Steam hacker Talks About Vulnerabilities in Steam, There are Still Some

By   /   7 months ago
Steam User Reviews

Ruby Nealon, a Steam hacker now made infamous since he hacked the Steam system and put a fake game (Watch Paint Dry: The Game) up on the online game retailer, claims that the Steam website has a large number of vulnerabilities in it, which would explain how often Steam gets hacked over the holiday season.

Nealon also came across a second exploit a short time after Watch Paint Dry was addressed and publicized, which allowed him to take advantage of a cross-scripting hole in the system to allow him to steal an administrator’s authentication cookie through the Steam Depot page. Though this exploit has also been patched, it would have given other hackers like Nealon the ability to pretend to be a Steam administrator.

Nealon’s hacking has made him extremely unimpressed with the security system that Valve uses for Steam.

“It looks like their website hasn’t been updated for years. Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”

Steam was also hacked on Christmas Day back in 2015, which caused Valve to took it down for several hours before the issue was addressed.

However, Nealon’s apparent vendetta against Steam also has more petty means: despite him bringing two different exploits in Steam to Valve’s attention, Valve has not made him part of the “Hall of Fame” on its security page because it was for “regular contributors only”, and has not paid him any sort of “bug bonus” (where you get paid for finding bugs or flaws in security and coding) for him finding the two exploits.

The Steam hacker says that he feels like Valve is “exploiting” him.

“I won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers. See HackerOne, which is an entire platform hundreds of companies use. I felt like Valve were exploiting me.”

“I don’t want to sound like I’m bitching for free shit, but if this was Google or something with a similar majority of vulnerability here, Google would pay out. But Valve haven’t offered me anything. I’m not pissed off, but I’m a little bit disappointed, given that it’s a company of Valve’s size.”

Featured Videos

Join the Conversation

Hot Right Now

Video Game Remasters

Untold Stories of Video Game Remasters – the Good, Bad, and Ugly

In today’s video, we discuss something subjective – are video game remasters good or bad? And...

by   /   2 months ago
Video Game Villains

Top 10 Invincible Video Game Villains Who Just Won’t Die, No Matter …

We all are accustomed with video game villains and the story usually concludes with the fall of...

by   /   2 months ago
Panasonic 3DO

Top-10 Retro Consoles You Never Knew Existed

Video gaming has come a long way! While we are well-acquainted with the likes of Xbox Scorpio and...

by   /   2 months ago
Insanely Priced Retro-Games

Top-10 Insanely Priced Retro Games

It goes without saying that video gaming is a luxury and an expensive hobby. While most of the...

by   /   2 months ago
Video Games Past

Why Some Video Games Should Let Go of Their Past

We all have favorite video games franchises that we so dearly love the way they are and yet we also...

by   /   3 months ago
Load More