Gaming - The Next Overlooked Security Hole

Presented at DEF CON 16 (2008), Aug. 9, 2008, 11 a.m. (50 minutes).

"Thanks to Web 2.0 and other over hyped BS, development has been moving farther and farther away from bare metal. Assuming you trust your libraries, this could even be called a good thing. If you're high." PC gaming, despite Microsoft's best efforts, is not dead. Yet. The modding community is alive and active, and even those same over hyped web technologies are starting to encroach in to shaders, and other things they shouldn't touch. Let's no even get started on the shady communities providing bots, cheats, and other grey market goods. We're now seeing those unifying technologies the web, and monolithic engines making their way in to these games. Automatic updates, electronic publishing systems, in-game advertisements, pay-for-item MMORPG systems all of these represent structural weaknesses that more and more people should be exploiting. Given the expectation of today's gamers a far as graphics, physics, and other frivolous crap, smaller developers have to purchase someone else's engine to get started and all of the bugs that come with it. This presentation will begin with a quick overview of what we've seen so far, and will progress in to specific weak points in current and future releases. High points will include: * Why buying someone else's engine is a bad idea (with charts!) * The proliferation of middleware, and the homogenization of gaming * The little "nude patch" that could: how to own yourself * Fake world + real money + ??? = Profit, or the economics of game exploits

Presenters:

  • Ferdinand Schober - Security Researcher
    Ferdinand Schober has been ranting about games for several years, and has been playing them in lieu of sleep since grade school. He recently left a security testing position with the highest ranked game publisher.

Links:

Similar Presentations: