Steam hacker Talks About Vulnerabilities in Steam, There are Still Some

By   /   Apr 1, 2016
Steam update

Ruby Nealon, a Steam hacker now made infamous since he hacked the Steam system and put a fake game (Watch Paint Dry: The Game) up on the online game retailer, claims that the Steam website has a large number of vulnerabilities in it, which would explain how often Steam gets hacked over the holiday season.

Nealon also came across a second exploit a short time after Watch Paint Dry was addressed and publicized, which allowed him to take advantage of a cross-scripting hole in the system to allow him to steal an administrator’s authentication cookie through the Steam Depot page. Though this exploit has also been patched, it would have given other hackers like Nealon the ability to pretend to be a Steam administrator.

Nealon’s hacking has made him extremely unimpressed with the security system that Valve uses for Steam.

“It looks like their website hasn’t been updated for years. Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”

Steam was also hacked on Christmas Day back in 2015, which caused Valve to took it down for several hours before the issue was addressed.

However, Nealon’s apparent vendetta against Steam also has more petty means: despite him bringing two different exploits in Steam to Valve’s attention, Valve has not made him part of the “Hall of Fame” on its security page because it was for “regular contributors only”, and has not paid him any sort of “bug bonus” (where you get paid for finding bugs or flaws in security and coding) for him finding the two exploits.

The Steam hacker says that he feels like Valve is “exploiting” him.

“I won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers. See HackerOne, which is an entire platform hundreds of companies use. I felt like Valve were exploiting me.”

“I don’t want to sound like I’m bitching for free shit, but if this was Google or something with a similar majority of vulnerability here, Google would pay out. But Valve haven’t offered me anything. I’m not pissed off, but I’m a little bit disappointed, given that it’s a company of Valve’s size.”

Featured Videos

Hot Right Now


The AMD Ryzen CPU Hits The Right Marks, Just Needs Right Price

The AMD Ryzen CPU was demoed recently and what a demo it was. AMD showed that the upcoming AMD...

by   /   Dec 15, 2016
Death Stranding leak

New Death Stranding Leak Revealed The Name Of Norman Reedus’ Character

Hideo Kojima rocked the internet with the reveal of Death Stranding trailer at The Game Awards...

by   /   Dec 15, 2016
Video Game Remasters

Untold Stories of Video Game Remasters – the Good, Bad, and Ugly

In today’s video, we discuss something subjective – are video game remasters good or bad? And...

by   /   Sep 9, 2016
Video Game Villains

Top 10 Invincible Video Game Villains Who Just Won’t Die, No Matter What

We all are accustomed with video game villains and the story usually concludes with the fall of...

by   /   Aug 18, 2016
Panasonic 3DO

Top-10 Retro Consoles You Never Knew Existed

Video gaming has come a long way! While we are well-acquainted with the likes of Xbox Scorpio and...

by   /   Aug 17, 2016
Load More