Yeah, it sounds like the first exploit required your vault to be unlocked so that a malicious process pretending to be a legitimate integration like a browser plugin could request credentials, and the second one required installing an out of date version of the app.
Good that it is all patched, and that it wasn’t a remotely exploitable issue.
Glad you got it sorted. Weird about teams though. Have a good one!
Windows detects media being played and shows you that inlay with controls. It must be detecting that stream somewhere being played, even if it isn’t obviously playing in a browser tab. You should be able to control whether it shows media controls on the lock screen.
I mean, yes and no. For an individual or individual systems? No, it’s not hard. But I used to oversee a WAN with multiple large sites each with their own complex border, core, and campus plant infrastructure. When you have an environment like that with complex peerings, and onsite and cloud networks it’s a bit trickier to introduce dual stack addressing down to the edge. You need a bunch of additional tooling to extend your BGP monitoring, ability to track asynchronous route issues, add route advertisements etc. when you have a large production network to avoid breaking, it’s more of a nail biter, because it’s not like we have a dev network that is a 1-1 of our physical environment. We have lab equipment, and a virtual implementation of our prod network, but you can only simulate so much.
That being said, we did implement it before most of the rest of the world, in part because I wanted to sell most of our very large IPv4 networks while prices are rising. But it was a real engineering challenge and I was lucky to have the team and resources and time to get it done when it wasn’t driving an urgent, short timeline need.
I think many folks are too young to remember before the Internet when everything was published through retail stores. Publishers took big risks paying for advance copies of games to be produced and shipped, and developers typically got less than 70% all told.
When steam came out 30% and you didn’t need to print advance copies, or deal with retail channels, it was a huge win.
Now, the world has changed, but so has steam. Steam has continued to introduce features, sales based % tiers, grown the community, push Linux development, push VR, etc. they also go out of their way to support their devices and make them user repairable.
In any other sector people would be bitching about not having a pro customer option, and yet in this market we get a bunch of non-developers bitching about the revenue split from the best game store other than GoG.
It boggles the mind.
One thing to keep in mind about how these vaults work, is you often unlock them and then they stay unlocked for a short period of time, like 5 minutes. So if you do compromise a system and can detect when it is unlocked, you have a decent window to programmatically extract credentials.
That said, it requires that your system has already been completely owned, pretty much. At that point, it could potentially log keystrokes and clipboard, and get credentials, including your master password.