Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
このトピックはロックされています 
ルールとガイドライン
この投稿を報告する
Well, it worked against Hotmail accounts in the past. Read a story about a woman's boss accessing her personal hotmail, woman changes password, boss can still access it, because the session cookie was given more priority than the password by Microsoft. So, who knows ...
I'm guessing Valve reported the Christmas Day attack in 2015 to the EU, when bad actors attacked Steam's caching server. I was seeing Russian characters inside my account details. It was basically causing some sort of buffer overflow - about a month later someone attempted to use my debit card at a Bank of Canada ATM, but they couldn't get anything because they didn't have my PIN. I think my stored credit card Steam info got buffer overflowed into someone else's account.
https://store.steampowered.com/oldnews/19852
It depends on the implementation
Nowadays lot of websites use limited token with refresh token to avoid this kind of issue
And actually cookies auth is different with token auth in many layers
And actually RAT is not that scary if u aware of it before it's too late=just remove the the services and registry of it from ur computer=they will still be there but it wont be functional because u bypass the core system of it
And u will have enough time to do the deep clean
The scary thing about RAT is not about his 'functions' but about how many people don't aware that they have been infected until it's too late
Even in term of 'scary',ransomware is far more destructive than RAT
it's just RAT working silently until it's late,so it feels more scary for most people
At first I just paid attention to his thread,but it got funnier when people acted like they are experts on this and made a lot of wrong assumption
The main point is=cookies and tokens are 2 different auths method with their own flaws
Idk why but people in this thread oftenly interchange it so much
Steam has lot of security issues,nobody can deny it
but somehow it's funny when people here talking about security yet interchange cookies auth and tokens auth so many times
it leads to misconception,not solution/suggestion
It will lead to a logical fallacy in the end
I don't mind people talking about suggestion together,but pls at least use the same core and concept,otherwise it's just another suggestion with wrong technical concepts that wont get anywhere in the end
its really a no brainer, steams inventory items are more valueable locked on accounts when they can not be traded, it makes the account less able to be compromised maliciously and forces people who get banned to work hard to get items, not trade with other cheaters or hackers to replace skins.
another words, steam would see better profits and players would have more security if trading of game items was removed, players would then have to crate key purchase in the hopes of obtaining the skin they want. thats all steam profit, steam makes nothing on trades and often has to deal with the headaches of disgruntle steam customers who get account items stolen.
copy paste every time yes but...
if you are using password manager with key file and you have blocked any communication of it with application firewall even on an infected windows machine nobody can steal your password because the copy-paste procedure with right click of mouse happens on password manager's memory protected area and the good password managers are destroying the password after some seconds.
for exaple on windows. if you are using keepass that you have blocked it from communicating (every outbound or inbound connection to this program) and you open it with a txt file that is total random and you only you know that it is a key file for keepass nobody can steal the passwords you copy paste from it with right click of mouse or open to their computer your keepass database if they steal it from your computer!
OFC, if you want the maximum security you should never use remote accounts (win 11 default accounts), only local accounts and you should open your password manager before any game launcher or game because modern games are monitoring keystrokes too! for example the cefhost.exe (better not say what game is using it) that is monitoring keystrokes as it reported from the sandboxes on virustotal : https://www.virustotal.com/gui/file/b4e1c4538810704c57c387ef6c4de50ba35fc874a3ef8146ce093da3ec97a617/behavior
press the + on Crendetial access to see what virustotal reports
p.s. ofc you can not trust an infected computer but as i said the key point of every security are the application firewalls that the good antiviruses have included
Because for the average user, a password manager is kind of like a password list that someone can get from you. And the password for it as well. If the computer is infected. Keepass tells the users as well, an infected computer can not be used safely.
There are other questionable descriptions as well in your post. Like the recommendation to block keepass from the internet to be protected from leaking. That does not protect against a rat.
Also, if i am not wrong copy pasting with clipboard is not protected. Maybe auto insert is, to a degree.
i have a feeling that the average user is storing his/her passwords inside plain text files
this is why the password managers have auto-fill and the password manager is doing the copy paste not the user aka the infected computer
if you want to see how watch this small video
https://youtu.be/SPru0GChf8E?feature=shared
but i am sure the common users will hate password managers if they try auto-fil and fail and this is why i didn't mention it before.
Just saying, so that its not forgotten to keep the computer safe.
One question, how do you sequence login pages that ask on one page for username, and then on another for password?
nobody knows except the password manager what is the keyfile ...
malwares don't know because malwares have access to command line not to desktop. To know something like that we are not speaking for a malware anymore but for a REMOTE DESKTOP and it is over if a hacker taket the access of your DESKTOP
password managers may support some type of scripting.
So, you are solving this problem by adding an ENTER command after username and a DELAY X seconds before continue to allow browser go to the next page to send the password.
https://sourceforge.net/p/keepass/discussion/329221/thread/cf24f97df7/