be wrong saying that with every app added to your system the security of that system is less and less in a good state? So basically what we have here is just another example of the way apps we install can help render our systems unsafe...

Anyway is good to know what to expect! Cheers Aedan
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!


Last edited by chrisbard; 17th October, 2012 at 12:56 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 17th October, 2012, 03:17 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Not necessarily. In this case, it's because Steam adds itself into your web browser, so a web browser that's otherwise secure has had it's security seriously degraded.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 17th October, 2012, 04:25 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Reminds me of Java...
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 17th October, 2012, 11:13 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

So...hard times ahead for steam users?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 18th October, 2012, 04:11 AM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Reminds me of Windows Media player with internet browsing. Doesn't iTunes have internet browsing too?
I leave the browsing to my actual Internet Browser Chrome and Firefox.
I have a feeling the spend more time plugging the security holes
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 18th October, 2012, 10:38 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

You might use Chrome and Firefox, but Steam plugs into them to handle URLs that start "steam://" - so having Steam on your system lowers the security of Firefox and Chrome too.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 18th October, 2012, 05:07 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Lucky for me... I use it offline most of the time.
The only time I'm online is to update a game or install a game.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 18th October, 2012, 06:16 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

You don't need steam running, just a browser that it's plugged into.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 18th October, 2012, 06:37 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

can you expand on that? I'm not totally sure what you mean...

When I say "offline" I literally mean my IP address is reset so that I'm not using the DHCP from my Router.
10.0.0.1
10.0.0.2
so forth
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 18th October, 2012, 06:58 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Can I help? It's like having a hot dog when you don't like mustard and at some point you realise the vendor has ignored your "no mustard" request!
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 18th October, 2012, 07:00 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

But what if the mustard is in a packet on the side?
Can I choose to not use it or can I use it later when I'm done with the hotdog?
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 18th October, 2012, 08:49 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Talking

Quote:
Originally Posted by booman View Post
But what if the mustard is in a packet on the side?
Can I choose to not use it or can I use it later when I'm done with the hotdog?
As Aedan said unfortunately the "mustard" has been installed, it's just to late, you either eat the hotdog or you don't!
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 18th October, 2012, 08:54 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Actually I like mustard, relish, Ketchup, chili, cheese and pretty much everything on my hotdog.

Lets use pizza instead because I hate Pineapples on my pizza!
I would be angry if my Steam pizza came with pineapples and I didn't order them.

Anyways, offline protects me even if Steam has a built-in web browser because I don't even have internet access offline.
When I'm online its a problem.
Can one of the steampowered.com pages have a malicious malware or virus that installs when the page loads?
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 18th October, 2012, 09:26 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Red face

Quote:
Originally Posted by booman View Post
Can one of the steampowered.com pages have a malicious malware or virus that installs when the page loads?
No, just a tiny juicy bit of pineapple!
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #16 (permalink)  
Old 18th October, 2012, 10:24 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

So Aedan, what impact, if any, does running Linux have on this, does steam offer me up as a straight shot though my browser , or does the fact I'm only emulating windows come into play?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic


Last edited by Daniel ~; 18th October, 2012 at 10:24 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #17 (permalink)  
Old 18th October, 2012, 10:34 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Apparently you can get a malware or virus withing Wine because its simulating Winblows and services.... but, it won't affect Linux because most malicious software is written for Winblows....
Yet another great reason to stick with Linux
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 18th October, 2012, 10:52 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

It may not be Aedan's answer, but it was the one I was looking for! LOL
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 18th October, 2012, 11:00 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

I would just say, stay away from Internet Explorer in Wine and you should be good.
I don't really browse much with the Steam browser, but sometimes there is a good deal
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 19th October, 2012, 11:50 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by booman View Post
Apparently you can get a malware or virus withing Wine because its simulating Winblows and services.... but, it won't affect Linux because most malicious software is written for Winblows....
That's a very dangerous assumption. You see, by default, your Linux drive is mapped as drive Z within Wine, so the filesystem is accessible with the same permissions as anything else running as your username. Having Wine installed also means that Wine installs itself as an executable handler, so native Windows programs can be invoked easily from other Linux programs (including the shell). You've also got loopback on the IP stack, which is normally considered trusted, meaning that services on your host are open.

Your entire security model is based on "most malicious software is written for Windows", which is nothing but security through obscurity, which isn't security at all. Mac users were saying the same thing not so long ago. There's already cross-platform malware that can target OS X, Windows and Linux. (See here: https://www.f-secure.com/weblog/archives/00002397.html ). I'm aware of other malware that carries payloads for multiple systems.

There's malware like the Crisis Trojan that installs itself and goes searching for VMWare virtual machine images so that it can install itself within those virtual machine images. It's also capable of attacking OS X, Windows and Windows Mobile.

There's also a framework for malware that's designed to target Windows, OS X and Linux called GraVitoN - there's a presentation paper on it here: http://mirror3.layerjet.com/nongnu//...oN-THC12r1.pdf
__________________

Last edited by Aedan; 19th October, 2012 at 11:54 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
security , steam , steam security



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Patches Critical Vulnerabilities In Windows Daniel ~ Data Security 0 14th July, 2010 07:07 PM
Microsoft Fixes Record Number Of Vulnerabilities Daniel ~ OS, Software, Firmware, and BIOS 0 10th June, 2009 05:14 PM
Microsoft Issues Three Patches For Eight Vulnerabilities Daniel ~ OS, Software, Firmware, and BIOS 0 11th March, 2009 06:33 PM
Security Researcher Warns of Vista Vulnerabilities Daniel ~ Data Security 0 25th August, 2008 05:49 PM
Yahoo Messenger Vulnerabilities Found Southern Man Random Nonsense! 2 31st May, 2002 11:27 PM


All times are GMT +1. The time now is 09:37 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0