Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years (bleepingcomputer.com)

Posted by msmash on Thursday May 31, 2018 @05:30AM from the better-late-than-never dept.

Valve developers have recently patched a severe security flaw that affected all versions of the Steam gaming client released in the past ten years. From a report: According to Tom Court, a security researcher with Context Information Security, the one who discovered the flaw, the vulnerability would have allowed an attacker to execute malicious code on any of Steam's 15 million gaming clients. In the jargon of security researchers, this is a remote code execution (RCE) flaw because exploitation was possible via network requests, without needing access to the victim's computer. Court says an attacker was only required to send malformed UDP packets to a target's Steam client, which would have triggered the bug and allowed him to run malicious code on the target's PC.

77 comments

Min score:

Reason:

Sort:

This steams me!!! by Bodhammer · 2018-05-31 05:37 · Score: 4, Funny

First post! Yeah!

--
"I say we take off, nuke the site from orbit. It's the only way to be sure."
1. Re: This steams me!!! by Anonymous Coward · 2018-05-31 05:56 · Score: 0
  
  Shut up Dan. We all know it was you punching a grumpy in the handicapped stall this morning.
By design, not a bug by Anonymous Coward · 2018-05-31 05:43 · Score: 1

"bugs" like these are so peculiar in that they simply do not happen by themselves. Someone intentionally did this, and the question is who. Valve, or someone else?
1. Re:By design, not a bug by Joe_Dragon · 2018-05-31 05:59 · Score: 1
  
  some one who has a lot of bit coin.
2. Re:By design, not a bug by GrumpySteen · 2018-05-31 06:18 · Score: 4, Insightful
  
  It's an overflow bug. There's nothing peculiar or rare about it.
3. Re:By design, not a bug by Pinky's+Brain · 2018-05-31 06:24 · Score: 3, Funny
  
  To paraphrase Sadiq Khan, buffer overflows are part and parcel of programming in C(++).
4. Re:By design, not a bug by Anonymous Coward · 2018-05-31 14:43 · Score: 0
  
  "bugs" like these are so peculiar in that they simply do not happen by themselves. Someone intentionally did this, and the question is who. Valve, or someone else?
  Do svidaniya!
5. Re:By design, not a bug by AC-x · 2018-05-31 14:55 · Score: 1
  
  Oh look, it's that misquote again! What he actually said was:
  "Part and parcel of programming in C/C++ is you’ve got to be prepared for these things, you’ve got to be vigilant, you’ve got to support the coders doing an incredibly hard job. We must never accept buffer overflows being successful, we must never accept that black hats can destroy our life or destroy the way we lead our lives."
6. Re:By design, not a bug by Pinky's+Brain · 2018-05-31 15:39 · Score: 2
  
  Yet isn't it curious how some languages can have no buffer overflow exploits at all.
  It's almost like some language features are inherently inferior, with only emotional appeals to a supposed equality and inertia forcing us down the same inferior path with the same inferior results for decades on end, the equality never materializing.
7. Re:By design, not a bug by Anonymous Coward · 2018-05-31 16:13 · Score: 0
  
  Yet isn't it curious how some languages can have no buffer overflow exploits at all.
  At the price of optimization. Sure it doesn't make a lot of sense to write a small/medium business website in C++ these days. At the same time, it also doesn't make a lot of sense to develop a kernel in Python.
8. Re:By design, not a bug by hlavac · 2018-05-31 20:58 · Score: 1
  
  Have a look at Rust, it is a genuine step forward to avoid problems that are inherent in C/C++
9. Re:By design, not a bug by Anonymous Coward · 2018-05-31 23:23 · Score: 0
  
  Please stop confusing C and C++. Doing so is just as stupid as saying that buffer overflows are inherent in C/C++/Rust.
  C lacks bounds checking because everything is pointer arithmetic (event a[10] is actually a+10).
  A C++ programmer, on the other hand, would use string and vector, unless they specifically need to interface with C or other low level code.
10. Re:By design, not a bug by Anonymous Coward · 2018-06-01 00:02 · Score: 0
  
  You would be surprised. Hammering a bunch of buttons in Super Mario Bros 2 lets you reprogram it as Snake.
11. Re:By design, not a bug by Mashiki · 2018-06-01 01:08 · Score: 1
  
  Aren't they busy making CoC's that penalize people for just wanting to code, and ignoring identity politics?
  
  --
  Om, nomnomnom...
12. Re:By design, not a bug by Anonymous Coward · 2018-06-01 01:53 · Score: 0
  
  Oh look, it's that misquote again! What he actually said was:
  Do you not know what "paraphrase" means? It means "I don't remember the exact words but the gist of it is...", and after reading your quote, assuming that your quote is accurate, how Pinky's Brain paraphrased it sounds accurate to me.
Only LUDDITES use Steam. by Anonymous Coward · 2018-05-31 05:45 · Score: 0

Modern app appers app apps with OTHER apps, NOT LUDDITE software like LUDDITE Steam!
Apps!
1. Re: Only LUDDITES use Steam. by Anonymous Coward · 2018-05-31 10:00 · Score: 0
  
  But Steam has apps. As an App Guy, you should know that. Unless you're a fraud?
Likelyhood of attack? by ilsaloving · 2018-05-31 05:45 · Score: 1

Unless someone has their machine connected directly to the internet (in which case you've got a whole lot of bigger problems), what's the likelyhood that this would actually be exploited?
1. Re:Likelyhood of attack? by AvitarX · 2018-05-31 05:51 · Score: 1
  
  It could be a loophole in a poorly locked down corporate setting.
  A lot of companies allow people to install software on their laptop, and a lot of people treat work laptops as personal to an extent (I'm not saying any of this is good, just reality). I could see an info leak from a malicious employee attacking another employee in a network that relies on perimeter security.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
2. Re:Likelyhood of attack? by dissy · 2018-05-31 05:53 · Score: 4, Insightful
  
  Unless someone has their machine connected directly to the internet (in which case you've got a whole lot of bigger problems), what's the likelyhood that this would actually be exploited?
  An attack sourced from the Internet would be highly unlikely, or more specifically would be zero percent for the vast majority of Steam users.
  LAN attacks are more realistic, especially if one is the LAN party hosting type.
  Malware that makes it behind the NAT could also be used to exploit this.
  PC infecting malware for certain could be used to reach and infect other systems running Steam on the LAN other than the infected one.
  Can web browsers do UDP from their sandbox these days?
  There have been browser based malware in the past that utilized TCP sockets to attack home routers web interfaces from the inside LAN side.
  While I admit I don't know, part of me still hopes UDP is a thing kept out of the javascript and sandbox passing commands available to the browser, but fear I could be wrong...
3. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:01 · Score: 0
  
  WRONG! In order to play many games, you have to have several ports port-forwarded to your computer. Many of which overlap with the steam client ports. With the number of PC gamers, this could have been been devastating had it been used by a worm or to create a botnet of gamer-powered PCs. This is why I was so adamant about at least being able to run games within the confines of EMET without a worry of being banned. Instead of support from Valve and the community when you ask for recommendations, you get "valve does not comment on .... blah blah blah..." or "youre just paranoid, steam is secure and cant be hacked." No one wants to address the elephant in the room that most people running their client are forced to poke holes in their firewalls to make it work on fairly static ports.
  Before you complain, yes I know EMET is not a 100% mitigation but it sure as hell makes me happy if you are the one to get hacked instead of me...
4. Re:Likelyhood of attack? by KiloByte · 2018-05-31 06:05 · Score: 1
  
  If you have a machine not directly connected to the Internet, your ISP sucks and so does your ability to find an alternate way to obtain modern connectivity. Being enumerable is another matter, but those of us who want to connect back home keep at least one permanent IP. It might be reasonable to use a privacy-extension one for all outgoing connections and the permanent one only for incoming, but I for one never bothered to care enough (and radv is troublesome if you have many VMs of multiple types inside your desktop).
  Obviously, most people run Steam on some smelly Windows, but 1. Steam works on Linux too (although x86 only), and 2. Windows laptops see hostile networks the moment you take them outside home anyway.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
5. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:06 · Score: 0
  
  I have 0 ports open ant UPnP disabled and can play every single MP game I own without problems....
6. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:07 · Score: 0
  
  Can web browsers do UDP from their sandbox these days?
  https://nodejs.org/api/dgram.html
7. Re:Likelyhood of attack? by chispito · 2018-05-31 06:08 · Score: 1
  
  Unless someone has their machine connected directly to the internet (in which case you've got a whole lot of bigger problems), what's the likelyhood that this would actually be exploited?
  Depending on whether anybody malicious was aware of this exploit, the likelihood is quite high.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
8. Re:Likelyhood of attack? by The+MAZZTer · 2018-05-31 06:18 · Score: 1
  
  It could be exploited without a direct connection by spoofing the source IP address of a server the client is already talking to and generating a reasonable fake packet matching others recently received by the client. So if you could get access to hardware between the client/server you could exploit this on the client.
  More details here: https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
9. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:18 · Score: 0
  
  You are very wrong about pretty much everything you posted...
  How can UDP be blocked from JS when itâ(TM)s required to deliver almost all multi media formats to browsers?
  How can the chances of exploit be 0% for most users? You either donâ(TM)t understand percentages or you donâ(TM)t understand how trivial this is to exploit
10. Re:Likelyhood of attack? by ctilsie242 · 2018-05-31 06:20 · Score: 1
  
  If someone has a laptop they take around and use on Wi-Fi, this could be an issue.
11. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:22 · Score: 0
  
  You don't know what a port is, do you.
12. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:22 · Score: 0
  
  Your NAT does nothing for you when you are port forwarding my malicious packets directly to your PC...
13. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 06:51 · Score: 0
  
  It could be a loophole in a poorly locked down corporate setting.
  A lot of companies allow people to install software on their laptop, and a lot of people treat work laptops as personal to an extent (I'm not saying any of this is good, just reality). I could see an info leak from a malicious employee attacking another employee in a network that relies on perimeter security.
  If you have Steam installed on a work computer you're already breaking obvious rules and common smart computer practices.
14. Re:Likelyhood of attack? by AvitarX · 2018-05-31 08:59 · Score: 1
  
  It's almost like most corporate hacks happen when people break obvious rules and common smart computer practices...
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
15. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 09:32 · Score: 0
  
  That is what he was talking about. Without port forwarding, random stateless packets hit the router's NAT and are dropped.
16. Re:Likelyhood of attack? by Anonymous Coward · 2018-05-31 09:38 · Score: 0
  
  NodeJS doesn't run in a web browser.
17. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 09:41 · Score: 0
  
  It is a type of wine best enjoyed as you pull your boat out of the place you keep it. Any one will do in a storm.
18. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 10:25 · Score: 0
  
  have you considered you may have misconfigured your router and so EVERYTHING is being let through?
19. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 10:55 · Score: 0
  
  "Without port forwarding..."
  Yeah, number 1 question people ask after installing a game on Steam is "how to port forward?"
  You didn't really think this one through did you? In order to secure Steam from this you have to disable your online games which everyone is going to put up a middle finger to. Steam games use the same port as Steam(and then some maybe) so it's gotta be forwarded.
20. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 11:55 · Score: 0
  
  Most port forwarding is for hosting games. And servers should use a different port than Steam itself. Though, I'm not sure about Source Engine games,... For joining, playing, or downloading it should be possible without port forwarding. I've never done port forwarding for any game on Steam I play.
21. Re: Likelyhood of attack? by Narcocide · 2018-05-31 11:58 · Score: 1
  
  While not strictly a requirement for network multiplayer games on the recent two Nintendo consoles, it's the only way to disable the NAT/TCP response port randomization security feature on most consumer-grade home routers, which does break pretty much all of them, though not always immediately unless there is other traffic passing through the router at that point.
22. Re: Likelyhood of attack? by Narcocide · 2018-05-31 11:59 · Score: 1
  
  (On Steam it's only a problem I've seen with Hammerwatch, and only if you're the host.)
23. Re: Likelyhood of attack? by Anonymous Coward · 2018-05-31 13:42 · Score: 0
  
  Why are apostrophes so fucking hard?
  > How can UDP be blocked from JS
  On a normal setup, if you are imaginary impossible IP address 555.10.15.8, and I know this and send you a UDP packet from my box across the globe (555.81.71.11, for instance), the internet as a whole will route that packet. The IP header will say that it is from 555.81.71.11 to 555.10.15.8 (again, with whatever the real values are), and the UDP header will be FROM some port (say 50000) and TO some port Steam cares about (say, 4380).
  Your router or your PC firewall is going to block that packet. A local listener (hypothetically Steam) won't get it. The firewall will see that packet, notice that it doesn't have any state associated with it, and drop it.
  If instead some program on YOUR machine had sent a packet to begin with, with destination port 4380 and source port 50000, then the firewall would have remembered that. When something comes back with source port 50000 and destination port 4380, along with the matching IP addresses, it will know that this is fine (because you initiated it), and let it through.
  Now lets say some program on your PC sent me a UPD
24. Re:Likelyhood of attack? by Agripa · 2018-06-01 04:47 · Score: 1
  
  Unless someone has their machine connected directly to the internet (in which case you've got a whole lot of bigger problems), what's the likelyhood that this would actually be exploited?
  Since very few consumers use a VLAN for their local network, their system can be attacked by compromised systems on their LAN.
25. Re:Likelyhood of attack? by ilsaloving · 2018-06-01 05:40 · Score: 1
  
  I hate how Slashdot doesn't let you mod in the same article you post. This is the singularly most informative post in the entire thread. Thank you!
26. Re: Likelyhood of attack? by Anonymous Coward · 2018-06-09 02:46 · Score: 0
  
  Unfortunately, a lot of PC games have gone to P2P hosting which means that need to port forward.
So what? by gweihir · 2018-05-31 05:59 · Score: 4, Insightful

The only thing that means is that Valve is not writing new and really bad code all the time, they actually and sanely keep what works and improve it. Yes, sometimes that takes long, but nobody with an actual clue is surprised by that.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:So what? by Anonymous Coward · 2018-05-31 12:38 · Score: 0
  
  Yes, sometimes that takes long
  Half-Life 3 any minute now...
Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 06:01 · Score: 0

problems? Just sucks spending money to buy a game that Valve doesn't allow you to play. I bought Cities: Skylines Monday when it was on sale, and after several back and forths with their support, I still can't play it. They claim their authentication is so unreliable to "protect users."
1. Re:Nice, but when will they fix their auth... by greenwow · 2018-05-31 06:08 · Score: 1
  
  That "Steam Guard code" is just crap. I work a lot of hours so I don't have much free time, and it just sucks waiting on the email with the code so I can login to be allowed to play a game I own. By the time I finally get the code to login, I've usually moved on to doing something else.
2. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 06:17 · Score: 0
  
  And the error message "Legitimate claims for help with account access are our number one priority" is just insulting. If they really cared, they wouldn't have made the decision to do that in the first place. I guess since so many people create new accounts and rebuy games, like a couple of my coworkers, that making their authentication unreliable is profitable.
3. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 06:18 · Score: 0
  
  You can install their app and get the code instantly.
4. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 06:23 · Score: 0
  
  Stop giving the store you buy games from ongoing control over whether you can play the games you bought.
  This is only a problem because you made it a problem.
5. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 06:29 · Score: 0
  
  Assuming you had a smartphone anyway. (And no not EVERY person in the world has one, and there are legitimate reasons to not want one.)
6. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 10:37 · Score: 0
  
  And the error message "Legitimate claims for help with account access are our number one priority" is just insulting. If they really cared, they wouldn't have made the decision to do that in the first place. I guess since so many people create new accounts and rebuy games, like a couple of my coworkers, that making their authentication unreliable is profitable.
  You really are a dumbass. People spend a lot of money on Steam and when they use the same password on every site like yours, "iamadumbass", then it is easy for someone to hijack their account, change the password, and lock them out.
7. Re:Nice, but when will they fix their auth... by Anonymous Coward · 2018-05-31 13:51 · Score: 0
  
  It is insulting or them to claim "are our number one priority." Been waiting for nearly two years on their support to fix my account.
8. Re:Nice, but when will they fix their auth... by ChoGGi · 2018-05-31 19:19 · Score: 2
  
  Steam Desktop Authenticator
Re: Trump will die in prison either way though. by Anonymous Coward · 2018-05-31 06:13 · Score: 0

Lool do you have a full time nurse to help with your mental problems?
One Million Monkeys... by Anonymous Coward · 2018-05-31 06:22 · Score: 0

One million monkeys typing for one million years wouldn't even produce a sensible paragraph, let alone the works of Shakespere. Yet...
Yet every single code bug 'accidently' introduced by Microsoft, Apple, Steam, Google etc etc has the remarkable property of allowing state agencies to snoop and/or run code remotely on your computer. Yet Slashdot DEMANDS that anyone coming to the obvious conclusion be downvoted and labelled a 'conspiracy crackpot'.
Slashdot runs non-relevant POLITICAL PROPAGANDA articles daily, when said propaganda boosts Israel, or denigrates Israel's enemies like Syria, Iran and Russia. Yet when the monsters of Israel were witnessed shooting unarmed protestors and the medical personnel that attempted to help the victims, Slashdot, like Digg and other similar outlets, became news 'blind'.
The REAL story behind the Novichok false flag became all too obvious yesterday when an identical anti-russian false flag (in Ukraine) fell to pieces when an 'assasination' had to be cancelled after MI6 became aware the Russians had inside information abvout the truth. The PROOF of one false flag will never be allowed to suggest the true nature of other operations on Slashdot, however. This is the same site that (on NSA instructions) ran fake news articles about how erasing data on your HDD with strings of random bytes was "pointless" cos of magic NSA tech that could still recover that data.
So the scumbag owner of Valve/Steam offered his services to the intelligence agencies of the West. We should have expected nothing less.
1. Re:One Million Monkeys... by Anonymous Coward · 2018-05-31 06:35 · Score: 0
  
  One million monkeys typing for one million years wouldn't even produce a sensible paragraph, let alone the works of Shakespere. Yet...
  Yet every single code bug 'accidently' introduced by Microsoft, Apple, Steam, Google etc etc has the remarkable property of allowing state agencies to snoop and/or run code remotely on your computer. Yet Slashdot DEMANDS that anyone coming to the obvious conclusion be downvoted and labelled a 'conspiracy crackpot'.
  Slashdot runs non-relevant POLITICAL PROPAGANDA articles daily, when said propaganda boosts Israel, or denigrates Israel's enemies like Syria, Iran and Russia. Yet when the monsters of Israel were witnessed shooting unarmed protestors and the medical personnel that attempted to help the victims, Slashdot, like Digg and other similar outlets, became news 'blind'.
  The REAL story behind the Novichok false flag became all too obvious yesterday when an identical anti-russian false flag (in Ukraine) fell to pieces when an 'assasination' had to be cancelled after MI6 became aware the Russians had inside information abvout the truth. The PROOF of one false flag will never be allowed to suggest the true nature of other operations on Slashdot, however. This is the same site that (on NSA instructions) ran fake news articles about how erasing data on your HDD with strings of random bytes was "pointless" cos of magic NSA tech that could still recover that data.
  So the scumbag owner of Valve/Steam offered his services to the intelligence agencies of the West. We should have expected nothing less.
  You are are at least 90% right with what you posted. Actually there was some article about how the CIA or NSA or whatever has a module that plugs into internet gaming chats and in game chats like team chat in counter strike. They used that to aggregate data. This is in addition to just using the gaming platform as a security hack vector to get inside the computer. They are all over this, and everything else you use. What used to be laughed off as tin foil is now proven to be true across the board.
2. Re:One Million Monkeys... by Anonymous Coward · 2018-05-31 06:40 · Score: 0
  
  Heres at least one link to an article about them spying on games:
  https://www.computerworld.com/article/2486632/cyberwarfare/the-nsa-tracks-world-of-warcraft-and-other-online-games-for-terrorist-clues.html
Gr8 by fluffernutter · 2018-05-31 06:32 · Score: 2

Great, so now are they going to prevent it from hanging like a bitch if you start windows without a network?

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
1. Re:Gr8 by Anonymous Coward · 2018-05-31 06:48 · Score: 0
  
  I wish they would fix that! I have Comcast at home so it's down several times a week, and I would love to be allowed to play a game when there's not much else I can do.
2. Re:Gr8 by Anonymous Coward · 2018-06-01 06:22 · Score: 0
  
  Try disabling any network adapters before launching Steam. It should prompt if you want to use offline mode. If your network connection is down but Windows or Steam doesn't recognize it as being down, Steam will hang; disabling all active network adapters will get around that, then you can reenable them after you get in offline mode.
Re: Trump will die in prison either way though. by Anonymous Coward · 2018-05-31 06:38 · Score: 0

You're going to be watching a whole lot of nothing. You know the US doesn't enforce laws when it's a rich guy.
Bug was addressed within hours of being reported. by Fly+Swatter · 2018-05-31 08:49 · Score: 1

What is the news here? Bugs exist until they are discovered, this could be years or even never. Tom wants his fifteen minutes? Oh it is bleeping computer, explains everything.
Re:Trump will die in prison either way though. by Tulsa_Time · 2018-05-31 09:45 · Score: 1

Isn't the internet great?.... Russians can post anything they want, anytime to destabilize the US... and generate hate.

--
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
Security isn't in their wheelhouse by Anonymous Coward · 2018-05-31 10:43 · Score: 0

The Steam client also stores your login information in plain text, allowing anyone who looks at debugger/crash dump to steal your credentials. If you happen to use the same credentials with the email account linked to your Steam account it can hijacked and sold before you can do anything about it.
Re:Likelyhood of attack? Answer - high by FeelGood314 · 2018-05-31 11:44 · Score: 1

There are many ways that UDP packets can traverse NAT (see UDP hole punching for example). There are lots of applications, especially in games, where UDP makes more sense than TCP. If I know the public IP address of a Steam user, with a bit of guess work and a sending a lot of packets to their router I could impersonate a legitimate UDP sender and get their router to forward the UDP packets to their machine. So yes, this exploit is bad.
Re:Steam exists to grab control from you. by Anonymous Coward · 2018-05-31 11:48 · Score: 0

Worst part is when you buy a game in the store and get it home and it requires to be linked to a Steam account to play.
Wait only 15 million gaming clients? by AbRASiON · 2018-05-31 12:59 · Score: 1

I know PC gaming is (at times) waning vs console, especially in say, sales of a ported game.
(Example GTAV, PS3, 360, PS4, Xbox One and PC) the PC version /generally/ would sell less.
However.
The PC library with it's true backwards compatibility and age, the immense volume, the new Chinese customers, seriously 15 million?
I would've happily believed Steam has an install base of at least 50 to 100million PCs at any time.
Very surprising.
1. Re:Wait only 15 million gaming clients? by thecombatwombat · 2018-05-31 19:35 · Score: 1
  
  I think the numbers are getting confused. Perhaps they were confusing it with the often thrown around concurrent users number, which has been around 15 million.
  https://www.vinereport.com/art...
  The actual total number of installed clients is much, much, much larger for sure.
Wait... by skovnymfe · 2018-06-01 06:05 · Score: 1

Wait, so I can just send malformed UDP packets to anyone on the internet, and their computer will pick it up without having firewall rules or port forwarding configured in their routers? I was not aware that internet technology had regressed to the 1990s.