Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
The author of this topic has marked a post as the answer to their question.
Discussions Rules and Guidelines
Report this post
Nothing else should be compromised due to this no, especially now that it has been patched.
To put your mind at ease, it was the servers that were compromised. The only thing they changed was the text string when you loaded into the server.
Someone having access to the server does not mean your client (and thus your computer) was compromised.
I assure you that if someone had found an RCE exploit to do things to your computer, they would have done much more than spamming an obscene message on your screen.
I feel much better now, thanks.
Thank you for explaining this better than me!
I can see in jkterjter's game list that they played Counter Strike 2 (formerly CS:GO).
For at least two months from mid-may to mid-july of 2018 (and who knows how long before that), CS:GO had an actual Remote Code Execution exploit by using malformed data that can be reliably reproduced by simply making the player download a custom map (which happens all the time in community servers).
The individual that found it, reported it to Valve, it was fixed, and they were paid a nice bounty.
It goes to show that whilst yes, these things are always possible and yes that's real scary, the amount of knowledge and experience that would be required to find these things is not something the vast majority of people have. And when you find an exploit THAT big, what do you do with it? Well, that depends on what sort of person you are.
If you're a good person, you report it to the devs, and work with them to fix it. You help protect many people and likely get a nice cash bounty for just doing the right thing.
If you're a bad person, well sure there's a lot of things you could do, install crypto miners, steal personal data, whatever. But that only lasts until someone else finds the exploit and reports it. Then they get the bounty, and your exploit no longer works.
Now, with all that in mind, if you were a bad person with an RCE exploit, you definitely would not just go changing random text in the game to some obscene message to mess with people because it means people will know there's a problem, and will start looking for the exploit so they can fix it, which means you have less time to take advantage of it.
So the fact that the only thing that happened is some rude text, it's safe to assume that was the absolute extend to their capability with this exploit, because if they could have done worse, they most likely would have, and wouldn't want you to know something was wrong.