How in the world did I not know about this for three years?
Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player’s hand, figures out which finger position the human is about to deploy, and reacts quickly enough to always win.
Powered by WPeMatico
June 12, 2019 games, robotics, Security technology Read more >
Last month, Kaspersky discovered that Asus’s live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation.
As we mentioned before, ASUS was not the only company used by the attackers. Studying this case, our experts found other samples that used similar algorithms. As in the ASUS case, the samples were using digitally signed binaries from three other Asian vendors:
- Electronics Extreme, authors of the zombie survival game called Infestation: Survivor Stories,
- Innovative Extremist, a company that provides Web and IT infrastructure services but also used to work in game development,
- Zepetto, the South Korean company that developed the video game Point Blank.
According to our researchers, the attackers either had access to the source code of the victims’ projects or they injected malware at the time of project compilation, meaning they were in the networks of those companies. And this reminds us of an attack that we reported on a year ago: the CCleaner incident.
Also, our experts identified three additional victims: another video gaming company, a conglomerate holding company and a pharmaceutical company, all in South Korea. For now we cannot share additional details about those victims, because we are in the process of notifying them about the attack.
Me on supply chain security.
Powered by WPeMatico
May 16, 2019 games, insiders, malware, Security technology, southkorea, supplychain Read more >
Long and interesting story — now two decades old — of massive fraud perpetrated against the McDonald’s Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets.
Powered by WPeMatico
August 6, 2018 fraud, games, hacking, Security technology Read more >
Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.
Powered by WPeMatico
August 2, 2018 apple, crime, games, Security technology Read more >
I play Pokémon Go. (There, I’ve admitted it.) One of the interesting aspects of the game I’ve been watching is how the game’s publisher, Niantic, deals with cheaters.
There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is spoofing, which is faking GPS to convince the game that you’re somewhere you’re not. These two cheats are often used together — and you see the results in the many high-level accounts for sale on the Internet. The third type of cheating is the use of third-party apps like trackers to get extra information about the game.
None of this would matter if everyone played independently. The only reason any player cares about whether other players are cheating is that there is a group aspect of the game: gym battling. Everyone’s enjoyment of that part of the game is affected by cheaters who can pretend to be where they’re not, especially if they have lots of powerful Pokémon that they collected effortlessly.
Niantic has been trying to deal with this problem since the game debuted, mostly by banning accounts when it detects cheating. Its initial strategy was basic — algorithmically detecting impossibly fast travel between physical locations or super-human amounts of playing, and then banning those accounts — with limited success. The limiting factor in all of this is false positives. While Niantic wants to stop cheating, it doesn’t want to block or limit any legitimate players. This makes it a very difficult problem, and contributes to the balance in the attacker/defender arms race.
Recently, Niantic implemented two new anti-cheating measures. The first is machine learning to detect cheaters. About this, we know little. The second is to limit the functionality of cheating accounts rather than ban them outright, making it harder for cheaters to know when they’ve been discovered.
“This is may very well be the beginning of Niantic’s machine learning approach to active bot countering,” user Dronpes writes on The Silph Road subreddit. “If the parameters for a shadowban are constantly adjusted server-side, as they can now easily be, then Niantic’s machine learning engineers can train their detection (classification) algorithms in ever-improving, ever more aggressive ways, and botters will constantly be forced to re-evaluate what factors may be triggering the detection.”
One of the expected future features in the game is trading. Creating a market for rare or powerful Pokémon would add a huge additional financial incentive to cheat. Unless Niantic can effectively prevent botting and spoofing, it’s unlikely to implement that feature.
Cheating detection in virtual reality games is going to be a constant problem as these games become more popular, especially if there are ways to monetize the results of cheating. This means that cheater detection will continue to be a critical component of these games’ success. Anything Niantic learns in Pokémon Go will be useful in whatever games come next.
Mystic, level 39 — if you must know.
And, yes, I know the game tracks works by tracking your location. I’m all right with that. As I repeatedly say, Internet privacy is all about trade-offs.
Powered by WPeMatico
November 3, 2017 cheating, fraud, games, Security technology Read more >
Denuvo is probably the best digital-rights management system, used to protect computer games. It’s regularly cracked within a day.
If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that doesn’t mean Denuvo will stay effectively useless forever. The company has updated its DRM protection methods with a number of “variants” since its rollout in 2014, and chatter in the cracking community indicates a revamped “version 5” will launch any day now. That might give publishers a little more breathing room where their games can exist uncracked and force the crackers back to the drawing board for another round of the never-ending DRM battle.
BoingBoing post. Slashdot thread.
Related: Vice has a good history of DRM.
Powered by WPeMatico
October 20, 2017 cracking, drm, games, Security technology Read more >
Powered by WPeMatico
November 1, 2016 games, gametheory, Security technology Read more >
An impressive Chinese device that automatically reads marked cards in order to cheat at poker and other card games.
Powered by WPeMatico
October 31, 2016 cheating, gambling, games, phones, Security technology Read more >
Roughly three weeks later, there is a operation program available to crack ACBL hand records.
- Given three consecutive boards, all the remaining boards for that session can be determined.
- The program can be easily parallelized. This analysis can be finished while sessions are still running
this would permit the following type of attack:
- A confederate watch boards 1-3 of the USBF team trials on vugraph
- The confederate uses Amazon web services to crack all the rest of the boards for that session
- The confederate texts the hands to a players smart phone
- The player hits the head, whips out his smart phone, and …
Powered by WPeMatico
September 16, 2016 cheating, cryptography, games, hacking, Security technology Read more >