Welcome, Guest. Please login or register.
November 13, 2019, 04:47:55 AM

Login with username, password and session length

Search:     Advanced search
Donate! | Shop: Amazon
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  Gaming  |  Steam  |  Topic: steam:// protocol vulnerability 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: steam:// protocol vulnerability  (Read 1636 times)
Trippy
Administrator
Posts: 21521


on: October 17, 2012, 02:12:22 PM

tl;dr the steam:// protocol allows remote sites to install files on your computer that can then be executed the next time you reboot. Disable the steam:// protocol handler in your browsers, especially Safari and other Webkit browsers. Oh yeah that means the Steam client itself, which most of the time is acting as a Web browser with a fucked up UI, is likely vulnerable. Oh well...

Ars Technica article
ReVuln paper (PDF)
ReVuln video (Vimeo)
(Using direct links cause ReVuln site fucking sucks)
Fordel
Terracotta Army
Posts: 8306


Reply #1 on: October 17, 2012, 02:57:00 PM

How does one do that? Disable the steam:// thinger.

and the gate is like I TOO AM CAPABLE OF SPEECH
Trippy
Administrator
Posts: 21521


Reply #2 on: October 17, 2012, 03:20:42 PM

These days it's quite difficult actually. It used to be in the good old days all browsers had a section in preferences or other config section that showed you the mappings between protocols (like mailto and telnet) and MIME types to the apps that would handle them. These days some of the browser vendors think they "know best" and don't let you change those things with an in-browser UI. That includes Chrome and Safari. Firefox and IE, however, do let you view these settings in their preferences and you can check in there to see if you've ever opened a steam:// link in one of those browsers and had it explicitly mapped to the Steam app. If you have you should do one of three things:

1. Map the steam:// protocol to something like notepad.exe. This will effectively cause any malicious steam links to have no effect (other than possibly popping up the notepad app).

2. Delete the linkage. However this will cause the browser to pop up a dialog the next time it tries to open up a link with that protocol asking you which app should handle it so you have to be careful not to remap it to Steam.

3. Change the mapping to "always ask" (or equivalent), which is effectively the same as #2.

Edit: Chrome's handler UI is hidden here: chrome://chrome/settings/handlers

« Last Edit: October 17, 2012, 03:23:39 PM by Trippy »
Fordel
Terracotta Army
Posts: 8306


Reply #3 on: October 17, 2012, 03:57:23 PM

Thanks Trippy. :)


Using Firefox and the list doesn't seem to have steam on it. Guess I've never actually clicked steam:// link before, which is entirely possible.


So that puts me into category 2 then I guess.

and the gate is like I TOO AM CAPABLE OF SPEECH
Trippy
Administrator
Posts: 21521


Reply #4 on: October 17, 2012, 04:22:16 PM

That's right, if you search for "steam" and Firefox didn't find anything then you've either never clicked on a steam:// link in Firefox or you clicked on one but never checked the box for saving that mapping.
KallDrexx
Terracotta Army
Posts: 3510


Reply #5 on: October 17, 2012, 06:49:44 PM

My chrome://chrome/settings/handlers is blank, and I know i've clicked on stuff on Steam (though who knows if it was an actual steam:// link).  I imagine since it's blank it's more bugged rather than me not having clicked on a link before.
Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  Gaming  |  Steam  |  Topic: steam:// protocol vulnerability  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC