Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Mortiel Profile picture
Mortiel
@Mortiel
Games Industry Consumer Advocate | Systems Engineer | Proud Dad | @ThePixCrashers Founder | Rothbardian

Aug 21, 2019, 12 tweets

Many have seen me criticise @EpicGames lately, which has lead some Epic apologists call me a Steam fanboy.

Well, I think it's about time the Valve apologist be angry at me, because what follows won't be pretty. In the words of @AngryJoeShow, you done fucked it up, @steam_games.

Let's discuss Information Security. It's not well understood by technical people, much less an average person. Suffice to say there is this thing called a vulnerability that can, by itself or when combined with other vulnerabilities, allow bad stuff to happen to your computer.

The most common form of "bad stuff" going around nowadays is called ransomware. It's where malware encrypts your computer so you can't access anything, then demands you pay a bad person somewhere to decrypt it... Which they may or may not do after you pay. Nasty stuff.

Now, without getting too technical, one of the most common ways ransomware infects a computer is using exploits called Lateral Account Movement. It's a strategy you see most often with cyberattacks on big enterprise networks. Nearly all modern ransomware uses it.

One of the ways this tactic plays out is infecting a target with malware like Trickbot from a bad website. Then, once infected, the malware exploits a programme with a Local Privilege Escalation exploit. Once it has escalated permissions, it's game over. Ryuk says hello.

Which brings us to Valve. Many of you may be unaware, but recently a security researcher, @PsiDragon, advised Valve of two Local Priviledge Escalation exploits in the @steam_games client. The first time, Valve hand-waved it away. Not important because it's not a remote exploit.

But when you are a security researcher, there's this code:

You disclose the proof on concept exploit to the company. They have 90 days to fix it. If not, you publicly disclose it.

Most major corps pay people for finding these exploits. Some make a good living as "bug hunters".

If a company declines your exploit report, then you publicly disclose it. Which is what Felix did.

Valve's response? Ban him from their bug hunting programme. Real mature, Valve.

Since he couldn't report the second exploit because he was banned, it went straight to public.

So, right now, we all have a vulnerable piece of software on our computers because Valve wanted to stick their heads in the sand and act like children instead of taking InfoSec seriously. This is unacceptable.

Little tip @steam_games: Ask all the companies literally rebuilding their environments from scratch how "out of scope" that local privilege escalation vulns are when combined with Trickbot.

I sure as hell hope your internal infrastructure doesn't have the same "security" policy.

@steam_games For reference, here are the reports for anyone interested:

amonitoring.ru/article/steamc…

amonitoring.ru/article/onemor…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling