Archive for the 'Gaming' Category

Books, Gaming, Security, Virtual Worlds

Exploiting Online Games

I have been eyeing Gary McGraw and Greg Hoglund’s new book, Exploiting Online Games, for a while now, probably since before it was published. Seems like a no-brainer considering my recent tinkering. But I haven’t bought the book, partly because I’m buying nothing new, partly because I’ve got a stack of other books to get through.

McGraw’s recent appearance on Phil Windley’s Technometria podcast has really got me itching to get this book. Not only do they discuss why criminal abuse of online games has been on the rise in recent years (there is so much money to be had!), but explains why one might care even if games hold no interest:

If you look at online games, they have architectures which are very similar to the ones everybody’s all excited about, with SOA, and Web 2.0, and Software as a Service, where you have sort of a fat client model connected to a central server. And the security lessons that we have to take from online games are *huge*. It turns out that the kinds of attacks, the kinds of problems, the kinds of mistakes that developers make, and the kinds of exploits that those can lead to are already present in the online game world, and so we can get a real peek into the future as far as SOA and Web 2.0 systems go now.

Education, Gaming, Security

Decisions, decisions.

I’m going to No Fluff Just Stuff for the first time this weekend, Friday through ThursdaySunday. I’ve been looking forward to it awhile, as I hear mostly good things about these conferences. Looking over my planned itinerary, it’s clear that I’m a Neal Ford fanboy. :)

But here’s the thing. This Friday there’s a workshop on bioinformatics and entertainment computing at Metro State that looks like it’ll be great. Chris Melissinos, Sun’s Chief Gaming Officer, will be speaking there, as will Warren Sheaffer, a faculty member at Saint Paul College who’s been doing Good Things with virtual worlds and with teaching Java. Plus, bioinformatics is one of those fields that has just fascinated me since my days as a Perl hacker. Perl was (is?) a big language for data processing in bioinformatics.

Okay, yeah, back up a sec. Chief Gaming Officer at Sun. How damn cool is that? Please don’t be surprised that he has interesting things to say. If you’re confused about why Sun would be doing this, watch Chris’s interview with Scott McNealy.

If my employer hadn’t already sprung for NFJS, I’d go to that workshop. Sigh. It’s still a tough call. Looks like I’ll meet Chris and Warren tomorrow, which will help ease the pain somewhat.

But I’m not done. Oh no.

Gunnar Peterson and Brian Chess will be speaking together at a seminar in early November. Gunnar is known for his writing and presenting about web services and decentralized security, among other things (he introduced me to the idea of misuse cases), and I always enjoy seeing him speak. He’ll be one of the fine lineup at this year’s OWASP AppSec conference giving a two-day seminar on web services and XML security. Brian is founder of Fortify, a leader in the static analysis tools market for software security. Brian recently gave a good interview with the Java Posse. At the event in question, Gunnar will talk about security architecture and governance, and Brian’s topic will be static analysis. This will be a morning well spent, I figure.

However, on the same day, there’s a symposium at St. Cloud State University on Information Assurance, Network, and Software Security. I don’t know anyone who’s speaking or their work — a gap beween academia and industry? — but I am very glad to see this happening. I’d be going if I were not more sorely tempted elsewhere.

What to do, what to do…