CYBER THREATS
Q&A
Video games reveal software security issues, expert says
Last Updated: Thursday, October 23, 2008 | 8:31 AM ET
By Mary Jane Irwin Forbes
Gary McGraw thinks the computing world can learn a lot from video games. Just as massive multiplayer games like "World of Warcraft" are distributed across a network of personal computers, software and services will soon reside on external servers--and they will also come under attack.
McGraw, chief technology officer at security consulting firm Cigital and author of Exploiting Online Games, talked with Forbes.com about how videogames model the future of software security issues.
Forbes.com: What is the big security threat in videogames?
Gary McGraw: Games are the world's biggest, most populous, most distributed systems. What we're talking about is a big giant glob of client software that every subscriber has [on his PC] that has a lot of the game functionality. If the gamer is a bad guy, you just gave them part of your functionality to screw around with.
This is what technical people call the problem of trust boundaries.
Forbes.com:What problem do these trust boundaries pose?
Gary McGraw:In this case, the gamer is the attacker and what they're doing is cheating in the virtual world to generate wealth that they can sell in a middle market. In "World of Warcraft," when you wander around … it turns out that the information about where your character is in the world is just X, Y and Z coordinates controlled by your PC. If you're a clever attacker you can actually change those numbers on your PC [to] teleport around the virtual world. That's just an example. Hacker boys discovered about four years ago that you could make money by cheating and the law is very ambiguous about whether it is actually illegal.
Forbes.com:How are games a harbinger of the future of software security?
Gary McGraw:We can look at what is happening in online games as a bellwether for the sorts of attacks that we're going to see in much more important software systems coming down the line.
We can study these games and play around and figure out how hackers cheat and how they do things like teleport around the world and generate virtual wealth, and we can learn really important lessons for the future of software security at the same time.
Forbes.com:Can you provide an example?
Gary McGraw:In a [Department of Defense] situation, the entire network is going to be a trusted network. It changes the threat model pretty significantly. Going after the control system for drones would be rather silly. What you would want to go after--to really cause havoc--would be back-end office systems, things that get the food to the guys in Iraq.
Forbes.com:Do games present a solution?
Gary McGraw:The vertical that is leading the charge is not games, it's the financial industry. If you look at investment banks, Wall Street, the credit card consortia--those guys have been very much concerned with designing systems to resist attacks from the ground up.
Forbes.com:So how do games link up with financial systems?
Gary McGraw:Their technology stack is the future here today. They're already doing massively distributed systems. As financial service systems become massively distributed systems, they're going to look more like games than they do today. The [financial industry] is ahead in their thinking about software security, but they're not at the technical edge of where the game companies are.
Forbes.com:How are game companies affected by people hacking into these systems?
Gary McGraw:There are some games where people actually stopped playing because cheating got so rampant. Everybody was cheating and pretty soon if you weren't cheating it wasn't fun. Cheating can also break the economy of a game.
Forbes.com:Will game companies adopt the financial service industry's security measures?
Gary McGraw:Yes, and in fact they are.
From a sociological perspective, you probably have to have some cheating in a game because there are a lot of people who want to play the game but they don't want to "live" the game. So you need some level of corruption and graft in the system to satisfy those people. The real question is, how much of that is necessary? Clearly if you look at the real world there is crime, corruption and graft and that keeps the skids greased. We could wipe out all crime, but the world would be a police state.
The real answer is not to eradicate all cheating and adopt all sorts of Draconian software security but to do just the right amount so that everybody is not cheating. It's a balance. Security will become a differentiator in the marketplace that it isn't now.
Share Tools
Top News Headlines
- Aylmer triple stabbing leads to first-degree murder charges
- The estranged partner of a young mother who was stabbed to death along with her parents at their home in Aylmer, Que., has been charged with first-degree murder Friday. more »
- Severe storm in Quebec leaves damage in its wake
- Trees were uprooted, roofs damaged and windows shattered as severe thunderstorms, and possibly a tornado, rattled through southwestern Quebec Friday night. more »
- The risks and responsibilities of taking on Mt. Everest
- The deaths of five climbers last weekend on Mt. Everest, with more summits underway this weekend, fuels the debate about the risks and responsibilities of high altitude climbing. more »
- Pope's butler arrested in Vatican leaks scandal
- The Vatican has confirmed that the Pope's butler was arrested earlier in the week in connection with an embarrassing document leaks scandal. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- B.C. premier unhappy with disgraced Mountie's transfer
- Everest victim's husband says family not seeking government help
- The risks and responsibilities of taking on Mt. Everest
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Ottawa man in hospital after lightning strike
- Calmer winds ease fire threat in northeastern Ontario
- What a Greek euro exit could mean for Canada
- Police probe Halifax homicide after shooting
