Curse

CyberNigma · Dec 21, 2007, 05:33 AM // 05:33

Quote:

Originally Posted by Fril Estelin

Hi there,

An interesting read for anyone that is knowledgeable in software&security (be careful, some information could be seriously misinterpreted if you're not familiar with this):
http://www.securityfocus.com/columnists/461/4

One aspect I'd like to see improved in GW2 is the use of crypto. From what I've read on the creation of GWLP, it seems that the symmetric key was obtained fairly easily, which means that communication could be compromised fairly easily (which will probably not give an advantage to anyone, apart from preventing people to connect to the game, or possibly add some lag to their connection?).

Well, now feel free to share the info you've got on GW design in this thread.

P.S.: (an old) bad news for Blizzard(-Activision) which makes you happy as a GW/Anet customer:
http://www.rootkit.com/newsread.php?newsid=371

I had a talk with Greg [Hoglund], as a reverse engineer myself, a little while back and as an aside we talked briefly about his research for the book. He's a smart guy and if you ever have a chance to talk to him about it you should (if you're interested in that field). I'd also recommend picking up the book as it's a good piece in relation to games, not just in making or breaking them, but in realizing what you (as a customer) have at stake in the whole thing.

As far as the crypto, yeah you're pretty right there. I'm not on the GWLP or have anything to do with them, but the initial 64-byte pre-expansion key is sent across in the clear from the client to the server. The algorithm is textbook RC4 once you take a close look at it in the code, but they don't use typical RC4 key expansion to build the 256 byte state table used in the algorithm. I'll side with the GWLP team on this one and not reveal anything more about the expansion (which you need to know in order to use the pre-expanded key and communicate with a server), but any reverse engineer, even a hobbyist can figure it out. I think it's more or less to deter some and provide an inconvenience to others, but ultimately nothing is fullproof.

Chthon · Dec 21, 2007, 06:31 AM // 06:31

Quote:

Originally Posted by Antheus

Can't be done.

If client is to make use of data sent by server, it needs to be able to decode the traffic completely. As such, client has full knowledge of how to decode data - and client is available to all.

Sure it can. Go read up on asymmetric encryption. You could, if you so choose, design a system where (1) the key needed to encrypt from-the-server data is not present in the client in any form, (2) the key needed to encrypt data from-user-X is only present on user X's system, (3) the key needed to decrypt data intended for user X is only present on user X's system, and (4) a third party would have a heck of a harder time decrypt an intercepted message than RC4.

Fril Estelin · Dec 21, 2007, 09:54 AM // 09:54

Quote:

Originally Posted by BlueNovember

...
In a world were personal liberty is surrendered left right and centre in the interests of "counter terrorism", draconian 1984-esque governments, and general corporation data-mining, it concerns me that you have such a blasé attitude towards data protection.

Game companies monitoring background exes, sony music software installing rootkits, what's next?

"Bravo" to that message, it is indeed the revolutionary fight of the 21st century. I know that some company are trying to biggy-back this problem onto the law, which itself has been "infiltrated from the inside" (see the use of the Antiterrorism Act in the UK, it's first been used by Blair to: throw out an old man who expressed politely his disgust at Blair's policy at the Labour's yearly meeting in Brighton, prevent 2 women to protest in front of a US military base in the UK ... is that terrorism? ... I'm not even mentioning the "terror raid" on the 2 muslim guys that were completely innocent, because it would take us off the track completely ...)

Believe me, the technical problem of security becomes less and less of a problem, it's rather more of a problem of trust, going even into politics and finally philosophy. And on that point, I think Anet is doing a better job than the rest of the pack, because of their business model (see the corresponding thread) and their customer relationship (we feel closer to them with people like Gaile on the forum and knowing that devs read some of the threads... I even proposed an idea in the Sardelac Sanitarium and discovered after a while it was implemented in the game!).

Saraphim · Dec 21, 2007, 09:56 AM // 09:56

Quote:

Originally Posted by BlueNovember

...
In a world were personal liberty is surrendered left right and centre in the interests of "counter terrorism", draconian 1984-esque governments, and general corporation data-mining, it concerns me that you have such a blasé attitude towards data protection.

Game companies monitoring background exes, sony music software installing rootkits, what's next?

To be honest, I was being more flippant than I was blasé. But no, I don't really worry that much about the Warden as there are far more harmful ways to expose personal information out there than this. At least with software you have an option not to use it, sadly the same is not true about information the government holds - or in the case of the UK, loses with frightening regularity just lately. And yes, my data was on one of those errant CDs recently.

For example, I wonder how many people are aware that up until earlier this year there were no safeguards in place for people at risk of violence who requested to be kept off the electoral roll for personal security reasons. Having gone through the process of trying to keep that information private I had been threatened with prosecution by one council. Yet when I moved to a different area the new council allowed people in certain circumstances to use a postal vote to retain their privacy, but this was a discretionary move that particular council. I later decided to go back on the ER anyway so it turned into a moot point by the time the legislation was pushed through.

Quote:

As of a recent upgrade, it can do that too. It doesn't currently, but it's capable of doing that. It's even possible for it to take a screenshot on a remote request.

What's worst, it's potentially possible to hijack the warden by a third party hacker, who can then use it as a back door. But I'm not sure how far people have gotten with that.

I'll look into that then, but I have to say that I still wouldn't be looking at sensitive data while playing online. With regards to hacking, if that did start happening I'd imagine Blizzard would jump on it pretty quickly as it doesn't benefit their business to leave holes that can be exploited easily.

"Potentially" and "capable" does not necessarily mean it will happen. I could have a big stick and be capable of smashing it over your head, doesn't mean that I will do it though.

Fril Estelin · Dec 21, 2007, 10:05 AM // 10:05

Quote:

Originally Posted by Chthon

If anything, the evolution from b-net to a-net is best described as "learning from your mistakes."

This is the ONLY way, there's a limit to the anount of proactive protection you can put in place (it's the theoretical knowledge of the threat that you have at a given point in time). The rest is "defense in depth" and you have to prepare yourself to react to any exploits and patch the vulnerabilities.

Security IS an arms race, where the "good guys" (whitehat people) try to catch the "bad guys" (blackhat people) that are constantly trying to break systems, using innovation (there are some initiative in different places to create innovative security where you basically expand penetration testing into vulnerability discovery but it's only beginning).

So learning from your mistake is the best option you have.

Quote:

I think the book plugged by the article OP links to describes addresses the narrow field of spyware from PC games (though I have not myself read it).

No, the book goes beyong that. I haven't read it (yet) but the author mentions chapters on the law for example (see one of the link at the end of the article on another securityfocus article on WoW bot-lawyers).

Quote:

To learn about the problems with private-sector privacy violations, particularly corporate data mining, and the problems with the legal system failing to adapt to them, I strongly recommend The Digital Person by Daniel Solove.
The full extent of governmental invasions of privacy is both disturbing and classified, and I know of no source which discusses them adequately.

Thanks for the reference. I also attended recently a talk by Susan Landau which mentions plenty of US (and UK) affairs of this kind. She co-wrote (with the super famous Whitfield Diffie who created so many concepts in cryptography) a book:
Privacy on the Line: The Politics of Wiretapping and Encryption

The Electronic Frontier Fondation (EFF) is also a great place to look at:
http://www.eff.org/

Fril Estelin · Dec 21, 2007, 10:16 AM // 10:16

Quote:

Originally Posted by Antheus

If client is to make use of data sent by server, it needs to be able to decode the traffic completely. As such, client has full knowledge of how to decode data - and client is available to all.

Encryption is just a minor hassle and never the strong point when both parties possess both, the algorithm and the keys. It's a deterrent, not prevention.

Most commonly, encryption is more useful for client detection and data integrity check, not that much as a prevention measure.

Yeah I know perfectly well. And you're wrong, it can be done but the most flexible ways to do that require very expensive technologies. There are easier ways (shared secrets, which is easier to do with a physical CD than when buying GW from the online store) but they are less secure. And if you re-read the article, it mentions the interesting point of "untrusted code" and next-gen OS (of which the first is Linux) will probably the ability to run code in trusted and untrusted modes (don't let Warden run as trusted or you're giving away all your rights to Blizzard!). Vista already has the integrity levels (I think they're called). But, well, until there's a solid PKI at an affordable cost behind all this, I agree that it's not much.

Quote:

data sent to graphics card (which cannot be encrypted). In the same way, if network traffic were too encrypted, people would just run the client, and read data directly from memory, once the game has decoded it.

It's not about the possibility to do it, there were proposals for example to extend the PCI-E protocol to allow for full encryption on video cards. There are prototypes of in-memory encryption but the problem is that it's a can of worms. It's all about affordability of these solutions, and until the thread becomes a lot bigger (let's hope not!), this won't happen.

Quote:

It doesn't. Just the SQL database, the rest is custom code.

If you have the reference to an article on that, I'd be interested to have it (couldn't find the article mentioning Microsoft Visual Studio and SQL that was mentioned here before).

Quote:

What's worst, it's potentially possible to hijack the warden by a third party hacker, who can then use it as a back door. But I'm not sure how far people have gotten with that.

...

Windows sending a list of installed software (including all the licenses or lack of them), movies and mp3s you have to Microsoft's servers once a day, and shutting down the system remotely if they choose? Although I hear they increased the interval to 2 weeks now.

References for these 2 points? (I seriously doubt the 2nd one)

Fril Estelin · Dec 21, 2007, 10:22 AM // 10:22

Quote:

Originally Posted by CyberNigma

I had a talk with Greg [Hoglund], as a reverse engineer myself, a little while back and as an aside we talked briefly about his research for the book. He's a smart guy and if you ever have a chance to talk to him about it you should (if you're interested in that field). I'd also recommend picking up the book as it's a good piece in relation to games, not just in making or breaking them, but in realizing what you (as a customer) have at stake in the whole thing.

Awesome, he looks like a great guy and I will order his book.

I think that the computing world has become so complex and complicated that it's given rise to a new "race" of engineers, like you. We've reached a point where "forward programming" is done so hastily sometimes that "reverse engineering" is the only way to reveal the problem. GJ CyberNigma

Quote:

As far as the crypto, yeah you're pretty right there. I'm not on the GWLP or have anything to do with them, but the initial 64-byte pre-expansion key is sent across in the clear from the client to the server. The algorithm is textbook RC4 once you take a close look at it in the code, but they don't use typical RC4 key expansion to build the 256 byte state table used in the algorithm. I'll side with the GWLP team on this one and not reveal anything more about the expansion (which you need to know in order to use the pre-expanded key and communicate with a server), but any reverse engineer, even a hobbyist can figure it out. I think it's more or less to deter some and provide an inconvenience to others, but ultimately nothing is fullproof.

Yeah, but in the world of computing, at least Anet got it right from the get go. I've seen so many stupid design of the key management (look, my software is secure because I use SHA-1!...) that it feels good to have this basic thing right. I'm wondering if WoW has a basic integrity check of this sort.

It'd be interesting to have comments from guys of the GWLP project, but I'm pretty sure they're overloaded with work to do and possibly already in contact with Anet (not sure about that).

Quote:

Originally Posted by Chthon

Sure it can. Go read up on asymmetric encryption. You could, if you so choose, design a system where (1) the key needed to encrypt from-the-server data is not present in the client in any form, (2) the key needed to encrypt data from-user-X is only present on user X's system, (3) the key needed to decrypt data intended for user X is only present on user X's system, and (4) a third party would have a heck of a harder time decrypt an intercepted message than RC4.

I personally believe (yeah, I work in the field of Trusted Computing, deemed as the root of all evil because it's been associated with Wintel and DRM) that in the future we, normal lambda users, will have our set of key pairs and we'll be able to reliably specify what software is "trusted" on our platform. The real problem then becomes "how do you trust the key from that GW player you know nothing about?" which is dealt with Certification Authorities at the moment (and I don't like the current trust model, where the basic values you use to make your decision are the trust values between your CA and their CA).

I think we're talking Star Trek computing science here, it'd be nice but it won't happen like this. As Jean-Luc Picard would say, Engage!

Quote:

Originally Posted by Saraphim

But no, I don't really worry that much about the Warden as there are far more harmful ways to expose personal information out there than this. At least with software you have an option not to use it,

You should. No offense to our US-ians fellow players, but since the US doesn't have strong privacy laws, contrarily to Europe, companies can do a lot more things than we can. And WoW/Blizzard (GW/Anet also!) is an US-ian software. To disable Warden you'd have to stop playing Wow.

Quote:

sadly the same is not true about information the government holds - or in the case of the UK, loses with frightening regularity just lately. And yes, my data was on one of those errant CDs recently.

Well, if it's on the last one and you take the driving test, this was a vulnerability that lead to probably no exploit (no very sensitive information). And these affairs are NOT about government policies, but about government mishandling of security and (most importantly) the lack of training of public servants. Things are improving, believe me, there was a time when they could have sent the information using Outlook express ...

Don't treat these affairs like anything else than a "bug" (the most famous case is TJX in the USA, we're amateurs

. People will get the blame, public servants will be trained and we'll move to the next (real) threat.

Quote:

For example, I wonder how many people are aware that up until earlier this year there were no safeguards in place for people at risk of violence who requested to be kept off the electoral roll for personal security reasons. Having gone through the process of trying to keep that information private I had been threatened with prosecution by one council. Yet when I moved to a different area the new council allowed people in certain circumstances to use a postal vote to retain their privacy, but this was a discretionary move that particular council. I later decided to go back on the ER anyway so it turned into a moot point by the time the legislation was pushed through.

Much better point here! Congrats on your efforts, it's good to know that some people are still trying. IMHO the "anglo-saxons" (no offense, I live and like the UK) have a lot to learn from the French. In France there are very strong (sometimes too strong, it causes lenghty procedures and deadlocks) privacy laws, each company dealing with private information has to register to a national agency and there are regular controls (unfortunately, France also voted this year a DRM-made-easy law and I still don't understand why).

Quote:

I'll look into that then, but I have to say that I still wouldn't be looking at sensitive data while playing online. With regards to hacking, if that did start happening I'd imagine Blizzard would jump on it pretty quickly as it doesn't benefit their business to leave holes that can be exploited easily.

From what I read on WoW, it seems that there's an enormous gold-selling industry. In particular in China where the government is attempting to pass a law to limit the time spent in front of MMORPGs. So are they exploiting bugs, or simply over-farming?

Saraphim · Dec 21, 2007, 10:43 AM // 10:43

Quote:

Originally Posted by Fril Estelin

Well, if it's on the last one and you take the driving test, this was a vulnerability that lead to probably no exploit (no very sensitive information). And these affairs are NOT about government policies, but about government mishandling of security and (most importantly) the lack of training of public servants. Things are improving, believe me, there was a time when they could have sent the information using Outlook express ...

Don't treat these affairs like anything else than a "bug" (the most famous case is TJX in the USA, we're amateurs . People will get the blame, public servants will be trained and we'll move to the next (real) threat.

Actually it was the first reported data loss, the one connected with Standard Life insurance. But yes, I see your point, the analogy of it being a 'bug' is a sound one.

Edit: btw, no offence taken. At the end of the day, while yes it's true that I am largely ignorant of some of the data issues mentioned with regards to software, I am concerned about legislation and the way our data is handled by the government. In particular ID cards, biometrics etc. When we buy software we have a choice to use it, unfortunately (although one could argue that a popular vote is a choice made by the electorate) the same can't be said about our every day lives.

I honestly don't know about the botting in WoW. Presumably there is a lot of it but as solo play is nothing unusual in non-instanced areas I'd imagine it may be harder to track than in GW, but that's an uneducated guess on my part.

Balan Makki · Dec 21, 2007, 03:48 PM // 15:48

Were I a terrorist and in need of constant communication with multiple cells across the globe, I'd simply subscribe to an MMO and send Christmas subscriptions to all my friends abroad.

You can bet Homeland Security will monitor such suspicious traffic. GW having an international district might be a prime cell meeting place, and no monthly fee dramatically reduces a paper trail.

Fril Estelin · Dec 21, 2007, 04:10 PM // 16:10

Quote:

Originally Posted by Balan Makki

Were I a terrorist and in need of constant communication with multiple cells across the globe, I'd simply subscribe to an MMO and send Christmas subscriptions to all my friends abroad.

You can bet Homeland Security will monitor such suspicious traffic. GW having an international district might be a prime cell meeting place, and no monthly fee dramatically reduces a paper trail.

There are much cheaper alternatives! But, well, if terrorists want to enjoy a nice storyline, GW is a good choice

Chthon · Dec 21, 2007, 08:19 PM // 20:19

Quote:

Originally Posted by Fril Estelin

I personally believe (yeah, I work in the field of Trusted Computing, deemed as the root of all evil because it's been associated with Wintel and DRM) that in the future we, normal lambda users, will have our set of key pairs and we'll be able to reliably specify what software is "trusted" on our platform. The real problem then becomes "how do you trust the key from that GW player you know nothing about?" which is dealt with Certification Authorities at the moment (and I don't like the current trust model, where the basic values you use to make your decision are the trust values between your CA and their CA).

I think we're talking Star Trek computing science here, it'd be nice but it won't happen like this. As Jean-Luc Picard would say, Engage!

1. Yeah, trusted computed IS the root of all evil... But I'll try not to hold it against you personally.

2. In the online-gaming situation, getting us stupid lambda users to generate and use a key pair is easy because you can make the client do it transparently for the user. It's not "star trekky" -- even I could code it. I imagine a set-up something like this:

A-net generates a key pair.
- The private key resides on the server (only).
- The public key is hardcoded into the client. (You can changed the public key via update if really necessary.)
Whenever the client connects, it generates a fresh key pair. (If processor power is lacking, these may have to be generated beforehand in the background during the previous session and saved. That's not ideal, but probably not fatal.)
- The private key remains with the client and gets deleted at the end of the session.
- The public key gets put into a message which is encrypted using a-net's public key and sent to the server. (It's deleted from the server at the end of the session.)
All further communications from server to client are encrypted first using a-net's private key, and then using user's public key. (That order b/c a third party could have a-net's public key, so we don't want the corresponding key on the outside.)
All further communications from client to server are encrypted using a-net's public key and user's private key. (I don't think order is as important here; so I'm putting the short-lived key on the outside kinda by default.)

Quote:

No offense to our US-ians fellow players, but since the US doesn't have strong privacy laws, contrarily to Europe, companies can do a lot more things than we can.

I can't take offense at that -- it's true! Our privacy laws are a total mess, and it's only been getting worse since 9/11. I think the book by Prof. Solove that I plugged earlier describes what's wrong with the laws and why better than I could, so I'm just going to plug it again.

Clarissa F · Dec 21, 2007, 09:24 PM // 21:24

Quote:

Originally Posted by Fril Estelin

References for these 2 points? (I seriously doubt the 2nd one)

Live in a cave much? it was just all over computer news the past year. Cnet.com, PC Magazine, PC World. The fact that you seriously doubt it blows any intelligence for your arguments, because you are doubting a fact. They had to admit to it when it was exposed. Hell, I believe you could find it referenced in the NY Times. It was part of the original WGA release, and a lot of experts recommended not downloading the updates for it because of this. It made your computer ping back its bios information daily to M$, and could shut down the computer, causing grief to a lot of legitimate computer users. Microsoft was sued by many owners, and WGA was rated as spyware by many in the industry.

Do what you should have done before that comment and simply Google it. You'll learn something.

Fril Estelin · Dec 21, 2007, 11:52 PM // 23:52

Quote:

Originally Posted by Clarissa F

You'll learn something.

I suppose you can't learn some manners via google, can you?

Phoenix Tears · Dec 22, 2007, 12:25 AM // 00:25

after that armbrace accident..best what anet should have done then would be to erase all armbraces that exist from all accounts ...

and then giving all accounts, which were proven first and ended up being not "guilty" their armbraces back..which were taken....all the guilty rest naturally gets banned ...

imo Anet handled not 100% correct..after the first wave of bans..there were still hundreds of thousands of people..which luckily got not banned and slipped somehow through the controls ...

Redfeather1975 · Dec 22, 2007, 04:16 AM // 04:16

Guild Wars is pretty good for keeping hacks down for a game that isn't subscription based.
Back when I played EQ2 and WoW, I heard about quite a few hacks. People seemed to find ways of duping shortly after the last update that stopped the old duping method. lol
I haven't played EQ2 in a while, but WoW still had another working duping method, involving an application, only a few months ago...maybe still works.