He did let them know discretely months ago. They declined to fix it because it is purportedly not a bug. This was responsible disclosure.
Ah ok, I only read the initial comment, which didn't make it clear the timeline of events.They were notified months ago, apparently
Hm, got a random steam password reset email. Reset my password anyways just to be sure, lo and behold the formatting of the REAL reset email is totally different even though the original says it's from noreply@steampowered.com. The fake reset code they gave was way longer than the real one as well. Not sure what they have to gain by sending a spam email like that, but changed my password around just to be sure...I have steam guard enabled of course.
Who Wants To Be A Millionaire 80% off on Gamersgate, unironic fuck yeah!
i've always assumed that there was at least some review process that goes on in regards to a games actual content. if there isn't, i'll probably hold off on downloading certain bundle trash
i've always assumed that there was at least some review process that goes on in regards to a games actual content. if there isn't, i'll probably hold off on downloading certain bundle trash
I'm admittedly out of my depth here but I would hope that Valve at the very least scans patch updates for viruses and malware. Also local antivirus/malware checkers could catch it.Yeah, but if a dev account is compromised, the "hacker" or whatever could both post some javascript hidden in a Community Announcements, and, like, patching one of the dev games with a full fledged virus...
So, again, if Valve is "forced" to trust devs with their games, why shouldn't they trust them with blogging privileges?
I'm admittedly out of my depth here but I would hope that Valve at the very least scans patch updates for viruses and malware. Also local antivirus/malware checkers could catch it. While not 100% foolproof it does seem like a much more difficult path to getting what you want than the one the developer exploited.
I need wishlist suggestions! I feel like I'm walking into this week without anything that I actually want, but there has to be a ton of good stuff out there that I've just passed by.
Dark Souls 2, I guess, although I never beat the first one because I ran into some GFWL crap that I never managed/bothered to fix. Arkham Origins also comes to mind, although as much as I enjoy those games I often have trouble finding the will to finish them. Couldn't see myself spending more than $10 on Watch_Dogs. Hopefully there'll be some good indies.
I only want the single player story stuff, so dominatrix and santa
Who Wants To Be A Millionaire 80% off on Gamersgate, unironic fuck yeah!
Although, their complete pack isnt complete at all, its missing 2 DLC /rage
Credit isn't really relevant though, as it's comparable to Steam's "card money", not to mention that many GMG customers don't have a playfire account or don't bother with the rewards program. What matters are the discounts themselves, which have been progressively worse since GMG changed it's pricing policy and introduced the rewards system.
Stop doing mean things to my wallet
*considers to buy both packs... starts crying*
Did you buy the pack? I'd like to know if the South Park DLC is actually included. It was pulled from Steam yonks ago (and the Star Trek DLC followed suit back in April, but I have it already).
yes I bought it and it does have the SP dlc. its all seperate keys too. just waiting for GGs stupid "your keys will be available in 10 minutes" bullshit. WTF is that about?
Cleaning out stuff - have at it!
Well, I would assume that a person would only need access to a developer's account, not that they would need to be a developer for Steam themselves. After Heartbleed, which compromised Steam itself, they should have taken steps to fix the issue.
By punishing the ETS2 developer for revealing it, Valve was aware that the exploit could be abused. But they chose not to act, because it is easier to use security through obscurity than to actually fix the problem.
Valve's response of "We trust the developers" seems arrogant, because it suggests that Valve's judgment in accepting developers is perfect. We know that's not the case, and all we need to do to reaffirm this is take a look at the handful of games pulled from Steam for being scams or misleading.
i've always assumed that there was at least some review process that goes on in regards to a games actual content. if there isn't, i'll probably hold off on downloading certain bundle trash
I'm admittedly out of my depth here but I would hope that Valve at the very least scans patch updates for viruses and malware. Also local antivirus/malware checkers could catch it.
While not 100% foolproof it does seem like a much more difficult path to getting what you want than the one the developer exploited.
So, how "sure" we are thta summer sale starts at 19? I dont want to be dissapointed :/
So, how "sure" we are thta summer sale starts at 19? I dont want to be dissapointed :/
It should be clear tomorrow when we know at which time the Midweek Sales end
Or today when no weeklong deals appear.
Or today when no weeklong deals appear.
Or today when no weeklong deals appear.
So, how "sure" we are that summer sale starts at 19? I dont want to be disappointed :/
ModBot said:I am giving away 2 Steam keys. To enter this giveaway, send a PM to ModBot with any subject line. In the body, copy and paste the entire line below that corresponds to the key you want (if you include more than one game, you will be blocked from entering).
Rules for this Giveaway:
- Do not trade keys you win off-site to enrich yourself. Don't try to claim games you have no interest in collecting or playing. Don't claim games to give them to friends off-site.
- If the key is already taken you will not receive a reply. Replies may take a minute or two:
Who Wants To Be A Millionaire? Special Editions + various DLC --MB-BC16B3F822A9C5C2- Taken by The_Super_Inframan
Contraption Maker --MB-96CF844584F8328C- Taken by Chairmanchuck
- Superior Soccer had no outward signs of copy protection, but if it decided it was illegally copied, it would make the soccer ball in the game invisible, making it impossible to play the game.
- In Sid Meier's Pirates, if the player entered in the wrong information, they could still play the game, but at a level that would be very hard to make it far in the game.
- While the copy protection in Zak McKracken and the Alien Mindbenders was not hidden as such, the repercussions of missing the codes was unusual: the player would end up in jail (permanently), and the police officer would give a lengthy and condescending speech about software copying.
- In case of copied versions of Settlers 3, the iron smelters - who are essential to create weapons - would only produce pig irons, making the players inevitably lose weapons because of the lack of armour.
- Bohemia Interactive Studio developed a unique and very subtle protection system for its game Operation Flashpoint: Cold War Crisis. Dubbed FADE, if it detects an unauthorized copy, it does not inform the player immediately but instead progressively corrupts aspects of the game (such as reducing the weapon accuracy to 0) to the point that it eventually becomes unplayable. The message "Original discs don't FADE" will eventually appear if the game is detected as being an unauthorized copy. FADE is also used in ArmA II. They continued these methods in Take On Helicopters, where the screen would blur and distort when playing a pirated copy.
- More recently, Batman: Arkham Asylum implemented a copy protection system where the game disables Batman's glide system and various other features, rendering the player unable to continue beyond a certain point.
- The PC version of Grand Theft Auto IV has a copy protection that swings the camera as though the player was drunk. If the player enters a vehicle it will automatically throttle, making it difficult to steer. It also damages the vehicle, making it vulnerable to collisions and bullets. An update to the game prevented unauthorised copies from accessing the in-game Internet browser, making it impossible to finish the game as some missions involve browsing the web for objectives.
- In Earthbound, unauthorized copies of the game will trigger a checksum that makes enemy encounters appear much more often than in an authorized copy, and if the player progresses through the game without giving up (or cracks this protection), a second checksum code will activate before the final boss battle, freezing the game and deleting all the save files.
- In an unauthorized version of the PC edition of Mass Effect, the game save mechanism would not work and the in-game galactic map would cause the game to crash. As the galactic map is needed to travel to different sections of the game, the player would be stuck in the first section of the game.
- If an unauthorized version of The Sims 2 was used, the Build Mode would not work properly. Walls would not be able to be built on the player's property, which prevents the player from building any custom houses. Some furniture and clothing selections would not be available either.
- A March 2009 update to the BeeJive IM iPhone app included special functionality for users of the pirated version: the screen would read "PC LOAD LETTER" whenever the user tried to establish a connection to any IM service, then quickly switch to a YouTube clip from the movie Office Space.
- Red Alert 2 has a copy protection system, where if an illegal version of it is detected, the player's entire base is destroyed within 30 seconds of the player joining a match.
- The DS version of Michael Jackson: The Experience has a copy protection system where vuvuzela noises are heard as the music is playing, the notes are invisible, making the game impossible to play, and the game freezes upon the player pausing it.
- Older versions of Autodesk 3ds Max use a dongle for copy protection; if it is missing, the program will randomly corrupt the points of the user's model during usage, destroying their work.
- Older versions of CDRWIN used a serial number for initial copy protection. However, if this check was bypassed, a second hidden check would activate causing a random factor to be introduced into the CD burning process, producing corrupted "coaster" disks.
- Terminate, a BBS terminal package, would appear to operate normally if cracked but would insert a warning that a pirated copy was in use into the IEMSI login packet it transmitted, where the sysop of any BBS the user called could clearly read it.
- Ubik's Musik, a music creation tool for the Commodore 64, would transform into a Space Invaders game if it detected that a cartridge-based copying device had attempted to interrupt it. This combined copy protection and an easter egg, as the message that appears when it occurs is not hostile ("Plug joystick in port 1, press fire, and no more resetting/experting!")
- The Amiga version of Bomberman featured a multitap peripheral that also acted as a dongle. Data from the multitap was used to calculate the time limit of each level. If the multitap was missing, the time limit would be calculated as 0, causing the level to end immediately.
- Never Mind, a puzzle game for the Amiga, contained code that caused any pirated version of the game to behave as a demo. The game would play three levels sampled from throughout the game, and then give the message "You have completed three levels; however there are 100 levels to complete on the original disc."
- In Spyro: Year of the Dragon a character named Zoe will tell the player outside the room containing the balloon to Midday Garden Home and several other areas that they are using a pirated copy. This conversation purposely corrupts data. When corrupted, the game would not only remove stray gems and the ability to progress in certain areas but also make the final boss unbeatable, returning the player to the beginning of the game (and removing the save file at the same time) after about 8 seconds into the battle.
- The Atari Jaguar console would freeze at startup and play the sound of an enraged jaguar snarling if the inserted cartridge failed the initial security check.
- The Lenslok copy protection system gave an obvious message if the lens-coded letters were entered incorrectly, but if the user soft-reset the machine, the areas of memory occupied by the game would be flooded with the message "THANK YOU FOR YOUR INTEREST IN OUR PRODUCT. NICE TRY. LOVE BJ/NJ" to prevent the user examining leftover code to crack the protection.
- An update to the sandbox game Garry's Mod enabled a copy protection mechanism that outputs the error "Unable to shade polygon normals" if the game detects that it is pirated. The error also includes the user's Steam ID as an error ID, meaning that pirates can be identified by their Steam account when asking for help about the error on the Internet.
- The Atari version of Alternate Reality: The Dungeon would have the player's character attacked by two unbeatable "FBI Agents" if it detected a pirated version. The FBI agents would also appear when restoring a save which was created by a pirated version, even if the version restoring the save was legal.
- VGA Planets, a play-by-BBS strategy game, contained code in its server which would check all clients' submitted turns for pirated registration codes. Any player deemed to be using an illegal copy, or cheating in the game, would have random forces destroyed throughout the game by an unbeatable enemy called "The Tim Continuum" (after the game's author, Tim Wissemann). A similar commercial game, Stars!, would issue empty turn updates for players with invalid registration codes, meaning that none of their orders would ever be carried out.
- On a copied version of the original PC version of Postal, as soon as the game was started the player character would immediately shoot himself in the head.
- The pirated version of Serious Sam 3: BFE spawns a large immortal monster early on in the game.
- A pirated copy of Pokémon Black or White runs as it was normal, but the Pokémon will not gain any experience points after a battle.
- If Gyakuten Kenji 2 detects a pirated or downloaded copy of the game, it will convert the entire game's text into the game's symbol based foreign language, Borginian, which cannot be translated in any way.
- The pirated version of indie game Game Dev Tycoon, in which the player runs a game development company, will dramatically increase the piracy rate of the games the player releases to the point where no money can be made at all, and disable the player's ability to take any action against it
- In Crytek's "Crysis 3", if a player used a pirated copy of the game, they would not be able to defeat the last boss (The Alpha Ceph), thus making it impossible to beat the game since the last boss was made invincible even if a player shoots at its "weak spots". If a player wanted to fully complete the game they would have to have a legal version of the game.
I agree with you on the bolded paragraph, but as for the other two:
If someone gain access to a dev account, they would be able to:
1) post some javascript in a blog post;
2) publish a patch containing a virus that would be automatically pushed to anyone who has the game installed.
Now, Valve is forced to trust devs to not relase viruses or other shit.
And if they entrust devs with probably the most powerful privilege in computer science, why they shouldn't entrust them with a kinda trivial blogging one?
I guess from Valve standpoint, the ability to post javascript should be used for sort of useful stuff in devs post (IDK, like they post a table full of data and they want to have a system that alphabetically orders rows when you click on the table header, or any other "dynamic" stuff you could imagine). I mean, javascript is not harmful per se. Every single site in the world uses javascript. Enhanced Steam is pretty much all javascript.
So, I repeat: if Valve trust devs there they should easily trust them here.
Now, the problem would be if the dev is a son of a bitch in the first place, but in that case some javascript in a blog post would probably be my (and Valve's) last concern.
This is so funny. Regarding copy protection,
- More recently, Batman: Arkham Asylum implemented a copy protection system where the game disables Batman's glide system and various other features, rendering the player unable to continue beyond a certain point.
It is either happening on the 19th or not. So 50/50.
Now, the problem would be if the dev is a son of a bitch in the first place, but in that case some javascript in a blog post would probably be my (and Valve's) last concern.
I actually don't know this, I'm just speculating.
But really, with the sheer amount of stuff that is released on Steam everyday, if Valve needed to check every single patch devs would need years to get their updates approved to release.
Of course, a simple virus scan would be fine, but could still be worked around by someone who knows what he's doing (aka not me).
Spares:
This is so funny. Regarding copy protection,
In order to save some summer sale money, have some games now
edited: damn, forgot rules, including free for all
I already died ridiculous amounts of times in this room - very fun game though!
Valve trusts the developers.
Especially if they develop using the Source Engine.
I'll assume you like RPGs, open world games, and action games. Here are some of my suggestions:
- Just Cause 2
- Sleeping Dogs
- State of Decay
- Mount&Blade Warband
- Hammerfight
- Binary Domain
- Alpha Protocol
- FEAR 1
- XCOM: Enemy Unknown and its xpac Enemy Within (for your Dark Souls-esque punishment)
- Age of Wonders 3 (Bonus good game, unrelated to your interests)
I guess in the end it comes down to improving their website and client which Valve seems.. resistent to. (For some reason the name "jshackles" comes to mind.)
Spares:
Not entirely. There are a surprising number of nefarious things you can do with javascript that aren't normally detected or blocked by things like a client antivirus. If they publish a patch that contains malware, it's likely to be quickly detected and blocked - though there will always be people that don't use antivirus.
You would need to deliver a 0-day exploit to be successful, and even then a lot of antivirus applications use heuristic scanning methods to detect a lot of known types of exploits. As a javascript developer, I can say you're much more likely to be exploited by javascript, especially if you run a decent antivirus / antimalware solution.
All I really want is Broforce
This is so funny. Regarding copy protection,
In Sid Meier's Pirates, if the player entered in the wrong information, they could still play the game, but at a level that would be very hard to make it far in the game.
there are new Weekly deals, like Farm for your Life for example
welp...doesnt mean anything...right guys? >_>
edit: nvm its a new release, im stupid
according to modbot, these games are still for taking and it seems I have older ones not taken still, I had no idea, so I'll try to make updated giveaway with those too.
send a PM to ModBot
Zero Gear --MB-F7E9939CC5830A56- Taken by fuzzy123
Humanity Asset -- MB-7014DFAE1CE4EAB3
Nosferatu Wrath of Malachi -- MB-84E0C7DF03F32D23
Tiny & Big in Grandpa's Leftovers -- MB-97BE5D82EBEDAA2B
Lume -- MB-B5CB63AB46C717C2
Hostile Waters Antaeus Rising -- MB-1EF032A8FF7F1BCD
Grimind #2 -- MB-D493CE42C15AFBF6
Metal Drift -- MB-C1E1405ACD1CBB3E
Grimind -- MB-0DF8FB1C177E6D17
Cognition An Erica Reed Thriller 1 -- MB-F7FECF5722E46F04
Foreign Legion Multi Massacre -- MB-2A9A4D6F4C91BD44
The Journey Down Chapter 1 -- MB-06294FBDC8B4A5BA
Beatbuddy: Tale of the Guardians -- MB-9D6E148D94838F4F
Ether Vapor Remaster -- MB-B456F45E739052D3
GEARCRACK Arena -- MB-A4AEB1A2EB4EDEBB
Thomas Was Alone -- MB-F382D80290122803
Time Gentlemen Please Ben There, Dan That -- MB-1B04BF4362422588
Soulbringer #2 -- MB-E986708C55038141
edited: if I nuke some keys, should I get reply from modbot these were nuked, or not? Last time I tried to nuke keys, it didn't work, so I don't know. Or should I pm my loot again, to be sure?
Haha thanks, but I own literally every one of those. Hence my problem
Did manage to remember South Park and Transistor though, so it's a start.
Thanks for the explanations, as my knowledge in security is extremely lacking.
But then again, my point is that the problem here shouldn't be the means provided by Valve but the maliciousness of the devs using those means.
So, while Valve should be blamed for overreacting against the ETS2 dev (and btw Valve always seemed to be super friendly with ETS2 team), I'm still not sure they should be blamed for anything else.
In some ways, could be like if tomorrow IsThereAnyDeal started to replace prices history with little boner pics, and suddenly those dicks will pop up on every Steam pages through Enhanced Steam. I wouldn't blame you for getting data from ITAD, but them for choosing boners instead of Saoirse pics.
EDIT: of course is a dumb example, but still.
Deep Silver discounts on Gamersgate are pretty good I must say
Spares: