Remove all Discord CDN links :: Suggestions / Ideas

Todas las discusiones > Foros de Steam > Suggestions / Ideas > Detalles del tema

Este tema ha sido cerrado

Kerry 16 NOV 2022 a las 1:32 p. m.

Remove all Discord CDN links

The chat program Discord is a known dumping ground for malware and malicious bots, and is widely used for command and control of serious malware including credential stealers, ransomware, and other things. Some malware can even use Discord to crash other players' games.

Sophos, an anti-malware publisher and research group, reports that the greatest amount of malware they've found on the Discord Content Distribution Network is, quote: "credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs."

This means software that steals bank account info and Steam account info.

So by allowing games that link with Discord to run on Steam, ValveCorp is inadvertently putting their users and all the games on this platform at serious risk of catastrophic loss.

I believe that these games should be sanctioned or heavily restricted in their capability to link with Discord, and all links that lead to a Discord server should be considered a direct link to malware.

Source: https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/

EDIT: I will not allow this thread to be derailed by any method. Attempts to bring up previous threads are obvious attempts to derail a thread and will be treated as such.

Each creator who makes a post that attempts to derail this thread will result in one singular chain of action:

Mute, block, report. You're not worthy of my time if you keep trying to derail the thread and troll me. You're not going to get a rise out of me.

EDIT: I'm sick and tired of some people (not naming names) being so stuck-up and closed-minded that they cannot admit that other people have different experiences.

The technically-impossible happens all the time. Just because YOU haven't seen it happen, doesn't mean weird crap doesn't happen!

Última edición por Kerry; 17 NOV 2022 a las 4:44 p. m.

< >

Mostrando 151-165 de 599 comentarios

Kerry 16 NOV 2022 a las 3:47 p. m.

Publicado originalmente por Tito Shivan:
Publicado originalmente por Kerry Freeman:
And? You just proved my point AGAIN. If it were blacklist/whitelist, then ALL mediafire and Discord CDN links would be blocked completely.
Back to the cat and mouse game: If Steam blocked links to discord CDN servers it'd only take posting a URL redirecting you to a discord CDN url or a URL shortener to make the Steam blocking moot.

Publicado originalmente por Kerry Freeman:
Nope, I didn't click questionable links or download questionable downloads.
Did you get actual malware in your computer?

Yep, I got Petya.

Still didn't click any questionable links or download any questionable downloads.

#151

ุ 16 NOV 2022 a las 3:49 p. m.

Publicado originalmente por Satoru:
Im not sure why everyone is trying to convince the OP when its pretty obvious the OP doesn't actually understand anything at all. And wants to blame 'everyone else' for their own phishing compromise and thinks "yes lets ban the most popular communications program off of steam" as opposed to "how can I educate myself to not fall for phishing attacks"

It's the same dude who wanted to sue Draconia for copyright infringement, trying to claim his copyright was automatically "filed" when he posted the term in a forum post, with a footer claiming the word was his.

But never...actually filed a patent or legit copyright.

#152

Tito Shivan 16 NOV 2022 a las 3:51 p. m.

Publicado originalmente por Kerry Freeman:
Still didn't click any questionable links or download any questionable downloads.

Malware links do not show themselves as 'questionable'.

#153

Kerry 16 NOV 2022 a las 3:51 p. m.

Publicado originalmente por Mad Scientist:
Publicado originalmente por Kerry Freeman:
Nope, I didn't click questionable links or download questionable downloads.

User error not applicable. Again, user error not applicable.
You seem overly certain of that.
People with good enough security don't just lose everything. Clearly, you did something and were unaware of it or you thought something illegitimate in disguise was legitimate.

If no malware that can compromise your steam account is detected by a proper scan, then your online activities would be confirmed as the primary source of becoming compromised.

People don't bother hacking Steam when people are so easily tricked.

Publicado originalmente por Kerry Freeman:
Still though, if you have to trick someone into doing something, then you're solely responsible for that trick.
It's like saying driving drunk and claiming the person that allowed you to purchase alcohol is at fault for you running into a tree.

The very standard response is Users are responsible for their accounts security. That means the security is fine, but the user is the cause of an account becoming compromised. By telling users they're responsible, the fault of becoming compromised regardless of intention is the user.

To use the internet, people need to become aware of standard practices of security, and that of common attack attempts.

Let's break down your post into individual issues.

From the top:

Publicado originalmente por Mad Scientist:
Publicado originalmente por Kerry Freeman:
Nope, I didn't click questionable links or download questionable downloads.

User error not applicable. Again, user error not applicable.
You seem overly certain of that.
People with good enough security don't just lose everything. Clearly, you did something and were unaware of it or you thought something illegitimate in disguise was legitimate.

I am not overly certain, I AM certain. While it is possible I might have done something I was completely unaware of, I am generally certain that I would know if I'd gone somewhere bad, even on accident.

Publicado originalmente por Mad Scientist:

Publicado originalmente por Kerry Freeman:
Still though, if you have to trick someone into doing something, then you're solely responsible for that trick.
It's like saying driving drunk and claiming the person that allowed you to purchase alcohol is at fault for you running into a tree.

The very standard response is Users are responsible for their accounts security. That means the security is fine, but the user is the cause of an account becoming compromised. By telling users they're responsible, the fault of becoming compromised regardless of intention is the user.

To use the internet, people need to become aware of standard practices of security, and that of common attack attempts.

Except when you purchase alcohol, you KNOW you're purchasing alcohol.

Apples and oranges.

Última edición por Kerry; 16 NOV 2022 a las 3:56 p. m.

#154

Kerry 16 NOV 2022 a las 3:52 p. m.

Publicado originalmente por Leonardo Da Pinchi:
Publicado originalmente por Satoru:
Im not sure why everyone is trying to convince the OP when its pretty obvious the OP doesn't actually understand anything at all. And wants to blame 'everyone else' for their own phishing compromise and thinks "yes lets ban the most popular communications program off of steam" as opposed to "how can I educate myself to not fall for phishing attacks"
It's the same dude who wanted to sue Draconia for copyright infringement, trying to claim his copyright was automatically "filed" when he posted the term in a forum post, with a footer claiming the word was his.

But never...actually filed a patent or legit copyright.

Irrelevant to this conversation.

#155

Kerry 16 NOV 2022 a las 3:53 p. m.

Publicado originalmente por Leonardo Da Pinchi:
Publicado originalmente por Kerry Freeman:

Not if he was tricked. Then the trickster and his or her collaborators bear sole responsibility.

It's like when people who play practical jokes get in trouble if the person who they played their joke on, gets hurt.
Avoiding clicking suspicious links and knowing basic phishing is literally like..middle school level knowledge these days when it comes to cybersecurity. The willfully ignorant getting their ♥♥♥♥ taken, because they don't want to spend an hour to learn how to protect themselves?

Still their fault.

Agreed.

However, if I were willfully ignorant then THIS account would be compromised too, because I got one of those phishing "vote for my team" chat messages not that long ago, and from a trusted friend too.

I recognized it was a phishing attempt since said friend doesn't even play the game they wanted me to vote for, and didn't click.

Última edición por Kerry; 16 NOV 2022 a las 3:55 p. m.

#156

ุ 16 NOV 2022 a las 3:55 p. m.

Publicado originalmente por Kerry Freeman:
Publicado originalmente por Tito Shivan:
Back to the cat and mouse game: If Steam blocked links to discord CDN servers it'd only take posting a URL redirecting you to a discord CDN url or a URL shortener to make the Steam blocking moot.

Did you get actual malware in your computer?

Yep, I got Petya.

Still didn't click any questionable links or download any questionable downloads.

Depending the variant, it could have been using EternalBlue, which...Microsoft released a patch for.

The original payload required the user to grant it admin priveleges, aka run the .exe as admin.

And early builds were put as .pdf payloads.

All of which, could have been stopped, at user level by keeping your stuff updated and, well, not clicking links/running .exe files.

#157

Kerry 16 NOV 2022 a las 3:57 p. m.

Publicado originalmente por Leonardo Da Pinchi:
Publicado originalmente por Kerry Freeman:

Yep, I got Petya.

Still didn't click any questionable links or download any questionable downloads.
Depending the variant, it could have been using EternalBlue, which...Microsoft released a patch for.

The original payload required the user to grant it admin priveleges, aka run the .exe as admin.

And early builds were put as .pdf payloads.

All of which, could have been stopped, at user level by keeping your stuff updated and, well, not clicking links/running .exe files.

Yep, I was fully patched up and didn't grant any admin priveleges. I also didn't download anything or click any links.

So explain how I got it without a download, without clicking any links, and without allowing it privileges, and being fully patched up with not one, but TWO antimalware softwares (Windows Defender AND Avast antivirus) at the time.

Última edición por Kerry; 16 NOV 2022 a las 3:59 p. m.

#158

Crazy Tiger 16 NOV 2022 a las 3:59 p. m.

Publicado originalmente por Kerry Freeman:
Publicado originalmente por Leonardo Da Pinchi:
No, because neither have been reported as malicious. Funny that, huh?

Can't imagine why that is - they're known malicious delivery systems.

Discord's CDN is the worst of these, because it's used as a command, control, distribution and obfuscation tool.

You are aware lots of links on Mediafire and Discord are perfectly valid without any virus/malware or anything, right?

If you can't imagine why commonly used community websites won't get blocked, you might want to do some thinking.

Publicado originalmente por Kerry Freeman:
Yep, I got Petya.

Still didn't click any questionable links or download any questionable downloads.

If the link was "questionable", you likely wouldn't have clicked it. And because links aren't always noticably "questionable", it's a bit hard to block them.

Your suggestion is to use a canon to kill a mosquito. It's overkill and not practical. Besides, applying that logic would mean the whole internet should be blocked, cause technically every link can be potentially dangerous in that regard. But again, that would be overkill and not practical.

#159

ุ 16 NOV 2022 a las 3:59 p. m.

Publicado originalmente por Kerry Freeman:
Publicado originalmente por Leonardo Da Pinchi:
Depending the variant, it could have been using EternalBlue, which...Microsoft released a patch for.

The original payload required the user to grant it admin priveleges, aka run the .exe as admin.

And early builds were put as .pdf payloads.

All of which, could have been stopped, at user level by keeping your stuff updated and, well, not clicking links/running .exe files.

Yep, I was fully patched up and didn't grant any admin priveleges. I also didn't download anything or click any links.

So explain how I got it.

You did, and don't remember.

Ten to one you clicked a discord CDN which likely hyperlinked to a download URL, which then you accepted.

Discord can't FORCE you to download files. It's all user input.

#160

Kerry 16 NOV 2022 a las 4:01 p. m.

Publicado originalmente por Crazy Tiger:
Publicado originalmente por Kerry Freeman:
Yep, I got Petya.

Still didn't click any questionable links or download any questionable downloads.
If the link was "questionable", you likely wouldn't have clicked it. And because links aren't always noticably "questionable", it's a bit hard to block them.

Your suggestion is to use a canon to kill a mosquito. It's overkill and not practical. Besides, applying that logic would mean the whole internet should be blocked, cause technically every link can be potentially dangerous in that regard. But again, that would be overkill and not practical.

True - if a link is obviously questionable I don't click it. Most of these people are arguing that I do, however. Which makes them ignorant, and willfully so.

#161

Kerry 16 NOV 2022 a las 4:01 p. m.

Publicado originalmente por Leonardo Da Pinchi:
Publicado originalmente por Kerry Freeman:

Yep, I was fully patched up and didn't grant any admin priveleges. I also didn't download anything or click any links.

So explain how I got it.
You did, and don't remember.

Ten to one you clicked a discord CDN which likely hyperlinked to a download URL, which then you accepted.

Well, one to one you're wrong.

Última edición por Kerry; 16 NOV 2022 a las 4:02 p. m.

#162

Mad Scientist 16 NOV 2022 a las 4:02 p. m.

Publicado originalmente por Kerry Freeman:
I am not overly certain, I AM certain. While it is possible I might have done something I was completely unaware of, I am generally certain that I would know if I'd gone somewhere bad, even on accident.

Even the most basic attacks are intentionally made to look as legitimate as possible or to be like the places you're using.

Publicado originalmente por Kerry Freeman:
Except when you purchase alcohol, you KNOW you're purchasing alcohol.

Apples and oranges.

It's still that you're shifting blame for user error or incorrect use.

Look at the individuals with non-compromised accounts and ask how/why their inventories are intact.

#163

ุ 16 NOV 2022 a las 4:02 p. m.

Publicado originalmente por Kerry Freeman:
Publicado originalmente por Crazy Tiger:

If the link was "questionable", you likely wouldn't have clicked it. And because links aren't always noticably "questionable", it's a bit hard to block them.

Your suggestion is to use a canon to kill a mosquito. It's overkill and not practical. Besides, applying that logic would mean the whole internet should be blocked, cause technically every link can be potentially dangerous in that regard. But again, that would be overkill and not practical.

True - if a link is obviously questionable I don't click it. Most of these people are arguing that I do, however. Which makes them ignorant, and willfully so.

Fun fact, links can come up completely benign at a glimpse, and still be very malicious.

Were you around during the limewire days?

#164

ุ 16 NOV 2022 a las 4:02 p. m.

Publicado originalmente por Kerry Freeman:
Publicado originalmente por Leonardo Da Pinchi:
You did, and don't remember.

Ten to one you clicked a discord CDN which likely hyperlinked to a download URL, which then you accepted.

Well, one to one you're wrong.

Proof, other than you continually going "No, you're wrong."?

#165

< >

Mostrando 151-165 de 599 comentarios

Por página: 1530 50

Todas las discusiones > Foros de Steam > Suggestions / Ideas > Detalles del tema

Publicado el: 16 NOV 2022 a las 1:32 p. m.

Mensajes: 599

Comenzar una nueva discusión

Normas y directrices sobre discusión

Denunciar este mensaje