19-year-old college student fixes Steam's crypto
http://i1-news.softpedia-static.com/images/fitted/340x180/valve-fixes-steam-crypto-bug-that-exposed-passwords-in-plaintext.png
May 1, 2016 19:20 GMT · By Catalin Cimpanu Valve updated the Steam gaming client to fix a severe security issue in the application's crypto package that under certain conditions would have allowed an attacker to view a user's password in plaintext if observing network traffic when the user was authenticating on the platform.
Security researcher Nathaniel Theis (XMPPwocky) is the one that discovered the issue and also wrote an advanced technical write-up detailing the attack's steps.
To understand the attack, users first need to know how Steam's cryptography works. Valve designed the Steam crypto module to keep data secret and to authenticate connections so nobody can pass as another user.
Full Article
