CYBER THREATS
Q&A
Video games reveal software security issues, expert says
Last Updated: Thursday, October 23, 2008 | 8:31 AM ET
By Mary Jane Irwin Forbes
Gary McGraw thinks the computing world can learn a lot from video games. Just as massive multiplayer games like "World of Warcraft" are distributed across a network of personal computers, software and services will soon reside on external servers--and they will also come under attack.
McGraw, chief technology officer at security consulting firm Cigital and author of Exploiting Online Games, talked with Forbes.com about how videogames model the future of software security issues.
Forbes.com: What is the big security threat in videogames?
Gary McGraw: Games are the world's biggest, most populous, most distributed systems. What we're talking about is a big giant glob of client software that every subscriber has [on his PC] that has a lot of the game functionality. If the gamer is a bad guy, you just gave them part of your functionality to screw around with.
This is what technical people call the problem of trust boundaries.
Forbes.com:What problem do these trust boundaries pose?
Gary McGraw:In this case, the gamer is the attacker and what they're doing is cheating in the virtual world to generate wealth that they can sell in a middle market. In "World of Warcraft," when you wander around … it turns out that the information about where your character is in the world is just X, Y and Z coordinates controlled by your PC. If you're a clever attacker you can actually change those numbers on your PC [to] teleport around the virtual world. That's just an example. Hacker boys discovered about four years ago that you could make money by cheating and the law is very ambiguous about whether it is actually illegal.
Forbes.com:How are games a harbinger of the future of software security?
Gary McGraw:We can look at what is happening in online games as a bellwether for the sorts of attacks that we're going to see in much more important software systems coming down the line.
We can study these games and play around and figure out how hackers cheat and how they do things like teleport around the world and generate virtual wealth, and we can learn really important lessons for the future of software security at the same time.
Forbes.com:Can you provide an example?
Gary McGraw:In a [Department of Defense] situation, the entire network is going to be a trusted network. It changes the threat model pretty significantly. Going after the control system for drones would be rather silly. What you would want to go after--to really cause havoc--would be back-end office systems, things that get the food to the guys in Iraq.
Forbes.com:Do games present a solution?
Gary McGraw:The vertical that is leading the charge is not games, it's the financial industry. If you look at investment banks, Wall Street, the credit card consortia--those guys have been very much concerned with designing systems to resist attacks from the ground up.
Forbes.com:So how do games link up with financial systems?
Gary McGraw:Their technology stack is the future here today. They're already doing massively distributed systems. As financial service systems become massively distributed systems, they're going to look more like games than they do today. The [financial industry] is ahead in their thinking about software security, but they're not at the technical edge of where the game companies are.
Forbes.com:How are game companies affected by people hacking into these systems?
Gary McGraw:There are some games where people actually stopped playing because cheating got so rampant. Everybody was cheating and pretty soon if you weren't cheating it wasn't fun. Cheating can also break the economy of a game.
Forbes.com:Will game companies adopt the financial service industry's security measures?
Gary McGraw:Yes, and in fact they are.
From a sociological perspective, you probably have to have some cheating in a game because there are a lot of people who want to play the game but they don't want to "live" the game. So you need some level of corruption and graft in the system to satisfy those people. The real question is, how much of that is necessary? Clearly if you look at the real world there is crime, corruption and graft and that keeps the skids greased. We could wipe out all crime, but the world would be a police state.
The real answer is not to eradicate all cheating and adopt all sorts of Draconian software security but to do just the right amount so that everybody is not cheating. It's a balance. Security will become a differentiator in the marketplace that it isn't now.
Share Tools
Top News Headlines
- Air Canada confident it can reach deal with pilots
- Travellers flying Air Canada can keep booking their flights as negotiations continue with a new federally appointed mediator to help resolve an ongoing contract dispute between the airline and its pilots. more »
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- Whitney Houston's funeral to be held Saturday
- Pop star Whitney Houston's funeral service will be held Saturday in the New Jersey church where she first showcased her singing talents as a child. more »
- CN blamed for fatal train derailment in Illinois
- CN is being blamed for a 2009 train derailment in Illinois, in which several cars went off the tracks and caught fire, killing one person and injuring seven others. more »
Latest Technology & Science News Headlines
- New iPad anticipated in March
- The latest version of Apple's iPad tablet will launch in early March, according to blog and media reports this week. more »
- Higgs boson hunt aided by energy boost
- The world's largest particle accelerator is ramping up its beam energy in hopes that scientists will learn definitively this year whether the last undiscovered particle in the Standard Model of Physics exists. more »
- Nortel hit by suspected Chinese cyberattacks for a decade
- Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to a report. more »
- U.S. weighs steep nuclear arms cuts
- The Obama administration is weighing options for sharp new cuts to the U.S. nuclear force, including a reduction of up to 80 per cent in the number of deployed weapons, The Associated Press has learned. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 14, 2012 9:22 AM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Online surveillance critics accused of supporting child porn
- Whitney Houston's funeral to be held Saturday
- HMCS Corner Brook collision damage extensive
- Online surveillance bill targets child porn: Toews
- Mooning Queen proves costly for Australian man
- Legalize pot, say former B.C. attorneys general
- MacKay says submarine fleet has 'spotty' history
- Man kidnapped at Greyhound station escapes captors
- Stanley Cup rioter seen in brick attack on cop
