News

Hacker Who Created Fake Game Listing On Steam Says More Vulnerabilities Will Be Found

Earlier this week Ruby Nealon became famous on the internet for managing to get a game onto Valve’s steam store without anyone at Valve even knowing about it. The Watch paint dry game raised concerns about the system Valve has in place when it comes to Steams content, with him saying that more vulnerabilities will be found on the platform.

Nealon states that it was an HTML-based attack that let him post the game without anyone at Valve approving or even seeing the game before it went live. With this exploit noted and fixed, Nealon went on to point out a way of inserting scripts into pages, potentially taking details from a Valve administrator who wanted to check out their games page. This second exploit was then fixed, although Nealon doesn’t seem too impressed with Steam’s website.

In discussions with ArsTechnica, Nealon told them that “it looks like their website hasn’t been updated for years” and even went on to say that “Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”.

Nealon wasn’t just upset with the website, though, saying that he won’t be hacking Steam’s platform anymore due to a lack of recognition from Valve on the matter. Nealon wrote on his site saying that the exploit he used for posting the “watching paint dry” game he had tried to contact Valve for months about, but it was only fixed when he publicly demonstrated its viability.

Nealon isn’t happy with Valve’s lack of a bug bounty system, a program where users are rewarded for alerting the company about bugs and issues in their software, something that even apps like Uber have started in recent weeks. In his “won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers” and even went on to explain how the entire process had made him feel like “Valve were exploiting me”.

Steam isn’t a service that’s immune to hacks either, last year it was hacked and allowed people to bypass the two-factor authentication required to log into an account from a new machine. They’ve even accidentally exposed users details before, no external help required for that blunder.

Personally, I feel like anyone who puts time and effort into finding a problem and then revealing it to a company should be rewarded, not brushed under a matt and ignored until it becomes an issue the public are aware of.

Gareth Andrews

Disqus Comments Loading...

Recent Posts

Antec Performance 1 M Aluminium ITX Gaming Case Available Next Month!

Antec has just introduce the Antec Performance 1 M Aluminium ITX Gaming Case, which they…

1 hour ago

Has Inno3D Leaked New NVIDIA RTX 5090 Features Before CES 2025?

INNO3D may have just given us a sneak peek at NVIDIA's next-generation graphics technology ahead…

1 hour ago

PlayStation Exclusive Games Reportedly Heading to Xbox Next Year

Xbox continues to bring some of its "exclusive" titles to rival platforms, including Sony's PlayStation.…

11 hours ago

Lords of the Fallen Sequel in Full Production with 200 Developers

Lords of the Fallen recently marked its first anniversary and is in far better shape…

11 hours ago

Final Fantasy 7 Rebirth Director Urges Modders to Avoid Offensive or Inappropriate Mods

The director of Final Fantasy 7 Rebirth is calling on fans to refrain from creating…

11 hours ago

Apple Developing Redesigned Magic Mouse to Address Charging Flaw

Apple is well-known for its product innovation, though not all designs are without flaws. The…

1 day ago