Random Thought: Steam Games

Be awesome to insert a key for a boxed game to get a digital download of it.

Of course, I’m not sure I need or want to download my Falcon 4.0 huge box set.. but it would be nice to see in my Steam library.

The two things to make Steam better…

1) Show me the DLC that I have already bought.

Seriously..  you can show me a ‘Hey!  You already own this game!’ banner, but you can’t show me what/which DLC has been bought in the list of ‘buy this stuff now!’?

2) WTF is this game?

Yea!  There’s a news feed for each game, a feed to show who’s playing it and an achievement list.. even a ‘game info’ section, that says NOTHING about the game..
at least give me the genre or some description about the game, that I’ve never heard of (OK that’s rare)  that was apart of some bundle pack.

Steam vulnerability can lead to remote insertion of malicious code

by Kyle Orland – Oct 17 2012, 2:11pm EDT via [ArsTechnica]

Aurich Lawson

Millions of Steam users are potentially vulnerable to a newly disclosed attack method that exploits a hole in the way Steam commands interact with certain games, Web browsers, e-mail clients, and other software.

Security researchers at ReVuln, based in Malta, published details of the attack [PDF] earlier this week. The vulnerability resides in the Steam Browser protocol, which is commonly used by websites such as the Steam Web Store to install, uninstall or launch Steam games and perform other common tasks, using URLs starting with "Steam://". By getting a user to click a link to a specially formed Steam URL, an attacker can remotely exploit buffer overflow bugs and other vulnerabilities in various Steam games and in Steam itself to create and run malicious code on a target’s machine, as shown in a posted proof of concept video.

"This is a completely new attack vector, so it’s not related to a single game," Donato Ferrante, a ReVuln co-founder and security researcher, told Ars. "Most of the games on Steam share the same game engine." Once attackers have identified a vulnerability in one of the engines, they can use the Steam protocol to exploit it, he explained.

For instance, a Steam URL can be coded to call a "reinstall" command, which loads a splash image file hosted on an arbitrary Windows Shared Drive controlled by the attacker. By exploiting an integer overflow vulnerability in the way Steam handles that splash image, the attacker can load malicious code into remote memory.

Other exploits disclosed in the ReVuln report depend on the targeted user having specific Steam games installed on their system in order to work. One attack passes URL-encoded run-time instructions to any game based on the popular Source engine, prompting that game to create a new log file with arbitrary content inside. Using this vulnerability, the attacker can create a batch file from whole cloth and insert it in the target’s Startup folder, for instance. Similar exploits described in the paper make use of games running the Unreal Engine, as well as specific games like APB Reloadedand Microvolts. Note that these games don’t have to be actively running for the attack to work—simply having them installed through Steam appears to be enough to let an attacker in through a coded URL.

Not all Web users are equally at risk to these kinds of attacks. Browsers such as Chrome and Internet Explorer present users with an explicit warning when they click a Steam link, telling them they’re about to open or use an external program, and Firefox asks users for confirmation (without explicitly warning of potential vulnerability). Browsers including Apple’s Safari and Webkit, though, allow Steam URLs to launch the program without any warnings, letting a potential attack go completely unnoticed. Many browsers that provide prompts or warnings by default can be configured to suppress them, so it’s possible attacks might work more widely, Ferrante said.

Further, while the attack is less noticeable if Steam is already running in the background, it seems that, in the right browser, the attack can launch Steam and insert the malicious code before a user is able to do anything about it.

If you are running Steam and using a vulnerable browser, you can protect yourself by going into the settings and disabling automatic launching of Steam:// URLs. If you’re already using a browser that gives warning when URLs try to launch external programs, keep a special watch for any suspicious links that try to launch Steam.

Valve has yet to respond to a request for comment on the newly publicized vulnerability.

8 Serious Sam games for under $30.

Rich Knuckles is back to celebrate the launch of the Serious Sam Complete Pack on Steam. Let him take you through the Serious Sam series and then run over to Steam and grab all Serious Sam games while they are 66% off! 

PURCHASE THIS SO HARD: http://store.steampowered.com/sub/13606/

Can’t beat that price if you like old school First Person shooters.

Duke Nukem Forever has gone gold!

Source: 2K Games PR

Vaporware no more! Gaming’s most legendary hero makes his triumphant return this June

Windsor, UK – May 24, 2011 – 2K Games and Gearbox Software are proud to announce that Duke Nukem Forever®, one of the most anticipated entertainment properties of all time, has “gone gold” and will be available at retailers on June 10, 2011 internationally and on June 14, 2011 in North America. The road to gold was paved over the course of 15 years and its legendary path climaxes on the Xbox 360® video game and entertainment system from Microsoft, PlayStation®3 computer entertainment system and Windows PC. Gamers who pre-order the title from select outlets will ensure that they are among the first to experience this legendary piece of gaming history when the demo* launches on June 3, 2011 for all platforms, exclusively for Duke Nukem First Access Club Members.

“Duke Nukem Forever is the game that was once thought to be unshippable, and yet here we are, on the precipice of history,” said Christoph Hartmann, president of 2K. “Today marks an amazing day in the annals of gaming lore, the day where the legend of Duke Nukem Forever is finally complete and it takes that final step towards becoming a reality.”

Created over the span of 15 years, Duke Nukem Forever was first developed with the intense passion and commitment from an inspired group of dedicated designers, artists and programmers at 3D Realms under the direction of game industry icon, George Broussard.

“Duke Nukem Forever and its journey to store shelves is legendary,” said George Broussard, creative director at 3D Realms. “It’s an epic tale of four game development studios that banded together and did the unthinkable and shipped the unshippable. When you play this game you will be reminded of that epic journey at every turn and in every small detail of the game. The character, attitude, interactivity, gameplay and political incorrectness combine to make a Duke Nukem game a unique gaming experience. In the timeless words of Duke Nukem it’s finally time to ‘Come Get Some’. Come be a part of gaming history.”

In 2009, after many believed that Duke Nukem Forever would never be completed, a small team of intrepid developers, known as Triptych Studios, resurrected the dream. Through their inspiring and steadfast commitment to the game and their exemplary talent and skill, they finally assembled the pieces to create an incredible, epic and cohesive gameplay experience. Under the production of Gearbox Software, Triptych Studios, Piranha Games and many other contributors joined together in a heroic effort to complete the long awaited game as a polished, full-featured triple-A title.

“Always bet on Duke, I did,” said Randy Pitchford, president of Gearbox Software. “I bet on all of the developers who have ever been a part of this legendary project and I bet that none of us want to live in a world without the Duke. I’ve played the final game and it is an incredible experience – a once-in-a-lifetime opus of interactive entertainment that reminds me once again why Duke Nukem is our King. The developers of Duke Nukem Forever at 3D Realms, Triptych, Piranha and finally at Gearbox deserve our thanks and respect for never giving up and have truly shown us that they have balls of steel!”

Strictly for the biggest Duke Nukem fans, the First Access Club grants members exclusive access to the pre-release demo on June 3, 2011 so that they are amongst the first to experience gaming history in the making. There are multiple ways fans can join the exclusive First Access Club, by pre-ordering the game from select retailers or by purchasing the Borderlands Game of the Year Edition on Xbox 360, PlayStation 3 system and Windows PC.

True Duke Nukem die-hards will want to get their hands on the Duke Nukem Forever Balls of Steel Edition. This package is spilling over-the-brim with legendary content that is not to be missed by those who want the ultimate experience of this historic arrival. Premium items, such as a Duke Nukem Bust and an art book that chronicles the development of Duke Nukem Forever, flank a package that is overflowing with content. Check out http://www.dukenukemforever.com/preorder/ to see exactly how much stuff could be crammed into one box.

Apologising to no one, Duke Nukem Forever is the high-octane video game equivalent of a Hollywood summer blockbuster. Starring the legendary lady killer and alien slayer, Duke Nukem Forever brings gamers back to a blastastic time when games were filled with head-popping, bone-rattling action, brazenly crude humor, impossibly statuesque women dying for affection, and catchy one-liners meant to make you laugh out loud.

Duke Nukem Forever is rated 18 by BBFC. For more information on the game, including where to pre-order, please visit http://www.dukenukemforever.com.

*Xbox LIVE, PSN or Steam, Duke First Access Club token and Internet connection required to access demo.

2K Games is a division of 2K, a publishing label of Take-Two Interactive Software, Inc. (NASDAQ: TTWO).

Steam to offer EVE Online as the First MMO on the service.

CCP GamesEVE Online, a space-themed massively multiplayer online world, has become the first MMOG to distribute through Steam, a digital distribution platform for games. “We are immensely excited and honored that EVE Online will be the first MMO on Steam,”  Magnus Bergsson, VP of Sales at CCP, said in a statement. “Steam has been the leading online distribution platform for a long time and home to some of the most dedicated gamers around, so we couldn’t think of a better fit for EVE Online.” EVE drew attention over the summer for appointing an official in-world economist, and it followed up on plans to use the world for research by co-launching a 2.5-year program in January. Steam users will receive a free 21-day trial of EVE and $5 off their first full month.

[Via: Virtual Worlds]