Greetings, glorious adventurers! If you're joining in our Alpha One spot testing, please follow the steps here to see all the latest test info on our forums and Discord!
Options
Please Intrepid do not neglect security
Asgermon
Member
I would like to make a suggestion here in the unlikely event that the Intrepid Stdios team hasn't had this thought themselves.
I recently saw a video from KiraTV about Manfred(not his real name).
It's about a hacker who has been making a living for 20 years hacking online games like MMORPG's and selling the in-game currency or items he gets from it. (Video is highly recommended)
Games he hacked were for example:
Ultima Online, Rift Online, Shadowbane, Lineage 2, World of Warcraft, Anarchy Online, Final Fantasy Online, Elder Scrolls Online, Wildstar Online.
In the meantime he gave up hacking games and started working for a consulting company.
My wish is that Intrepid Sutdios either hire Manfred or get similarly experienced Game Security Experts, who do nothing else but check the security of AOC (also from a hacker's point of view), into the team. By that I mean find security vulnerabilities in the game code , test server security, resilience and website security, develop security architectures for the game server & corporate network, as well as design processes that integrate security by design into the development process of AOC and also start blackbox hacking attempts to discover further attack surfaces and possible security measures.
Maybe I'm wrong and Intrepid already has all this on their list, but I just wanted to write it down here again, as there are just way too many companies that neglect or don't pay enough attention to the security of their software/games (see games mentioned above), which can lead to significant negative consequences.
Also, a bug bounty program might be an incentive to motivate experienced developers, hackers and IT-security experts to look for vulnerabilities in the game and report them, instead of abusing them (like Manfred did before) for their own benefit.
Also conceivable would be a hackercontest for selected developers (who can apply beforehand and have to sign a contract if they are selected), who get the chance to examine the AOC program code in a whitebox or backbox hacking contest and compete against each other to win prizes. This contest could for example last for several weeks and give developers from other areas of the world the opportunity to compete against each other to see who can find the most or most critical security vulnerabilities or bugs.
So please Intrepid get the experts it takes to make a secure game, because the attacks on AOC will come whether you like it or not.
Here are some links if you are interested in the topic and Manfred and his story:
I recently saw a video from KiraTV about Manfred(not his real name).
It's about a hacker who has been making a living for 20 years hacking online games like MMORPG's and selling the in-game currency or items he gets from it. (Video is highly recommended)
Games he hacked were for example:
Ultima Online, Rift Online, Shadowbane, Lineage 2, World of Warcraft, Anarchy Online, Final Fantasy Online, Elder Scrolls Online, Wildstar Online.
In the meantime he gave up hacking games and started working for a consulting company.
My wish is that Intrepid Sutdios either hire Manfred or get similarly experienced Game Security Experts, who do nothing else but check the security of AOC (also from a hacker's point of view), into the team. By that I mean find security vulnerabilities in the game code , test server security, resilience and website security, develop security architectures for the game server & corporate network, as well as design processes that integrate security by design into the development process of AOC and also start blackbox hacking attempts to discover further attack surfaces and possible security measures.
Maybe I'm wrong and Intrepid already has all this on their list, but I just wanted to write it down here again, as there are just way too many companies that neglect or don't pay enough attention to the security of their software/games (see games mentioned above), which can lead to significant negative consequences.
Also, a bug bounty program might be an incentive to motivate experienced developers, hackers and IT-security experts to look for vulnerabilities in the game and report them, instead of abusing them (like Manfred did before) for their own benefit.
Also conceivable would be a hackercontest for selected developers (who can apply beforehand and have to sign a contract if they are selected), who get the chance to examine the AOC program code in a whitebox or backbox hacking contest and compete against each other to win prizes. This contest could for example last for several weeks and give developers from other areas of the world the opportunity to compete against each other to see who can find the most or most critical security vulnerabilities or bugs.
So please Intrepid get the experts it takes to make a secure game, because the attacks on AOC will come whether you like it or not.
Here are some links if you are interested in the topic and Manfred and his story:
Questions? all available info about AoC can be found here:
AoC Wiki
tech support
FAQ Channel AoC Discord
AoC Support&FAQ Forum
USE THE FORUM SEARCH BAR
no answer found? ask here:
Ask a Question
AoC Wiki
tech support
FAQ Channel AoC Discord
AoC Support&FAQ Forum
USE THE FORUM SEARCH BAR
no answer found? ask here:
Ask a Question
0
Comments
Enjoy!
It's worth saying as it's been said before by them, that they will keep their planned security methodology close to their chest to minimise any chances of it being exposed. But they have made a point to say that they are doing what they can to pre-empt potential issues. We will have to see how that works in practice anyway.