amonitoring.ru
>So, two weeks after my message, which was sent on July 20, a person appears, who tells me that my report was marked as not applicable, they closed the discussion and wouldn’t offer any explanation to me. Moreover, they didn't want me to disclose the vulnerability
Other urls found in this thread:
do you?
Spermbrain trying to ruin serious threads as per usual.
yes
please use mine
>chinks are so buttblasted about steam they are now asking Yea Forums of all places for advice on sabotaging them
Just make a better client and dont be dicks to your customers, its not a hard concept
Can you replicate the steps?
And is there any higher-profile site about this kinda stuff that would talk about this if given the information?
Cry.
But Yea Forums hates steam, you are aware this isn't Reddit right?
Yea Forums has had anti valve threads for years, and steam has has problems repeatedly. Do you not remember last years fiasco? Criticizing steam has nothing to do with epic, you fucking retard.
Girls don’t like headpats so I know you’re a boy. Stop pretending to be an anime girl.
A cute boy is fine too.
>MUH CHINK SPYWARE
>this happens
OH NO NO NO NO
>Girls don’t like headpats
>he can't into headpatting
So if i understood correctly:
>create registry key that is child of Steam\Apps
>link it to Windows Installer
>relink it to program of choice
>now you can run your program with the highest privileges
Correct?
Is it valve being negligent about it or is it hackerone being incompetent? Probably both.
local priv exploits are nothing special on windows DESU. because there are hundreds in windows its self. Anything can install its self as a service and gain system level priv, a popular and "not exploit" method is installing a trusted validator, this is an old XP method for having an application launch the same time your application launches with system level access to protect, validate and monitor your main application.
Gaining NT System is a feature on windows, not an exploit.
Creating symlinks requires both permissions at the target object level AND a privilege granted at the system level. Current versions of Windows don't give that privilege to common users by default.
Here's the full article if you don't want to visit a Russian website (although it is safe).
magaimg.net
>that English
>while doing damage control for Epic
I have seen that way too many times in the past weeks.
>Spermbrain/gamer
Not that guy, but is this the new meme insult-of-the-week?
Epiccucks on full scale attack lmao
Can't tell if you're a chink or just a retard.
it's the flavor of the month at the moment, soon it will die and something even more retarded is forced into rotation
>we
>not using superior client because its "reddit"
I swear internet is the worst thing that happened to humanity. Look at the damage this user had taken
More or less. It's one of those "if we have local access to the PC we can do whatever we want with it, backdoor!". You don't even need any of that this considering how bad he curation on Steam is and there were times when literal malware got through.
Unlike Epic, which is malware by itself.
virus, my PC went crazy don't click.
>"if we have local access to the PC we can do whatever we want with it, backdoor!"
So it requires the attacker to have Admin privileges to even initiate it? Or can it be done by less privileged users?
Where's the red semen demon, OP.
Anyway, Valve are pretty lame for flat-out ignoring it and not saying something like "it's low-priority exploit because this or that" (I mean, anons already explained in understandable terms that pre-requisites for explot are already allowing hackers to run the show on your PC, steam or not steam), but article's author is lame and bitchy too. It feels like he expected to get millions of bucks and world fame for finding this, got nothing, and wrote last part of article in state of extreme asspain.
...
You have to edit registry key, that by design requires administration privileges, right? I don't remember, I turn UAC off the moment I install Windows.
No. Basically, it requires you to install Steam, then go in shop, find Shady Game-looking Thing 4: Totally Not a Virus, buy it, download, and then wonder why the fuck your PC is full of mustard gas.
>b-but epic!
kekt
thry do tho
You can't be that new
I don't like them either yet most females I interact with will not stop touching my head.
Strange, Virustotal found nothing. But thanks for the warning! Maybe they have unsafe 3rd party content (ads?).
Epic has nothing to do with this thread, you idiot.
Cope.
Listen to this guy and stop being paranoid.
>but article's author is lame and bitchy too. It feels like he expected to get millions of bucks and world fame for finding this, got nothing, and wrote last part of article in state of extreme asspain.
and then makes a thread on Yea Forums for SEO and traffic