I wonder if the steam forums are safe. Seems like anything you can execute in your profile should be able to execute on the forums as well.
Comment has been collapsed.
Well I hope it's fixed soon. I guess I'll stop sending out gifts for a while until it's fixed
Comment has been collapsed.
last i knew it was a vehicle
but steam loves this stupid little things like Thanks for Skyrim,Heresy,and countless others for some reason people like to be a follower and not a leader so they copy what others say and think it is funny when it just silly and annoying.
None the less it just how i feel and this whole exploit thing just get use to it as long as idiots fall for scams and click on links they should not and have inventory it is always going to be at risk.Pretty much as long as there is steam gifts and trading there will always be hackers or exploits to just and scam people out of there stuff.
Comment has been collapsed.
Thx to for the heads up..and in a better world i would have expected Volvo for shutting down the profiles until the problem is solved..
Comment has been collapsed.
Wow, that's interesting. Thank you for the heads up, Deiru.
Comment has been collapsed.
Wasn't there like the SAME issue with steam store pages where devs could put malicious shit on their game page; and it was known for like forever but Valve didn't do shit about it... Then when a dev decided to demonstrate the exploit to urge them to action he got banned or something? You'd think they'd check around for similar things elsewhere after an incident like that....?
Comment has been collapsed.
Yeah, that was Timmy, the PR guy from SCS Software aka the Euro Truck devs.
Comment has been collapsed.
The XSS issue on Steam Community has been resolved.
https://twitter.com/SteamDB
Comment has been collapsed.
That was quick. But I am afraid to find out for sure. I think I might stay off profiles for the rest of the day just in case they forgot something. lol
Comment has been collapsed.
They could just be saying that to stop people from panicking.
Also check the comments to that tweet, either there is some serious blackmailing and funny stuff going on, or someone didn't read the "list" with those few times when trolling should not be done, no matter how inviting.
Comment has been collapsed.
Well, for one, SteamDB have literally no reason to "Prevent panic", considering they also posted an announcement similar to mine. For another, I'm friends with a lot of the SteamDB guys, I trust their work, and they've shown enough to me that I can see it is fixed.
Comment has been collapsed.
SteamB have no reason to report the issue in the first place either then.
You are friends with them you say, doesn't mean much to me since i dont know you, but i have no reason not to trust you. I will keep my hand on my gun and my eyes open though.
Comment has been collapsed.
SteamDB may be a third party, but honestly? They are the best community relations that Steam has. They report on things before I see them on Steam most times, and I have never been misled by them. Exercising caution is always a good idea, but I put my money on profiles being safe again now.
Comment has been collapsed.
293 Comments - Last post 10 minutes ago by AndrewTheD
42 Comments - Last post 15 minutes ago by Moogal
11 Comments - Last post 27 minutes ago by BattleChaing
201 Comments - Last post 39 minutes ago by CulitoRiko7u7
35 Comments - Last post 45 minutes ago by Gamy7
1,275 Comments - Last post 2 hours ago by TandborsteN
350 Comments - Last post 3 hours ago by Serpy
62 Comments - Last post 10 minutes ago by VahidSlayerOfAll
232 Comments - Last post 10 minutes ago by HowDareYou
1,040 Comments - Last post 11 minutes ago by Kireato
254 Comments - Last post 13 minutes ago by Vin3
72 Comments - Last post 18 minutes ago by macgamer
4,168 Comments - Last post 33 minutes ago by yugimax
154 Comments - Last post 37 minutes ago by RobbyRatpoison
Just a major heads up, but there's a huge security flaw that was just exposed, allowing people to execute code on profiles. So far I've only seen one profile that can do this, but it can comment for you, it can load iframes, and it can play youtube videos. It will fuck up your notifications.DO NOT LINK THESE PROFILES IN THE FORUMS, IN CHAT, OR ANYWHERE.
Issue has been fixed. Profiles are now safe again.
Comment has been collapsed.