Jump to content

Game centric Security issues

Recommended Posts

This topic is just for anything anyone hears of related to games / setups / clients which gives your computer security more holes than Swiss Cheese.

Just use the topic as a heads up to gamers along the lines of "You may not ordinarily bother your ass with this stuff .. But check this out"

To kick it off here's a beauty recently which is now fixed (so long as you have updated recently and not run it in offline mode permanently) ..


Steam Client UDP issue - Apparently this issue has been open to exploitation for the last 10 years :

Go to the following linked video at time 1:07:21 Security Now! episode 666

Valve have fixed it if you have let the client update since.


Historically, the NSA had another exploit they had been using for a while (no idea of the duration) to spy on daddies machine via Steam installed by their kids, that one was fixed pretty soon after the Edward Snowden leaks - Rob Joyce NSA Chief of Tailored Access Operations (TAO) at the time said they do not need to use Zero Day exploits ..

I doubt the NSA have anything to be interested in me, but the point is if they can do it anyone can do the same.

I gave steam a support ticket at the time, asking what the state of play was with the fix, the ticket was replied within about 30 seconds "Yes we have fixed the issue" and the ticket was deleted straight after the reply. Ouch!, sore point, valve must have been a bit trigger sensitive about the issue :)

So anyway, if that was fixed .. Then the UDP one noted in Security Now! 666 was another separate issue .. Or maybe valve thought they had the right hole fixed but fixed something else?. I guess we will never know, its probably too embarrassing for Valve.


Not noted in this video, but if anyone uses the GOG Galaxy client (personally I prefer not using it, Steam are a lot better established and if they can get the client wrong from a security POV ...). I just manually update games with the downloadable manual installers when they update), that client also had quite a bad exploitation a while ago which was also updated soon after being informed. I dont know if you can run that client offline, but if you can and have been .. I would get it up to date if I were you.

I also recommend not having these clients auto-start with windows. Get into all the settings and switch off behaviour you might not be happy with, which is most likely on by default because of the need to get that advertising window on your desktop in your face with all of its capabilites enabled with no restrictions.

Share this post

Link to post
Share on other sites

For the record, yes, Galaxy can be run offline just fine. It's also actually convenient to use instead of a burden like the Steam client.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Support us on Patreon!

  • Create New...