24
Account Details
SteamID64 76561198154342943
SteamID3 [U:1:194077215]
SteamID32 STEAM_0:1:97038607
Country Bahamas
Signed Up August 4, 2017
Last Posted November 30, 2020 at 2:19 PM
Posts 782 (0.6 per day)
Game Settings
In-game Sensitivity drafted
Windows Sensitivity into
Raw Input 1
DPI
ww3
Resolution
 
Refresh Rate
 
Hardware Peripherals
Mouse please
Keyboard help
Mousepad me
Headphones and
Monitor my kids
1 2 3 4 ⋅⋅ 52
#8 Recommend me some stuff that increase FPS in Customization
AimIsADickYou may need an FPS config. I recommend using mastercomfig, as that one is the most reliable in my experience.1questionbeforequittingI have the mastercomfig config by the way.
posted 1 day ago
#16 TF2crew SCAMMERS. in TF2 General Discussion
BvBasically a cookie is a really long "password" which you send to the server and the server looks it up, finds you and sends you a response of some sorts. That's how all "keep me logged in" things work in web browsers.

This is only true to an extent. A cookie can have any arbitrary key/value. A cookie is just a place for the browser to store a value associated with a key that is given from a server. You can read and set cookies through JavaScript, which means that yes you can make it do the "keep me logged in", but this involves implimenting a refresh token system, which is a whole other system. A cookie can be useful for storing your credentials when you login (look into "JWT") which encrypts data to a 1-way operation so that you can always validate if a request came from the client and was not tampered with. But like I said, you can put literally anything you want in a cookie, but its ususally used to store your login "session id" or your "token" so then the server can authenticate you upon a request.

To address the rest of the thread / any other information:
Javascript isn't bad, just bad usage of such language.

The only way around this is to never login or touch a page ever. You HAVE to login in order for this type of attack to happen. Another thing, usually OAuth2 will tell you exactly what type of permissions the developer has when accessing your account. Discord does this very well, telling you "This will allow the access of your identification, guilds and email" for example.

Here's an example of OAuth2 "Login through Discord" with Mee6:

https://cdn.discordapp.com/attachments/629450079887163442/782788580900470784/unknown.png

Here's an example of OAuth2 "Login through Steam" with demos.tf (api.demos.tf in this case):

https://cdn.discordapp.com/attachments/629450079887163442/782788815566929950/unknown.png

Cookies aren't the only way a web browser has access to certain key/value pairs. There's also local storage, session storage, and of course a database. Peeking at cookies will not tell you certainly what or where your data went / has gone, but the only trust you have is in the domain you're accessing and the people behind it. Do not assume that just because there's a cookie that you're being hacked either. Cookies, local storage, and session storage all have their pros and cons to web development, and it's entirely up to the developer on how to use these APIs responsibly.

JavaScript, Steam, and any OAuth2 service that is out there are very secure. Logging in does not grant a user the ability to magically change your inventory or change your password without your consent. In addition to that, 2FA would stop anything, and bypassing this is not something that I've never heard happen (especially with a company such as Steam). There's plenty of exploits that I don't know about, however if you're sure that you never provided details (i.e. logging in through what looks like steam but is actually a spoofed website) through any medium and you're sure its fault of Steam, you should probably create a ticket on support, and while you're at it report the user and website you were given.

In addition to any of this, it's very easy to spoof a login website. If you're running chrome and save your steam username/password so you can just click on your account and login and you don't see that when you're trying to access a login page then you're most likely on a spoof site. Look below on details on how to exactly spot one if you're not sure. Again, if you do not trust the website or it's not properly established, then do not risk anything.

TL;DR:
If you log in and you do not see a green padlock (or just a padlock) left of the URL on the top of your screen when on the Steam page to signin, you are getting spoofed. Proof read your URLs before logging in.

Here's a picture of what that would look like:

https://cdn.discordapp.com/attachments/629450079887163442/782788090480951296/unknown.png

That padlock ensures that all your traffic is encrypted (at least between the browser and the server). However, just because this is secure does not mean it's the real Steam server...

Beyond the padlock:

https://cdn.discordapp.com/attachments/629450079887163442/782789923820142593/unknown.png

Clicking that "green" (or white) padlock will bring up connection details on Chrome. You can check who certified that certificate, and for steam, this will always be on behalf of the company (Valve Corp [US]). Company certs are always going to be from the company, as they're expensive and only given to real legal entities.

Hope this answers some questions about how logging in may give details about your profile, as told by a web developer. I do not know everything certainly, but I think I have worked long enough to at least tell people what to look for if you're skeptical.

Just please, don't click links that you've never heard of or "test" the website. You will always certainly not be the first person to fall victim.

posted 2 days ago
#7 TF2crew SCAMMERS. in TF2 General Discussion
JWBserious question to any techies how the fuck does someone get into ur account despite 2FA, just from u going to a website? thats like scary af. i get "dont click sketchy links" but this is hella spooky.

If you log into a site, the site is given an "access token" that acts as "you". This can be used to make API requets that can change your avatar, change your username, or whatever you desire.

Not sure specifically how steam API works (as I usually only work with Discord or Auth0's implimentation), but this is usually how most OAuth2 apps work, including steam.

posted 3 days ago
#104 What mouse do you use? in Hardware

model o

posted 3 days ago
#27 Qixalite North America Server Trial in Projects

beast

chicago and dallas were like 2 of the infinity stones that Lord Kodyn has collected

looking forward to what qix brings us next year!

posted 4 days ago
#4 soap dm / mge repos rehosted / remaintained in Projects

Maybe we should put this under an organization so that never happens again.

I'd also like to add:

https://cdn.discordapp.com/attachments/700919422558273536/746162976117227590/unknown.png

posted 4 days ago
#16 frkshw lft in Recruitment (looking for team)
messiahi submitted this thread to the rgl anti cheat team, eagerly awaiting the results

You are in Position 1051 of 2516. Please be patient while we get to your inquery!!

posted 6 days ago
#18 The Voice of The Pubber in TF2 General Discussion
sourceI don't know what's funnier, him ranting for 10 minutes about competitive and then saying he has no comp experience or his steam profile background

Did you see his youtube banner?

posted 6 days ago
#2 Python Logs.TF Stats Calculator v2 in Projects
mimkyMy reasoning for this is that the json version of a logs.tf page contains in-game chat logs. I don't want this to be ripped by RGL admins and used to go through everything a specific steamID has said in their logs. It's very easy to just change a couple search terms to accomplish this, so I'll be keeping it private. Being an RGL contributor isn't something I'd like to be known by.

Fine, I'll do it myself.

posted 6 days ago
#11 tr_denial, Training Map for Denying Soldier Bombs in Map Discussion
harisi got airshot by a bot, idk how to feel about this tbh

noob

posted 6 days ago
#4 The Voice of The Pubber in TF2 General Discussion
source24“Why is there a black guy in the game”.
“And why is he black”
https://www.youtube.com/watch?v=7IuDS3HIlnw
https://www.youtube.com/watch?v=mbn01rLbfLQ
same person btw

NO FUCKING WAY LMFAO

HOW?!?

posted 6 days ago
#2 The Voice of The Pubber in TF2 General Discussion

“Why is there a black guy in the game”.
“And why is he black”

posted 6 days ago
#31 dribble.tf - stv demo replay in browser in Projects

This may just become the place to host demo reviews....

posted 1 week ago
#5 Command line tool to render out demos. in Videos
rainy_kidThanks for sharing, I'll try it out. A similar thing exists called Ryukbot, but it has it's own flaws as well.

This has literally been out for 2 months

posted 1 week ago
#37 How tall are ___ mains? in TF2 General Discussion
THEBILLDOZERso is everyone on tftv tall as shit or are the shorter players not comfortable posting their height

billdozer:
scout
5'9''

posted 1 week ago
1 2 3 4 ⋅⋅ 52