|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Tech Ohm Eaven
Storm Wind Strikeforce Caldari State
1
|
Posted - 2016.02.21 23:20:00 -
[1] - Quote
On a console its limited but on a PC theres always hacks.
So bravo for CCP for going PC.
Unlimited health, unlimited ammo, invisibility, unlimited sp, unlimited resources, etc. Fun mods.
But, but, but, CCP security.
Multiple VPN instances along with ip spoofers means tools available and that means hacks.
See you there.....lol!
A few words about online *security* lol.
If we talk about security issues of multi-player online gaming, they can be classified as follows:
Client-side local manipulations that give advantage to the attacker without touching the server software or other players' game client software. For example, various wall hacks that make walls transparent for the attacker to allow the attacker to see enemy players, or to see the location of a secret item that is present in the game'a network traffic but not shown on screen. Trainer/helper applications that improve aiming, show maps and so on also go here. Server-side active attacks that tamper with the data sent by the attacker's game client to the server to exploit vulnerabilities in the server. For example, if the server moves the players based on their commands but does not check them against time, the attacker can send more "this player makes a step forward" commands per second than a normal game client does, and so he will move faster. All remote attacks exploiting binary vulnerabilities in the server software also fall under this category. Attacks on other players by tampering the data sent by the attacker's game client. This is a combination of #1 achieved thorough #2. For example, the attacker sets his avatar to wear a test-only transparent skin unavailable to normal players and found by reverse engineering the game resources (attack #2), and that makes him technically invisible to the other players (attack #1). Or such attacks may be even used for exploiting the software on the client machines and directly executing malicious code, which is a major threat, as nowadays the game client software is downloading a lot of executable content and possibly contains lots of bugs (games are really huge in functionality and developed under more pressure than other software, free or commercial, thus we can safely assume that an average MMO game has lots of bugs).
#1 attacks cannot be defeated completely unless changing the game architecture, because what is known by the game client software will be known by the human attacker. These kind of vulnerabilities will appear anyway because we cannot render all game on the server and send only the final picture to the player, we need the player's machine to do a lot of work, so there will be caching, prefetching and other optimizations that will allow the attacker to see one step forward.
#2 attacks can be defeated by improving the quality of the server code, strengthening the validation on user-supplied data, deploying application-level firewalls specifically inspecting the game traffic on the application level, etc. All browser-based multiplayer games, for example, have dealt with attacks on their servers, because web application exploitation techniques are well-known and can be applied to gaming relatively easily.
#3 attacks are about the security of the game client software. Preventing them can also be achieved by improving the code quality and strengthening the sainty checks of the incoming data processed by the game client.
Encryption, authentication of the server and clients, obfuscation of the code and protocols and other mitigation techniques can only slow down the attacker. If the actual code on the server and client is exploitable, it will be exploited at some point. |
Tech Ohm Eaven
Storm Wind Strikeforce Caldari State
1981
|
Posted - 2016.05.01 18:30:00 -
[2] - Quote
Shaun Iwairo wrote:So where are you going with this post OP? You've sarcastically congratulated CCP for deciding to move to PC then you've waffled on for far too long about the ways that PC games can be hacked.
Have you actually convinced yourself that because the new game will be on PC, hackers will flock to it in such numbers that they will cause it to fail? Hacks have been around since the beginning of PC gaming time, yet the show still goes on.
When every Game is full of hackers its only fun for griefers i.E. The division |
Tech Ohm Eaven
Storm Wind Strikeforce Caldari State
1981
|
Posted - 2016.05.01 19:25:00 -
[3] - Quote
Sylwester Dziewiecki wrote:Tech Ohm Eaven wrote:On a console its limited but on a PC theres always hacks.
So bravo for CCP for going PC.
Unlimited health, unlimited ammo, invisibility, unlimited sp, unlimited resources, etc. Fun mods.
But, but, but, CCP security.
Multiple VPN instances along with ip spoofers means tools available and that means hacks.
See you there.....lol!
A few words about online *security* lol.
If we talk about security issues of multi-player online gaming, they can be classified as follows:
Client-side local manipulations that give advantage to the attacker without touching the server software or other players' game client software. For example, various wall hacks that make walls transparent for the attacker to allow the attacker to see enemy players, or to see the location of a secret item that is present in the game'a network traffic but not shown on screen. Trainer/helper applications that improve aiming, show maps and so on also go here. Server-side active attacks that tamper with the data sent by the attacker's game client to the server to exploit vulnerabilities in the server. For example, if the server moves the players based on their commands but does not check them against time, the attacker can send more "this player makes a step forward" commands per second than a normal game client does, and so he will move faster. All remote attacks exploiting binary vulnerabilities in the server software also fall under this category. Attacks on other players by tampering the data sent by the attacker's game client. This is a combination of #1 achieved thorough #2. For example, the attacker sets his avatar to wear a test-only transparent skin unavailable to normal players and found by reverse engineering the game resources (attack #2), and that makes him technically invisible to the other players (attack #1). Or such attacks may be even used for exploiting the software on the client machines and directly executing malicious code, which is a major threat, as nowadays the game client software is downloading a lot of executable content and possibly contains lots of bugs (games are really huge in functionality and developed under more pressure than other software, free or commercial, thus we can safely assume that an average MMO game has lots of bugs).
#1 attacks cannot be defeated completely unless changing the game architecture, because what is known by the game client software will be known by the human attacker. These kind of vulnerabilities will appear anyway because we cannot render all game on the server and send only the final picture to the player, we need the player's machine to do a lot of work, so there will be caching, prefetching and other optimizations that will allow the attacker to see one step forward.
#2 attacks can be defeated by improving the quality of the server code, strengthening the validation on user-supplied data, deploying application-level firewalls specifically inspecting the game traffic on the application level, etc. All browser-based multiplayer games, for example, have dealt with attacks on their servers, because web application exploitation techniques are well-known and can be applied to gaming relatively easily.
#3 attacks are about the security of the game client software. Preventing them can also be achieved by improving the code quality and strengthening the sainty checks of the incoming data processed by the game client.
Encryption, authentication of the server and clients, obfuscation of the code and protocols and other mitigation techniques can only slow down the attacker. If the actual code on the server and client is exploitable, it will be exploited at some point. Sorry bro, but your post is amusing. Come play some eve, try to be cheater here . Hmmmm serious ? Checks eve online search for ''account'' , ''hacked'', Finds many results about stolen Eve characters, lost assets, etc |
Tech Ohm Eaven
Storm Wind Strikeforce Caldari State
1981
|
Posted - 2016.05.01 19:30:00 -
[4] - Quote
Sylwester Dziewiecki wrote:Operative 1174 Uuali wrote:Tech Ohm Eaven wrote:Shaun Iwairo wrote:So where are you going with this post OP? You've sarcastically congratulated CCP for deciding to move to PC then you've waffled on for far too long about the ways that PC games can be hacked.
Have you actually convinced yourself that because the new game will be on PC, hackers will flock to it in such numbers that they will cause it to fail? Hacks have been around since the beginning of PC gaming time, yet the show still goes on. When every Game is full of hackers its only fun for griefers i.E. The division That's why EVE sucks. It's full of legal hackers and griefers called Goonswarm. Par for the course. I'm to old player to even consider this joke as funny. Getting hacked and plex stolen is never funny bro but then its a ccp product so eeeh |
|
|
|