http://www.theregister.co.uk/2004/11/29/ie_security_holes/
It is aimed at Microsoft but as history has revealed to us, it could equally apply to Valve and their STEAM platform and Network. "But I wonder what measures they have in place to prevent future problems. Will they take a step back and instead of fixing a specific URL spoofing vulnerability ask themselves why it is even possible to spoof a URL in the first place?" "One might ask, how do you code for these future threats if you don't even know what they are. The answer is simple: you follow basic best practices for security and never, ever divert from them. In all the history of security vulnerabilities, many issues were foreseeable and could have been avoided by following basic best practices. Follow the fundamentals and you worry less about the major threats. You worry about them less because you have so many layers of protection they either don't exist, or their impact is small." STEAM is not insecure because people attack it; STEAM is insecure because it is secured by 2 pieces of string and a clothes peg. Until Valve change their mindset, the same problems with STEAM, STEAM_ID's and VAC will remain no matter how many times they are patched. It is a lesson even Microsoft is starting to learn. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
