Hacker Who Created Fake Game Listing On Steam Says More Vulnerabilities Will Be Found

Earlier this week Ruby Nealon became famous on the internet for managing to get a game onto Valve’s steam store without anyone at Valve even knowing about it. The Watch paint dry game raised concerns about the system Valve has in place when it comes to Steams content, with him saying that more vulnerabilities will be found on the platform.

Nealon states that it was an HTML-based attack that let him post the game without anyone at Valve approving or even seeing the game before it went live. With this exploit noted and fixed, Nealon went on to point out a way of inserting scripts into pages, potentially taking details from a Valve administrator who wanted to check out their games page. This second exploit was then fixed, although Nealon doesn’t seem too impressed with Steam’s website.

In discussions with ArsTechnica, Nealon told them that “it looks like their website hasn’t been updated for years” and even went on to say that “Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”.

Nealon wasn’t just upset with the website, though, saying that he won’t be hacking Steam’s platform anymore due to a lack of recognition from Valve on the matter. Nealon wrote on his site saying that the exploit he used for posting the “watching paint dry” game he had tried to contact Valve for months about, but it was only fixed when he publicly demonstrated its viability.

Nealon isn’t happy with Valve’s lack of a bug bounty system, a program where users are rewarded for alerting the company about bugs and issues in their software, something that even apps like Uber have started in recent weeks. In his “won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers” and even went on to explain how the entire process had made him feel like “Valve were exploiting me”.

Steam isn’t a service that’s immune to hacks either, last year it was hacked and allowed people to bypass the two-factor authentication required to log into an account from a new machine. They’ve even accidentally exposed users details before, no external help required for that blunder.

Personally, I feel like anyone who puts time and effort into finding a problem and then revealing it to a company should be rewarded, not brushed under a matt and ignored until it becomes an issue the public are aware of.

Google Researcher Publishes Unpatched Windows 8.1 Security Vulnerability

Usually, found security exploits are reported before publicised and so was MSRC-20544 exploit for Windows 8.1. But 90 days after the security researcher from Google had reported the flaw to Microsoft, it still wasn’t patched and he instead chose to release the information to the public in order to pressure Microsoft to act and fix the flaw.

Besides just disclosing the flaw, he also shows how to use it and according to feedback it works. The vulnerability allows for an elevation of privilege in ahcache.sys/NtApphelpCacheControl and the blog post also provides a demo application that can launch calc.exe using the exploit. It was only tested on Windows 8.1 and it is not known if prior versions of Windows are affected as well.

Microsoft issued the following response to the vulnerability:

“We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer.”

So there is a mixture of good and bad news in this exploit. Someone needs to have direct access to your system in order to exploit it and a patch is being worked on. If you’d like to test it on your own system, follow the source link to Google Security where you can find the demo app.

Thanks to Google Security via Neowin for providing us with this information