One of the steamforum mod confirmed it that the issue have been indeed reported (and hopefully already transferred to Valve attention at the time we are speaking)
Comment has been collapsed.
If any of you happen to have further update about this, please do let us know
Comment has been collapsed.
The bug appears to be exploitable by sites that ask you to login through your Steam account, by being able to read chunks of the memory of the Valve server that handles your login (and thus read out the plain text password from the server's memory.)
SteamGifts itself is such a site. If you don't login to any such sites, you should be fine. I assume SteamGifts isn't a malicious site that would actually try to exploit this vulnerability ;-) Although there's always the issue of sites being compromised; for example if someone "hacked" SteamGifts, he would use the site to get Steam login credentials of users logging in.
Comment has been collapsed.
noticed that too...really really od
Satoru, as always was coming up with condescending bs such as Steamdb is not affiliated with Steam yadayayada
Comment has been collapsed.
Well if it's true that this has been around for 2 years then everyone's panic and "omg don't login anywhere!!!" logic is kind of pointless. I'm sure the people who could take advantage of this already knew about it, let's face it 2 years is a very long time, and if you were gonna get hacked because of it, it would have happened already. No need to go paranoia mode about it now. It is however fishy that volvo is deleting threads on the subject.
Comment has been collapsed.
I honestly doubt that in the two years this has been around real hackers have not discovered it, even the people who revealed said weakness now said there's no way to know if and how much it has been exploited. Average Joe(you, me and everyone else posting here) is in no more danger than he usually is with this, and all the other ways hackers have of breaching your system or stealing your password. Again, i'm not saying it's not a problem, i'm just saying it's nothing to panic over.
Comment has been collapsed.
but what shall we do now? Just continue as if nothing happened and hoping that nothing bad happens?
Comment has been collapsed.
yep, doesnt seem to be shown as affected as well as steampowered either
Comment has been collapsed.
Keep calm, everyone. It isn't the end of the world... Yet.
Keep calm, and...
Comment has been collapsed.
Guys, the heartbleed test shows that its all fine from steampowered and steamcommunity side
Comment has been collapsed.
The issue here is that when a fix goes out for a issue like this they are effectively telling the hackers what to do on unpatched systems. Any major site like steam would have known about this a long time ago and if you are feeling paranoid just give them the few hours to get the fixes rolled out today. The real danger is going to be on sites 4 months from now that never updated and you have already forgotten this bug existed.
Comment has been collapsed.
Anyway, it seems to be okay now (if it was ever bugged from Steam side to begin with)
Comment has been collapsed.
so its "safe" to go on steam and play games again?
Comment has been collapsed.
according to this site its already fixed http://possible.lv/tools/hb/?domain=steampowered.com
Comment has been collapsed.
any security steps needed right now or what? Im kinda puzzled of what to do now..
Comment has been collapsed.
I mean from the perspective of a steam user: anything I should do?
I obviously have a strong password, decent anti virus+ firewall+anti spyware, i do make system updates often and the usual..
Comment has been collapsed.
Just update program using OpenSSL when there is update available.
This isn't as serious as server-side, because you need to connect to server that tries to abuse this.
Firefox & Chrome use NSS and IE uses SChannel for SSL so these are not vulnerable :)
Comment has been collapsed.
From what i can understand it's not something that you the end user can do much about. It's all down to websites/service providers to upgrade their software. Only thing i'm worried about is yahoo's apparent lack of reaction to this, their mail service and website is labeled as vulnerable right now...
Comment has been collapsed.
Fuck,steamcommunity is once again showed up as vulnerable
Comment has been collapsed.
I would think everyone here has SteamGuard enabled, so even if this was true and they got our passwords, they wouldn't actually be able to access our accounts, no? I don't get it.
Comment has been collapsed.
what the heck, each time I reload the heartbleed test, it show it as vulnerable and then safe and then vulnerable again...
Comment has been collapsed.
thats what i would guess too
however, what should be take as statement then? that its safe or not?
Comment has been collapsed.
this is absolutly ridiculous. I really dont know what to think about all of this
Comment has been collapsed.
Might be to keep people from using the exploit themselves. More people that know about it, the more people that will use it.
Comment has been collapsed.
Considering the news about it is more or less all over the internet it would be stupid to classify it as "just some stupid idea" however, since it's been around for 2 years already i see no reason to panic. If you do wanna be safe about it you can always unplug your internet for a few days until it all blows over and everything updates to the new, exploit free, version.
Comment has been collapsed.
The minimum that i would await from the PR of Valve (if they have any person assigned to that) to make some sort of oficial statement about this instead of trying to silence people. I mean come on, were not that dumb, we know something is very wrong
Comment has been collapsed.
Yeah, how do we know what the hell to do right now ? keep us informed damn it -.-'
Comment has been collapsed.
103 Comments - Last post 45 minutes ago by cartcollector
68 Comments - Last post 1 hour ago by AkulahArjuna
46,826 Comments - Last post 4 hours ago by FranckCastle
15,407 Comments - Last post 5 hours ago by BargainSeeker
2,066 Comments - Last post 7 hours ago by Megamind9
11 Comments - Last post 8 hours ago by Chris76de
1,340 Comments - Last post 9 hours ago by LuckyStrike1305
57 Comments - Last post 5 minutes ago by adam1224
70 Comments - Last post 13 minutes ago by Peiperissimus
78 Comments - Last post 13 minutes ago by Volcanic
588 Comments - Last post 18 minutes ago by Chungite
137 Comments - Last post 54 minutes ago by TrevorGoodchild
412 Comments - Last post 57 minutes ago by TrevorGoodchild
102 Comments - Last post 1 hour ago by TrevorGoodchild
SteamDB.info discovered that the Heartbleed bug is currently affecting steam. Here you can read what this bug exactly is. It's long yeah I didn't read it either. But here is what SteamDB.info says about it:
We recommend NOT using any Steam services until Valve issues a fix for a recently discovered vulnerability. We've contacted them about it.
It's a dangerous issue to everyone, it's more dangerous for developers because they deal with more sensitive content.
We'll inform you when it's fixed, and it's better to not do anything at the moment including logging off sites.
Lets hope they fix it fast, but for now; don't login or logout anywhere with your Steam acount! The only other, known, big player who is affected by this bug is Yahoo (Tumblr?).
Source
Comment has been collapsed.