GAMERS LAIR

oldwhiskeypete

igbrokeigpeət

Well-known member
Messages
1,606
Points
113
LuckyStrike1305 said:
I don't like the sound of this.. The middle of this sounds bad
Click to expand...
The authenticator needs a token (or whatever) that you -yourself- have to give it. So you can only steal yourselfs credentials.

As an example, there's a steamcommunity bot that trades festival cards. It's probably setup so it only accepts 1:1 trades (so one user can't empty the bot's inventory). From a user's perspective, you choose the cards that you are missing and give back the cards that are duplicates; then you need to use your phone to permit the trade. The bot automates the other side; no need to verify the cards or the trade by phone each transaction, from the owner.

I don't think it's possible to steal one's inventory through this unless, of course, a user made a bot himself for auto-trading and screwed up the configurations allowing 1:all or none:all trades.

It would be probably easier to fool a user into a steam look-alike sign-in page and get their user/pass and then backstab them when they aren't expecting (while vanishing with their inventory).

whatnitrus said:
Your missing an important factor, this mobile authenticator runs on a windows desktop...at least the one I linked does.
Click to expand...
I know. It's sus, but as usual some people either don't want to give steam their phone number or don't have phones that can run the steam authenticator. So there are some programs that implement that protocol. I have no idea what limitations and problems arise from their use.
It's also needed for automation, otherwise in n trades you'd have to verify n transactions by hand by both parties.

My point being that these programs were probably made by users with legit intentions (trading, farming, collectors) but, as always, can probably be used indirectly for scamming and/or taking advantage of unaware users. 🤷‍♂️

LuckyStrike1305 said:
Story of my life.. Until bf starts "threatening" me xDDD
Click to expand...
That's a reality TV show I'd watch.🍿
So many questions:
1. Is he high energy and driven like you, or is he the opposite of you?
2. Was he the one that bought the yellow candles for your bday cake? 😂
3. Has he ever won an argument with you? 😅

I hope me being 👃y doesn't end up what burns the Lair to the ground. 🙏
 
whatnitrus

WhatNitrous

Well-known member
Messages
23,476
Points
113
oldwhiskeypete said:
My point being that these programs were probably made by users with legit intentions (trading, farming, collectors) but, as always, can probably be used indirectly for scamming and/or taking advantage of unaware users. 🤷‍♂️
Click to expand...
And you'll get no arguments from me there, just like I said about arch itself, it was MORE likely designed because someone was pissed at steam NEVER dropping some cards, long before it became what it is now...either the dev saw profit, popularity, or just liked the idea themselves mid project...or the dev put up the source and its been modified to that end.

As i also said, the sus part was that the project was forked and nothing else remotely of its caliper exists on their repository, thats an alarm right there...even a potential accident waiting to happen if nothing else.

If they simply needed to "use" the already made program it wouldn't be on their page as one of their own projects...but really, I'm done with this.

People are more than welcome to test the theory, I've said my piece. Godspeed.
oldwhiskeypete said:
That's a reality TV show I'd watch.🍿
So many questions:
Click to expand...
Now I'm curious, particularly about number 3, I'd bet my money on NO unless it was an argument about a video game she didn't really like :ROFLMAO:
 
whatnitrus

WhatNitrous

Well-known member
Messages
23,476
Points
113
oldwhiskeypete said:
The authenticator needs a token (or whatever) that you -yourself- have to give it. So you can only steal yourselfs credentials.
Click to expand...
The token is a lousy cookie, you can easily pull that with a script :LOL: (this is why I warn people about just pasting god knows what into the console), I also know a script need to be run on the user end, for the record...but once connected to anything remote its possible to be done.

I'll say it again, the only thing thats actually impossible is trusting in another programs limitations and rules to keep you safe. Thousands of major companies and users credit cards/credentials are stolen every HOUR...I'm sure theres not a snowden situation going on that often.

Most people likely don't realize this but steam has a hidden webhook/url functionality built in and third party sites call a URL for the add game to library button...and how do you think you sign into 3rd party sites with steam? 🍪 or 🪝

If a site can use it to pull your libraru info, wishlist, inventory, and alot more...what would made you doubt a malicious user can't do the same?

I'm sure that license removal feature you see in your game list has a nice little remlicense javascript alternative as well, just nobody ever found a purpose to use it ;)
 
Last edited:
syleox

syleox

Well-known member
Messages
3,593
Points
113
syleox said:
EPISODE 18

Time to give back the community...since my last multikey giveaway i accumulate about 20+ keys mostly from lootboy
cause, it's difficult to sort the library, i will put them one by one...usual duration of each giveaway will be about 3 to 7 days

THIS TIME 🥁

GOMO​

store.steampowered.com

Gomo on Steam

How far would you go to save your best friend?For Gomo, the answer to this question is clear: To the end of the world and further, if necessary.Join him on his journey through the bizarre 2D landscapes of this dreamlike Point & Click Adventure!
store.steampowered.com store.steampowered.com

end of GA in 7 days (approx)
anybody can enter NEW RULE : ONLY REGULAR POSTERS
answer with :mad: (as a reaction)
no need for "thank you" posts
Click to expand...
i will end this GA in 18h approx............sorry for being so long
 
You must log in or register to reply here.
Top