Greetings, glorious testers!

Check out Alpha Two Announcements here to see the latest news on Alpha Two.
Check out general Announcements here to see the latest news on Ashes of Creation & Intrepid Studios.

To get the quickest updates regarding Alpha Two, connect your Discord and Intrepid accounts here.

Please Intrepid do not neglect security

AsgermonAsgermon Member
edited July 2022 in General Discussion
I would like to make a suggestion here in the unlikely event that the Intrepid Stdios team hasn't had this thought themselves.
I recently saw a video from KiraTV about Manfred(not his real name).
It's about a hacker who has been making a living for 20 years hacking online games like MMORPG's and selling the in-game currency or items he gets from it. (Video is highly recommended)
Games he hacked were for example:
Ultima Online, Rift Online, Shadowbane, Lineage 2, World of Warcraft, Anarchy Online, Final Fantasy Online, Elder Scrolls Online, Wildstar Online.
In the meantime he gave up hacking games and started working for a consulting company.

My wish is that Intrepid Sutdios either hire Manfred or get similarly experienced Game Security Experts, who do nothing else but check the security of AOC (also from a hacker's point of view), into the team. By that I mean find security vulnerabilities in the game code , test server security, resilience and website security, develop security architectures for the game server & corporate network, as well as design processes that integrate security by design into the development process of AOC and also start blackbox hacking attempts to discover further attack surfaces and possible security measures.

Maybe I'm wrong and Intrepid already has all this on their list, but I just wanted to write it down here again, as there are just way too many companies that neglect or don't pay enough attention to the security of their software/games (see games mentioned above), which can lead to significant negative consequences.

Also, a bug bounty program might be an incentive to motivate experienced developers, hackers and IT-security experts to look for vulnerabilities in the game and report them, instead of abusing them (like Manfred did before) for their own benefit.

Also conceivable would be a hackercontest for selected developers (who can apply beforehand and have to sign a contract if they are selected), who get the chance to examine the AOC program code in a whitebox or backbox hacking contest and compete against each other to win prizes. This contest could for example last for several weeks and give developers from other areas of the world the opportunity to compete against each other to see who can find the most or most critical security vulnerabilities or bugs.

So please Intrepid get the experts it takes to make a secure game, because the attacks on AOC will come whether you like it or not.

Here are some links if you are interested in the topic and Manfred and his story:
Questions? all available info about AoC can be found here:
AoC Wiki
tech support
FAQ Channel AoC Discord
AoC Support&FAQ Forum
USE THE FORUM SEARCH BAR ;)

no answer found? ask here:
Ask a Question

Comments

  • I think it's good that you are linking resources that may be beneficial, whether they know of it or not.

    It's worth saying as it's been said before by them, that they will keep their planned security methodology close to their chest to minimise any chances of it being exposed. But they have made a point to say that they are doing what they can to pre-empt potential issues. We will have to see how that works in practice anyway.
Sign In or Register to comment.