ZOMG dont add [insert name] hes a virus!

[Dracula]

since when :O

 

Theirs a reason you can get viruses from just watching porn, or going to websites that are set to give viruses.

[Jager]

yes dracula because their active x controls /java controls download a virus in the background... if you watch anything or go to a website with your security not set to ask before downloading website content you download the virus.

 

ergo if you have the right settings and the correct restrictions (dont use IE ) you can go damn near anywhere on the internet and catch no viruses, just don't click on any downloads.

 

as far as the steam "virus" my understanding is that the data exchanged when handshaking the chat connection led to vulnerabilities in the overall steam clients memory usage allowing a program to "leak" out of that memory location and since steam was/is linked into IE for displaying content it also suffers from the same possible vulnerabilities that using the IE shell offers anyway.

 

That pretty much died when Microsoft started using the null(data) execution bit protection that simply locks off the memory from system critical processes when leaks occur. its not fool proof, but you would have to circumvent specific areas and have a good idea of another program with root access you could take over to inject code if you wanted to infect through steam, which is much harder then it sounds. most computers now do not allow any naked access to the root unless you disable null execute and other routines.

[Leon]

yes dracula because their active x controls /java controls download a virus in the background... if you watch anything or go to a website with your security not set to ask before downloading website content you download the virus.

 

ergo if you have the right settings and the correct restrictions (dont use IE ) you can go damn near anywhere on the internet and catch no viruses, just don't click on any downloads.

 

as far as the steam "virus" my understanding is that the data exchanged when handshaking the chat connection led to vulnerabilities in the overall steam clients memory usage allowing a program to "leak" out of that memory location and since steam was/is linked into IE for displaying content it also suffers from the same possible vulnerabilities that using the IE shell offers anyway.

 

That pretty much died when Microsoft started using the null(data) execution bit protection that simply locks off the memory from system critical processes when leaks occur. its not fool proof, but you would have to circumvent specific areas and have a good idea of another program with root access you could take over to inject code if you wanted to infect through steam, which is much harder then it sounds. most computers now do not allow any naked access to the root unless you disable null execute and other routines.

 

Yea sometimes (I use IE) i see something wanting to be DL but i had placed it to where it needs my permission to continue.

[Dracula]

yes dracula because their active x controls /java controls download a virus in the background... if you watch anything or go to a website with your security not set to ask before downloading website content you download the virus.

 

ergo if you have the right settings and the correct restrictions (dont use IE ) you can go damn near anywhere on the internet and catch no viruses, just don't click on any downloads.

 

as far as the steam "virus" my understanding is that the data exchanged when handshaking the chat connection led to vulnerabilities in the overall steam clients memory usage allowing a program to "leak" out of that memory location and since steam was/is linked into IE for displaying content it also suffers from the same possible vulnerabilities that using the IE shell offers anyway.

 

That pretty much died when Microsoft started using the null(data) execution bit protection that simply locks off the memory from system critical processes when leaks occur. its not fool proof, but you would have to circumvent specific areas and have a good idea of another program with root access you could take over to inject code if you wanted to infect through steam, which is much harder then it sounds. most computers now do not allow any naked access to the root unless you disable null execute and other routines.

 

Thats why I use Firefox for non-safe sites, also im pretty sure the guy I knew was using the injection process because it wasnt more then a few months ago that he tested it on me.

[Guest Vivian556]

I got 5 today. I just closed the chat a second after anyway. I remember last year a lot of people were afraid of some guy like that. So I changed my steam name and in game name and I scared a lot of people.

 

Remember in {.:B:C:.}, the 'Baby Eater' guy. We scared Fire Ninja with it 'till he cried.

 

Btw: Sorry this is irrelevant to the topic on hand, but it was funny. :C

[Jager]

injecting the code into the actual chat interface means you had something either off, or are using a program that is allowed root access with no restrictions. like running something as an administrator in the settings. not necessarily a risk in the real world, as the person who showed you their program likely knew you, and most people here run vent as administrator to remove some lag issues. and vent is not highly stable as a client system against injection attacks. or at least wasn't due to its hooks into your ethernet for constant data input/output.

 

that and what you may have seen was a simply script kiddie injection system to exploit the big IE vulnerability a few months ago that simply allowed total computer control and since IE doesnt completely unbundle (thank god for win7 and unbundle) they simply could have used that based on your steam id and ip info which is broadcast.

[Dracula]

injecting the code into the actual chat interface means you had something either off, or are using a program that is allowed root access with no restrictions. like running something as an administrator in the settings. not necessarily a risk in the real world, as the person who showed you their program likely knew you, and most people here run vent as administrator to remove some lag issues. and vent is not highly stable as a client system against injection attacks. or at least wasn't due to its hooks into your ethernet for constant data input/output.

 

that and what you may have seen was a simply script kiddie injection system to exploit the big IE vulnerability a few months ago that simply allowed total computer control and since IE doesnt completely unbundle (thank god for win7 and unbundle) they simply could have used that based on your steam id and ip info which is broadcast.

 

Im doughting he was abusing the IE breach because it was before that and he used it to get Steam accounts not computers.

[Prez]

Seriously you guys?

 

I'm so tired of getting these.

 

Fact: you cant get a virus or hacked or any bullshit like that just from adding someone to your friends list.

 

Fact: These stupid chain letters are made by people that are mad at said person or they have no life and just feel like making fake chain letters.

 

Seriously the worst anyone can do to you on steam friends is send you to a link on a fake page that looks like steam login and then steal your password -.-

 

 

 

Sorry, couldn't resist.

[Jager]

well either way, the IE breach was published about 4 -6 months ago though that means it has been known about for anywhere to a year or more. just that the black hats kept quieter about its availability longer then the usual time. and so white hats took a long time to come to a fix.

 

the IE shell is integrated into steam so again i can easily see how he could have siphoned off steam user info or planted a keylogger with the injection.

 

either way if anyone tries again put a block on firewall port 80 it will kill your net, but anything that is trying to report home will founder while you clean it up.

[ckw]

wtf is this? Lol.. at school I have some firends that plays CSS to ( not in SG ) and they had got this chain letter to..