May 29, 2017

Archives for July 2007

Exploiting Online Games

Exploiting Online Games, a book by Gary McGraw and Greg Hoglund, is being released today. The book talks concretely about security problems and attacks on online games. This is a fascinating laboratory for exploring security issues.

I wrote the book’s foreword. Here it is:

It’s wise to learn from your mistakes. It’s wiser still to learn from the mistakes of others. Too often, we in the security community fail to learn from mistakes because we refuse to talk about them or we pretend they don’t exist.

This book talks frankly about game companies’ mistakes and their consequences. For game companies, this is an opportunity to learn from their own mistakes and those of their peers. For the rest of us, it’s an opportunity to learn what can go wrong so we can do better.

The debate over full disclosure goes back a long way, so there is no need to repeat the ethical and legal arguments we have all heard before. For most of us in the security community, the issue is simple: Experts and the general public both benefit from learning about the technologies that they depend on.

In today’s world, we are asked all the time to bet our money, our time, our private information, and sometimes our lives on the correct functioning of technologies. Making good choices is difficult; we need all the help we can get.

In some fields, such as aviation security, we can be confident that problems will be identified and addressed. Nobody would tolerate an aircraft vendor hiding the cause of a crash or impeding an investigation. Nor would we tolerate a company misleading the public about safety or claiming there were no problems when it knew otherwise. This atmosphere of disclosure, investigation, and remediation is what makes air travel so safe.

In game design, the stakes may not be as high, but the issues are similar. As with aviation, the vendors have a financial stake in the system’s performance, but others have a lot at stake, too. A successful game – especially a virtual world like World of Warcraft – generates its own economy, in several senses. Objects in the game have real financial value, and a growing number of people make their living entirely or partially via in-game transactions. In-world currency trades against the dollar. Economists argue about the exact GDP of virtual worlds, but by any meaningful definition, virtual economies are just as “real” as the NASDAQ stock exchange.

Even nonplayers can have a lot at stake: the investor who bets his retirement account on a game company, the programmer who leaves a good job to work on a game, the family that owns the Indian restaurant across the street from the game company’s headquarters. These people care deeply about whether the technology is sound. And would-be customers, before plunking down their hard-earned money for game software or a monthly subscription, want to know how well a game will stand up to attack.

If aviation shows us the benefits of openness, e-voting illustrates the harms caused by secrecy. We, the users of e-voting systems – citizens, that is – aren’t allowed to know how the machines work. We know the machines are certified, but the certification process is itself shrouded in mystery. We’re told that the details aren’t really our concern. And the consequences are obvious: Designs are weak, problems go unfixed for years, and progress is slow. Even when things do go wrong in the field, it’s very hard to get a vigorous investigation.

The virtue of this book is not only that it talks about real-world problems but also that it provides details. Some security problems exist only in theory but evaporate when real systems are built. Some problems look serious but turn out not to be a big deal in practice. And some problems are much worse than they look on paper. To tell the difference, we need to dig into the details. We need to see precisely how an attack would work and what barriers the attacker has to get over. This book, especially the later chapters, offers the necessary detail.

Because it touches on the popular, hot topic of massively multiplayer games, and because it offers both high-level and detailed views of game security, this book is also a great resource for students who want to learn how security really works. Theory is a valuable tool, but it does its best work when wielded by people with hands-on experience. I started out in this field as a practitioner, trying to learn how to get things done and how real systems behaved, before expanding my horizon to include formal computer science training. I suspect that many senior figures in the field would say the same. When I started out, books like this didn’t exist (or if they did, I didn’t know about them). Today’s students are luckier.

Perhaps some vendors will be unhappy about this book. Perhaps they will try to blame the authors for the insecurity of their game software. Don’t be fooled. If we’re going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you’re facing off against Heinous Demons of Insecurity, you need experienced companies, not to mention a Vorpal Sword of Security Knowledge.

We all make mistakes. Let’s learn from our mistakes and the mistakes of others. That’s our best hope if we want to do better next time.

Why Did Universal Threaten to Pull Out of iTunes?

Last week brought news that Universal Music, the world’s largest record company, was threatening to pull its music from Apple’s iTunes Music Store. Why would Universal do this?

The obvious answer is that the companies are renegotiating their contract and Universal wants to get the best deal they can. Threatening to walk is one way to pressure Apple.

But where digital music is concerned, there is no such thing as a simple negotiation anymore. For one thing, negotiations like this have political ramifications. The major record companies have managed, remarkably, to convince policymakers that protecting their profits should be a goal of public policy; so now any deal that affects the majors’ bottom lines must affect the policy process.

(As I’ve written before, copyright policy should be trying to foster the creation and distribution of varied, high-quality music – which is not the same as trying to ensure anyone’s profits.)

The political implications of Universal’s threat are pretty interesting. For years the major record companies have been arguing that the Internet is hurting them and that policymakers should therefore intervene to protect the majors’ business. iTunes’ success has supplied the major counterargument, suggesting that it’s possible to sell lots of music online.

Walking away from iTunes would cause a big political problem for Universal. How could Universal keep asking government to prop up its online business, when it was walking away from the biggest and most lucrative distribution channel for digital music?

And it’s not just Universal whose political pull would diminish. The other majors would suffer as well; so to the extent that the majors act as a cartel, there would have to be pressure on Universal not to pull out of iTunes.

Most likely, Universal was just bluffing and had no real plan to cut its iTunes ties. If this was a bluff, then it was most likely Apple who leaked the story, as a way of raising the stakes. Its bluff having failed, Universal is stuck doing business on Apple’s terms.

One can’t help wondering what the world would be like had the majors moved early and aggressively to build an online business that customers liked. Having failed to do so, they seem doomed to be followers rather than leaders.

Princeton's Center for IT Policy Seeks Associate Director

The Center for Information Technology Policy at Princeton, of which I am Director, is looking to hire an Associate Director. Here’s a description of the job:

The Associate Director’s job will be to serve as a core organizer and evangelist for the Center. Working with the existing Center leadership,the Associate Director will help to orient, plan, and manage events such as workshops, speaker series and policy briefings; develop and maintain materials such as the center website, workshop reports, brochures and newsletter; track the Center’s accounts and budget; and assist in grant-writing and fundraising as appropriate. More generally, the Associate Director will help push the Center through its startup phase, by providing full-time attention to the Center’s growth and development.


The ideal candidate will have at least a bachelor’s degree, with some academic training or background in technology policy, will be comfortable working with academics across a range of disciplines, and will have strong communication, management, and organizational skills.

We plan to have an Associate Director in place by September 1.

For more information or to apply for the job, visit the university’s job listing page.