SteamDB.info discovered that the Heartbleed bug is currently affecting steam. Here you can read what this bug exactly is. It's long yeah I didn't read it either. But here is what SteamDB.info says about it:

  • We recommend NOT using any Steam services until Valve issues a fix for a recently discovered vulnerability. We've contacted them about it.

  • It's a dangerous issue to everyone, it's more dangerous for developers because they deal with more sensitive content.

  • We'll inform you when it's fixed, and it's better to not do anything at the moment including logging off sites.

Lets hope they fix it fast, but for now; don't login or logout anywhere with your Steam acount! The only other, known, big player who is affected by this bug is Yahoo (Tumblr?).

Source

10 years ago*

Comment has been collapsed.

I tweeted the two official Steam Twitter accounts. I'll let you guys know if I get a response.

10 years ago
Permalink

Comment has been collapsed.

Don't worry. Any web developer not in a coma will know about this by now. They will be dealing with it when possible

10 years ago
Permalink

Comment has been collapsed.

This is what you get for not using IIS.

10 years ago
Permalink

Comment has been collapsed.

10 years ago
Permalink

Comment has been collapsed.

so just wondering is this sorta like Y2k where we have to deal with this everytime some major update to the internet is made?

10 years ago
Permalink

Comment has been collapsed.

I found this article about yahoo: Click
And this tool to check vulnerability:Click
Results for tore.steampowered.com: Click
Results for steamcommunity.com: Click

10 years ago
Permalink

Comment has been collapsed.

Inaccurate!

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

Where can i read the patch notes for steamcommunity? ;-)

10 years ago
Permalink

Comment has been collapsed.

according to steamdb twitter Valve is working on solving this

10 years ago
Permalink

Comment has been collapsed.

Bury me with my money

10 years ago
Permalink

Comment has been collapsed.

Jeez right after I come back from a break from steam. welp, back to the PS Vita I guess.

10 years ago
Permalink

Comment has been collapsed.

+1

10 years ago
Permalink

Comment has been collapsed.

omg so much negativity in this thread (or VITRIOL, as tumblrtards like to say) i'll try to salvage what i can with my latest pizza
1
2

As you can see i'm currently in this phase of trying out new things, just like when you're in college and want to experience that one-night lesbian stand

10 years ago
Permalink

Comment has been collapsed.

Today must be pizza day... I just ate pizza, and this is the second comment I see today mentioning pizza.

10 years ago
Permalink

Comment has been collapsed.

I'm having pizza right now. And hot sex! (One of those statements is true. I'll let your imagination do the rest.)

10 years ago
Permalink

Comment has been collapsed.

The pizza statement is true. There are no girlfriends on the internet.
(Because we are ugly, annoying, and addicted to computer games.)

(No, just kidding. seriously, lots of people on the internet have girlfriends. Except me. And quite a few others. ...Just nevermind.)
10 years ago
Permalink

Comment has been collapsed.

Except you. And me. And all those people you know, including the ones who are lying. Especially the ones who are girls. Chris Hanson just doesn't have enough hours in the day to visit us all!

10 years ago
Permalink

Comment has been collapsed.

Man, this is beatiful!

10 years ago
Permalink

Comment has been collapsed.

That pizza's shape made me praise the sun

10 years ago
Permalink

Comment has been collapsed.

That pizza look orgasmic.

10 years ago
Permalink

Comment has been collapsed.

I'm guessing i can't log out of steam tonight.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

Remember resetting guard gives 14+7 days (don't know if it stacks) trade "ban".

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

smells bullshit coming from that guy, I rather have Valve telling us this.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

10 years ago
Permalink

Comment has been collapsed.

And I just logged into Yahoo. :/

10 years ago
Permalink

Comment has been collapsed.

issue got officially fixed by Valve, strongly reccommended that you change your password and reset SteamGuard just to be on the safe side

10 years ago
Permalink

Comment has been collapsed.

changing your password while Valve is vulnerable is actually the worst thing you can do. the fact that people were recommending this was wtf?, "Hey, I can read Valves memory! let's change password, so the attacker can read your new password! what??"

Also "issue got officially fixed by Valve, strongly reccommended that you change your password and reset SteamGuard just to be on the safe side" pure bullshit.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

you are likley safer by doing nothing at all.

10 years ago
Permalink

Comment has been collapsed.

I think you forgot to consider the fact Steam passwords are encrypted using RSA before being sent to the server in the SSL tunnel. So even if somebody was able to decrypt the SSL traffic, he wouldn't have access to the password.

10 years ago
Permalink

Comment has been collapsed.

If you gonna quote heffebaycay, then atleast do it properly.

10 years ago
Permalink

Comment has been collapsed.

Hey thanks for the update ! Where did Valve say this though ? not that i don't believe what you said or anything, i'd just like to see what they said about this case ;P

10 years ago
Permalink

Comment has been collapsed.

Check Twitter. There was a question by Elias389, in response they said it was fixed.

10 years ago
Permalink

Comment has been collapsed.

Thank you for the heads up!

10 years ago
Permalink

Comment has been collapsed.

Thank you for the information, Jurjee!

10 years ago
Permalink

Comment has been collapsed.

But can I still login normally with the client??

10 years ago
Permalink

Comment has been collapsed.

10 years ago
Permalink

Comment has been collapsed.

LOL, epic.

10 years ago
Permalink

Comment has been collapsed.

But how does an attacker steal your shit? They need to sniff the https (or whatever protocol) requests you make or what?

10 years ago
Permalink

Comment has been collapsed.

Here, I found some info that clarify how the attack works:

Heartbeat allows one endpoint to go "I'm sending you some data, echo it back to me". It supports up to about 64 KiB. You send both a length figure and the data itself. Unfortunately, if you use the length figure to claim "I'm sending 64 KiB of data" (for example) and then only really send, say, one byte, OpenSSL would send you back your one byte -- and 64 KiB (minus one) of other data from RAM.

This allows the other endpoint to get random portions of memory from the process using OpenSSL. An attacker cannot choose which memory, but if they try enough times, their request's data structure is likely to wind up next to something interesting, such as your private keys, or users' cookies or passwords.

10 years ago
Permalink

Comment has been collapsed.

well... am i lucky that i alway stay logged in

10 years ago
Permalink

Comment has been collapsed.

Please stop this bleeding heart, call a doctor, so it can beat again, normally.

10 years ago
Permalink

Comment has been collapsed.

i think my steam got hacked. i just got a email from infestation survivor stories, saying that my account was locked due to a weird IP logging in.

that can only mean my steam account was hacked v__v

10 years ago
Permalink

Comment has been collapsed.

well,how big of a deal is if some1 gets my password,since the steam will request a code too once some1 tries to log into my acc from another IP?

So,a trouble could be if the steam PW is the same as PW as on email adress that is used.

Then again,even if he gets my email and its password,there is still a SMS/ Outlook authentificator app as a security.

They got 0 on me :D

10 years ago
Permalink

Comment has been collapsed.

they could steal also your steamguard cookies. so there's a chance they can login your account without steamguard request a code.

10 years ago
Permalink

Comment has been collapsed.

Yes, if they get anything from you they 99% surely get guard code too, rendering it useless.

10 years ago
Permalink

Comment has been collapsed.

Closed 10 years ago by Jurjee.