November 23, 2024

Archives for 2007

Exploiting Online Games

Exploiting Online Games, a book by Gary McGraw and Greg Hoglund, is being released today. The book talks concretely about security problems and attacks on online games. This is a fascinating laboratory for exploring security issues.

I wrote the book’s foreword. Here it is:

It’s wise to learn from your mistakes. It’s wiser still to learn from the mistakes of others. Too often, we in the security community fail to learn from mistakes because we refuse to talk about them or we pretend they don’t exist.

This book talks frankly about game companies’ mistakes and their consequences. For game companies, this is an opportunity to learn from their own mistakes and those of their peers. For the rest of us, it’s an opportunity to learn what can go wrong so we can do better.

The debate over full disclosure goes back a long way, so there is no need to repeat the ethical and legal arguments we have all heard before. For most of us in the security community, the issue is simple: Experts and the general public both benefit from learning about the technologies that they depend on.

In today’s world, we are asked all the time to bet our money, our time, our private information, and sometimes our lives on the correct functioning of technologies. Making good choices is difficult; we need all the help we can get.

In some fields, such as aviation security, we can be confident that problems will be identified and addressed. Nobody would tolerate an aircraft vendor hiding the cause of a crash or impeding an investigation. Nor would we tolerate a company misleading the public about safety or claiming there were no problems when it knew otherwise. This atmosphere of disclosure, investigation, and remediation is what makes air travel so safe.

In game design, the stakes may not be as high, but the issues are similar. As with aviation, the vendors have a financial stake in the system’s performance, but others have a lot at stake, too. A successful game – especially a virtual world like World of Warcraft – generates its own economy, in several senses. Objects in the game have real financial value, and a growing number of people make their living entirely or partially via in-game transactions. In-world currency trades against the dollar. Economists argue about the exact GDP of virtual worlds, but by any meaningful definition, virtual economies are just as “real” as the NASDAQ stock exchange.

Even nonplayers can have a lot at stake: the investor who bets his retirement account on a game company, the programmer who leaves a good job to work on a game, the family that owns the Indian restaurant across the street from the game company’s headquarters. These people care deeply about whether the technology is sound. And would-be customers, before plunking down their hard-earned money for game software or a monthly subscription, want to know how well a game will stand up to attack.

If aviation shows us the benefits of openness, e-voting illustrates the harms caused by secrecy. We, the users of e-voting systems – citizens, that is – aren’t allowed to know how the machines work. We know the machines are certified, but the certification process is itself shrouded in mystery. We’re told that the details aren’t really our concern. And the consequences are obvious: Designs are weak, problems go unfixed for years, and progress is slow. Even when things do go wrong in the field, it’s very hard to get a vigorous investigation.

The virtue of this book is not only that it talks about real-world problems but also that it provides details. Some security problems exist only in theory but evaporate when real systems are built. Some problems look serious but turn out not to be a big deal in practice. And some problems are much worse than they look on paper. To tell the difference, we need to dig into the details. We need to see precisely how an attack would work and what barriers the attacker has to get over. This book, especially the later chapters, offers the necessary detail.

Because it touches on the popular, hot topic of massively multiplayer games, and because it offers both high-level and detailed views of game security, this book is also a great resource for students who want to learn how security really works. Theory is a valuable tool, but it does its best work when wielded by people with hands-on experience. I started out in this field as a practitioner, trying to learn how to get things done and how real systems behaved, before expanding my horizon to include formal computer science training. I suspect that many senior figures in the field would say the same. When I started out, books like this didn’t exist (or if they did, I didn’t know about them). Today’s students are luckier.

Perhaps some vendors will be unhappy about this book. Perhaps they will try to blame the authors for the insecurity of their game software. Don’t be fooled. If we’re going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you’re facing off against Heinous Demons of Insecurity, you need experienced companies, not to mention a Vorpal Sword of Security Knowledge.

We all make mistakes. Let’s learn from our mistakes and the mistakes of others. That’s our best hope if we want to do better next time.

Why Did Universal Threaten to Pull Out of iTunes?

Last week brought news that Universal Music, the world’s largest record company, was threatening to pull its music from Apple’s iTunes Music Store. Why would Universal do this?

The obvious answer is that the companies are renegotiating their contract and Universal wants to get the best deal they can. Threatening to walk is one way to pressure Apple.

But where digital music is concerned, there is no such thing as a simple negotiation anymore. For one thing, negotiations like this have political ramifications. The major record companies have managed, remarkably, to convince policymakers that protecting their profits should be a goal of public policy; so now any deal that affects the majors’ bottom lines must affect the policy process.

(As I’ve written before, copyright policy should be trying to foster the creation and distribution of varied, high-quality music – which is not the same as trying to ensure anyone’s profits.)

The political implications of Universal’s threat are pretty interesting. For years the major record companies have been arguing that the Internet is hurting them and that policymakers should therefore intervene to protect the majors’ business. iTunes’ success has supplied the major counterargument, suggesting that it’s possible to sell lots of music online.

Walking away from iTunes would cause a big political problem for Universal. How could Universal keep asking government to prop up its online business, when it was walking away from the biggest and most lucrative distribution channel for digital music?

And it’s not just Universal whose political pull would diminish. The other majors would suffer as well; so to the extent that the majors act as a cartel, there would have to be pressure on Universal not to pull out of iTunes.

Most likely, Universal was just bluffing and had no real plan to cut its iTunes ties. If this was a bluff, then it was most likely Apple who leaked the story, as a way of raising the stakes. Its bluff having failed, Universal is stuck doing business on Apple’s terms.

One can’t help wondering what the world would be like had the majors moved early and aggressively to build an online business that customers liked. Having failed to do so, they seem doomed to be followers rather than leaders.

Princeton's Center for IT Policy Seeks Associate Director

The Center for Information Technology Policy at Princeton, of which I am Director, is looking to hire an Associate Director. Here’s a description of the job:

The Associate Director’s job will be to serve as a core organizer and evangelist for the Center. Working with the existing Center leadership,the Associate Director will help to orient, plan, and manage events such as workshops, speaker series and policy briefings; develop and maintain materials such as the center website, workshop reports, brochures and newsletter; track the Center’s accounts and budget; and assist in grant-writing and fundraising as appropriate. More generally, the Associate Director will help push the Center through its startup phase, by providing full-time attention to the Center’s growth and development.

[…]

The ideal candidate will have at least a bachelor’s degree, with some academic training or background in technology policy, will be comfortable working with academics across a range of disciplines, and will have strong communication, management, and organizational skills.

We plan to have an Associate Director in place by September 1.

For more information or to apply for the job, visit the university’s job listing page.

iPhone Report

I got a chance to play with an iPhone Saturday. The big-city Apple Store was packed. Even though they had about twenty iPhones out for inspection, you had to wait ten minutes or so to get your hands on one. Here’s my quick review, based on a thorough in-store inspection.

It’s a sweet-looking device. I was blown away by the screen resolution, which made photos and videos look great. For the first time, I believed I might actually be willing to watch a movie on a handheld device.

The other software, from email to Safari, seemed as slick as advertised. This has to be the biggest attraction of the iPhone.

The screen seemed big when I was playing videos. But it seemed too small when I tried to browse the New York Times site. You had to choose between seeing a good portion of the page in nano-print, or zooming in to see a couple sentences in a comfortably readable size. Other newspaper and magazine websites had the same issue.

I tried typing on the on-screen keyboard, which worked poorly, getting about 20% of the keypresses wrong. I typed with my thumbs, Blackberry-style, which was the only way that seemed natural to me while holding the device. My thumbs aren’t particularly large, so I assume many people would have the same problem. Maybe I would get the hang of it after a few days of typing, but if I didn’t the device would be unacceptable for touch typing and I might have had to fall back on tapping keys with a stylus.

The AT&T cellular data network was painfully slow when browsing the web. A colleague and I had a conversation about cellular plans while we waited for one web page to download. A WiFi connection was much better.

My first reaction was that even if you never used your iPhone to make phone calls, it would be a nice little portable communications device. You could use it only with WiFi and be pretty happy.

But Apple won’t let you do that. If you buy an iPhone, it won’t do much of anything until you purchase an AT&T Cellular plan for it. You can’t even use the non-phone features unless accept a two-year contract from AT&T, which I’m not about to do.

So: no iPhone for me.

Behind the iPhone Frenzy

Let me say right up front that I have not accepted the Jesus Phone as my personal Lord and Savior. The iPhone might turn out to be insanely great. It might become the best-selling mobile phone ever. Or it might not.

Either way, the iPhone’s arrival and the attendant frenzy mark the beginning of a new phase in the mobile phone world – a phase based on the radical notion that it’s possible to make a pocket-sized device that is a pretty good phone and a pretty good networked computer at the same time.

From a purely technical standpoint, this isn’t surprising at all. Phones are basically computers, and we know how to cram a decent computer into a small, low-power package. The engineering isn’t trivial but we know it can be done. Apple might have modestly better engineering, and significantly better human-factors design, but what they’re doing has been technically possible all along.

Yet somehow it hasn’t happened, because the mobile carriers don’t want it to happen. They have clung to their walled garden models, offering limited, captive services rather than allowing easy development of Internet applications for mobile devices. An open system would provide more benefit overall, but most of that benefit would accrue to consumers. The carriers would rather get a big share of a small pie, than a small share of a big pie.

In most markets, competition keeps this kind of thing from happening, by forcing producers to account for consumer preferences. You would expect competition to have forced the mobile networks open by now, whether the carriers liked it or not. But this hasn’t happened yet. The carriers have managed to keep control by locking customers in to long contracts and erecting barriers to the entry of new devices and applications. The system seemed to be stuck in an unstable equilibrium. All we needed was some kind of shock, to get the ball rolling downhill.

Only a company with marketing muscle, design mojo, and a world-historic Reality Distortion Field could provide the needed bump. Apple decided to try, in the hope of selling zillions of the new, more capable devices. The real significance of the iPhone, whether it succeeds or fails in the market, is that it will trigger the transition to more open networks. Once people see that a pretty good phone can be a pretty good mobile computer, they won’t settle for less anymore; and mobile networks will be pried open.

Whether or not the Jesus Phone achieves worldly success, it will succeed in its own way by convincing people that the world can be different.