Games and the Dark Side of Security

Over the years Luigi Auriemma has taken upon himself to discover numerous security vulnerabilities in new and old games that can be played either online, via such services as GameSpy, or on the LAN.

I had the oppurtunity to play the beta version of DDO, and as would almost anyone, I opened up my sniffer (Ethereal!) and started disassembling the traffic being sent.
I must say it took me very few packets to start understanding what is being sent between me and the server, and a few Perl lines to mimic most of the traffic being sent.

I am sure that if I had a few more days to continue on my investigation, a few vulnerabilities would have popped up… I am sure that DDO’s authors have not spent more than a few hours, in comparison to a few years, of man labour to try and understand what vulnerabilities their product might be vulnerable to, or even to how they should tackle them if they arise.

Too bad, what has always made a good multiplayer game is the stability of the server(s) – not to mention that the game needs to be playable :)

Time will tell whether DDO will face the same outcome as many other games have faced, with vulnerabilities being discovered in them, causing harm to the servers or even to the clients (players).

  • Luigi ftw

    Luigi rocks. I’m glad at least one person takes game security seriously.