Over the last couple years, a number online gaming sites experienced DDoS attacks that forced outages and tossed some sites offline and even Pirate Bay got hit with a DDoS attack when their users were not happy about the sale to Global Gaming Factory. Even back in 2004, there were articles that covered the Security Issues of Online Gaming and a few of those mentioned still hold today.
For users, the risks loom since they spend a lot of time and money on these games and there are always crooks out there looking to exploit that. There is also significant amount of social interaction with other players and many of the social media threats, like being tricked into exposing personal or financial information, are just a prevalent. And it’s not just hidden criminals. Full on media companies offering rewards, points or other game enhancements trick users into signing up for bogus offers and monthly subscriptions all while capturing their email address, credit card and other personal info. This is quick money for game developers (and social sites, advertisers and others) even if it is done in an unscrupulous way.
Malware infection whether it be worms, viruses or bots are also a risk. Most of us have learned that we should not click on an embedded email link for fear of computer infection. But do you use the same technique when searching for a new/hidden game file or conversing with another player over IM? They might have been part of your online ‘team’ for some time and you’ve exchanged tips. Then they promote some cool new ‘add-on’ and send you an IM saying, ‘download this hidden gem – earn points faster!!’ Would you use the same caution as a phishing email or click away? If the game required administrative rights for installation, would you grant it? Would you allow all JavaScript and ActiveX to run, knowing the inherent browser risks? Also, since you’re playing online, you have to be connected to a server somewhere. Is that server vulnerable? Has it been compromised? If it has, then you too can be vulnerable – it’s really no different than other server exploits. This applies to game operators also. How are you protecting your infrastructure from malicious behavior?
This document (pdf) from US-CERT has a nice overview of avoiding online gaming risks, was an inspiration for this blog post and offers several protective measures….which look a lot like the general security good practices we hear on a daily basis:
• Use antivirus and antispyware programs.Not to dampen any of your fun this year as many of us rip open new gaming consoles, connect them to the internet and start firing away, just use the same caution, suspicion and protection when you enter that fun zone. Don’t let your guard down just because you’re having a great time – that holiday glee can morph into your winter of discontent with a single click.
• Be cautious about opening files attached to email messages or instant messages.
• Verify the authenticity and security of downloaded files and new software.
• Configure your web browsers securely.
• Use a firewall.
• Identify and back up your personal or financial data.
• Create and use strong passwords.
• Patch and update your application software.
ps
- #24 out of 26 Short Topics about Security
- previous stories: 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1
Related resources:
No comments:
Post a Comment