Skip to main content

Valve DNS privacy flap exposes the murky world of cheat prevention

posted onFebruary 18, 2014
by l33tdawg

Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that the system was sending Valve a list of all the domains that a system has visited whenever a protected game was played.

The claim rose to popularity thanks to a Reddit post that included an image originating from a cheating/hacking forum, purportedly showing a partial decompilation of the offending VAC module. However, while the initial evidence suggested that VAC is doing something with users' DNS history, it wasn't clear from the decompiled code provided that it is in fact transmitting the information back to Valve. Valve CEO Gabe Newell has subsequently and categorically denied that the module transmits any private information back to the company.

Windows operates a DNS cache to accelerate the translation from domain names into IP addresses. Windows users can see the domains stored within the cache, both at the command-line (ipconfig /displaydns) and within the GUI. The partial decompilation of VAC shows that the module is using undocumented Windows functions to enumerate all the cached entries. In turn, each entry is converted to lower case and then hashed using MD5.

Source

Tags

Games Valve DNS Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th