Difference between revisions of "DBSA:2014-0003"
Line 42: | Line 42: | ||
'''Under Windows XP:''' | '''Under Windows XP:''' | ||
* Press [Windows Key] + [R] | * Press [Windows Key] + [R] | ||
− | * | + | * Enter into Run: '''cmd''' — hit enter. |
* Enter into the Command Line: '''ipconfig /flushdns''' — hit enter | * Enter into the Command Line: '''ipconfig /flushdns''' — hit enter | ||
* Close the Command Line and start Steam as normal. | * Close the Command Line and start Steam as normal. |
Revision as of 10:46, 17 February 2014
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Valve Anti-Cheat System (VAC) Scans Windows DNS Caches
Keywords: Valve, Steam, Information Disclosure, DNS
DBSA ID: 2014-0003
Regarding: Valve Anti-Cheat System (VAC) Scans Windows DNS Caches
Writeup: Kradorex Xeron (talk) 10:30, 17 February 2014 (EST)
Date: 2014 02 17
Last Modified: 20140217104631 by Kradorex Xeron
Who should take note: All Steam Users
Classification
Priority: MODERATE
Rationale: Information is disclosed to a remote party without user awareness
Severity: LOW
Rationale: Information submitted is hashed prior to submission
Spread of Issue: SINGLE-PLATFORM MODERATE
Rationale: There are many users of the Steam game software platform under Windows
Description
Steam is a game software platform developed and published by the Valve Corporation that is capable of playing multiple games through a single common platform. Recently there was a disclosure that the Valve Anti-Cheat System (VAC) acquires the content of the Windows DNS cache and processes each entry sequentially. Each entry is hashed and submitted to Valve-controlled servers likely for the purpose of checking to ensure cheats or malicious websites are not being utilized to tamper with the platform. Notwithstanding the hashing, this has the effect of disclosing information about what websites are visited and possibly provides a method of statistical analysis of those visitations.
The hashing algorithm utilized is md5.
Mitigation/Solution
Despite the fact this mechanism may have legitimate purpose, this is an uninformed information disclosure and should be approached with caution as any potential for disclosure.
If there are confidential or other similar websites that you have recently visited, to prevent potential disclosure of the number of websites you visit or potentially associating yourself with others that visit those sites, it is advised to clear your DNS cache:
Under Windows XP:
- Press [Windows Key] + [R]
- Enter into Run: cmd — hit enter.
- Enter into the Command Line: ipconfig /flushdns — hit enter
- Close the Command Line and start Steam as normal.
Under Windows Vista/7:
- Open the Start Menu
- Enter into the bottom search box: command
- Right Click Command Line and Start as Administrator (if UAC enabled), start normally otherwise.
- Enter into the Command Line: ipconfig /flushdns — hit enter
- Close the Command Line and start Steam as normal.
Under Windows 8/8.1:
- Press [Windows Key] + [F]
- Enter into the search box: cmd — hit enter
- Right Click on the cmd result
- Click the Advanced button at the bottom and Run as Administrator
- Enter into the Command Line: ipconfig /flushdns — hit enter
- Close the Command Line and start Steam as normal.