| Introduction |
|
xv | |
|
Part I The Protection Game |
|
|
1 | (20) |
|
|
|
2 | (4) |
|
|
|
3 | (2) |
|
|
|
5 | (1) |
|
|
|
6 | (15) |
|
|
|
7 | (1) |
|
|
|
8 | (4) |
|
Threats, Vulnerabilities, and Risk |
|
|
12 | (1) |
|
Beyond Protect, Detect, React |
|
|
13 | (2) |
|
|
|
15 | (2) |
|
Process, Testing, Tools, and Techniques |
|
|
17 | (2) |
|
|
|
19 | (1) |
|
|
|
20 | (1) |
|
Part II Piracy and Used Games |
|
|
21 | (2) |
|
Overview of Piracy and Used Games |
|
|
22 | (1) |
|
The State of Piracy and Anti-Piracy |
|
|
23 | (78) |
|
Determining the Scope of Piracy |
|
|
24 | (4) |
|
Trusted Brand Security: Nintendo and ADV |
|
|
28 | (1) |
|
Anti-Piracy Innovators: Nine Inch Nails and Disney |
|
|
29 | (1) |
|
|
|
30 | (1) |
|
|
|
31 | (1) |
|
|
|
32 | (12) |
|
|
|
32 | (1) |
|
|
|
33 | (1) |
|
Collectables, Feelies, and Other Stuff |
|
|
34 | (1) |
|
|
|
34 | (1) |
|
|
|
35 | (4) |
|
Splitting and Key Storage |
|
|
39 | (3) |
|
|
|
42 | (1) |
|
|
|
43 | (1) |
|
DRM, Licensing, Policies, and Region Coding |
|
|
44 | (11) |
|
|
|
44 | (1) |
|
|
|
45 | (1) |
|
|
|
46 | (5) |
|
|
|
51 | (3) |
|
|
|
54 | (1) |
|
Console Piracy, Used Games, and Pricing |
|
|
55 | (11) |
|
|
|
55 | (5) |
|
|
|
60 | (2) |
|
Pricing Pirates Out of Business |
|
|
62 | (3) |
|
|
|
65 | (1) |
|
|
|
66 | (1) |
|
|
|
66 | (9) |
|
Authenticating the Server |
|
|
70 | (4) |
|
|
|
74 | (1) |
|
Other Strategies, Tactics, and Thoughts |
|
|
75 | (17) |
|
|
|
75 | (1) |
|
|
|
76 | (3) |
|
|
|
79 | (1) |
|
|
|
79 | (5) |
|
|
|
84 | (3) |
|
Playing with Secure Digital Distribution |
|
|
87 | (4) |
|
|
|
91 | (1) |
|
Anti-Piracy Bill of Rights |
|
|
92 | (5) |
|
Basic Fair Use Principles |
|
|
93 | (1) |
|
|
|
94 | (1) |
|
|
|
95 | (1) |
|
|
|
95 | (1) |
|
|
|
96 | (1) |
|
|
|
97 | (4) |
|
Determining the Goal of Anti-Piracy Policies |
|
|
97 | (2) |
|
|
|
99 | (2) |
|
|
|
101 | (88) |
|
|
|
102 | (1) |
|
|
|
103 | (29) |
|
Cheating and the Game Industry |
|
|
103 | (2) |
|
|
|
105 | (1) |
|
|
|
106 | (4) |
|
The Carrds Reference Model |
|
|
110 | (1) |
|
|
|
111 | (10) |
|
Security, Trust, and Server Architectures |
|
|
121 | (4) |
|
|
|
125 | (2) |
|
|
|
127 | (2) |
|
Business Models and Security Problems |
|
|
129 | (2) |
|
|
|
131 | (1) |
|
App Attacks: State, Data, Asset, and Code Vulnerabilities and Countermeasures |
|
|
132 | (14) |
|
Memory Editors, Radar, and ESP |
|
|
132 | (2) |
|
|
|
134 | (3) |
|
Code Hacks and DLL Injection |
|
|
137 | (2) |
|
Blind Security Functions, Code Obfuscators, and Anti-Tamper Software Design |
|
|
139 | (2) |
|
Save Game Attacks, Wallhacks, and Bobbleheads |
|
|
141 | (1) |
|
Secure Loader and Blind Authentication |
|
|
142 | (3) |
|
|
|
145 | (1) |
|
|
|
146 | (9) |
|
Is It ``Help'' or Is It Cheating? |
|
|
146 | (3) |
|
CAPTCHAs: Distinguishing Players from Programs |
|
|
149 | (1) |
|
|
|
150 | (4) |
|
|
|
154 | (1) |
|
Network Attacks: Timing Attacks, Standbying, Bridging, and Race Conditions |
|
|
155 | (11) |
|
ACID, Dupes, and SQL Attacks |
|
|
155 | (2) |
|
|
|
157 | (1) |
|
|
|
158 | (5) |
|
Thinking About Network Time: Act, But Verify |
|
|
163 | (2) |
|
|
|
165 | (1) |
|
|
|
165 | (1) |
|
|
|
166 | (15) |
|
|
|
166 | (1) |
|
|
|
167 | (1) |
|
|
|
167 | (2) |
|
Word, Number, and Puzzle Games |
|
|
169 | (1) |
|
Algorithmic Games, Physics Flaws, and Predictable Behavior |
|
|
170 | (3) |
|
Speed, Twitch, Timing, and Pixel Precision |
|
|
173 | (2) |
|
Strong and Dominant Strategies and Deep Game Play |
|
|
175 | (1) |
|
Power of People: Rock-Paper-Scissors, Poker, and the World of Psychology |
|
|
175 | (1) |
|
Game Play Patterns: Combat Devolved |
|
|
176 | (3) |
|
|
|
179 | (1) |
|
|
|
179 | (2) |
|
Case Study: High-Score Security |
|
|
181 | (8) |
|
Cheating in High-Score Games |
|
|
181 | (1) |
|
Encryption, Digital Signatures, and Hash Functions |
|
|
182 | (2) |
|
|
|
184 | (1) |
|
|
|
184 | (1) |
|
Alternative High-Score Strategies |
|
|
185 | (1) |
|
Puzzles, Skill-Based Games, and Other Deterministic Games |
|
|
186 | (1) |
|
Inappropriate Player Handles |
|
|
187 | (1) |
|
|
|
187 | (1) |
|
|
|
187 | (2) |
|
Part IV Social Subversion: From Griefing to Gold Farming and Beyond with Game Service Attacks |
|
|
189 | (62) |
|
Overview of Social Subversion |
|
|
190 | (2) |
|
Competition, Tournaments, and Ranking Systems (and Their Abuse) |
|
|
192 | (17) |
|
Understanding Tournaments and Ranking Systems |
|
|
192 | (3) |
|
|
|
195 | (2) |
|
|
|
197 | (1) |
|
Tournament and Ladder Game Play Attacks |
|
|
197 | (2) |
|
Abandonment: The ``Game Over'' Game |
|
|
199 | (2) |
|
|
|
201 | (1) |
|
|
|
202 | (2) |
|
|
|
204 | (2) |
|
Retrofitting Games for Tournaments and Skill Games |
|
|
206 | (1) |
|
|
|
206 | (1) |
|
|
|
207 | (2) |
|
|
|
209 | (14) |
|
Communications Griefing and Spam |
|
|
210 | (5) |
|
|
|
215 | (2) |
|
|
|
217 | (1) |
|
Liability and Business Risk |
|
|
218 | (3) |
|
|
|
221 | (2) |
|
Game Commerce: Virtual Items, Real Money Transactions, Gold Farming, Escorting, and Power-Leveling |
|
|
223 | (20) |
|
|
|
226 | (1) |
|
|
|
227 | (1) |
|
|
|
228 | (2) |
|
|
|
230 | (6) |
|
Gold Frauders, Online Thieves, and Insiders |
|
|
236 | (2) |
|
|
|
238 | (1) |
|
|
|
239 | (1) |
|
Escort Services, Subletting, and Virtual Prostitution |
|
|
240 | (1) |
|
|
|
240 | (1) |
|
|
|
241 | (2) |
|
To Ban or Not To Ban? Punishing Wayward Players |
|
|
243 | (8) |
|
Crime, Credibility, and Punishment |
|
|
243 | (1) |
|
The Cost of Punishment: Who's Being Punished? |
|
|
244 | (1) |
|
Possible Punishments and Credible Deterrence |
|
|
245 | (3) |
|
|
|
248 | (1) |
|
|
|
249 | (2) |
|
|
|
251 | (120) |
|
Welcome to the Real World |
|
|
252 | (2) |
|
Insider Issues: Code Theft, Data Disclosure, and Fraud |
|
|
254 | (12) |
|
Code Theft and Other Data Disclosures |
|
|
255 | (3) |
|
|
|
258 | (1) |
|
|
|
259 | (1) |
|
|
|
260 | (2) |
|
Privileging and Isolation |
|
|
262 | (3) |
|
|
|
265 | (1) |
|
|
|
266 | (9) |
|
|
|
266 | (1) |
|
Security Accountability in Third-Party Development |
|
|
267 | (1) |
|
Security Accountability in Third-Party Licensing |
|
|
268 | (2) |
|
Service Provider and Partner Security Issues |
|
|
270 | (3) |
|
|
|
273 | (1) |
|
|
|
274 | (1) |
|
Money: Real Transactions, Real Risks |
|
|
275 | (13) |
|
|
|
276 | (4) |
|
Inside the Payment Process: PayPal |
|
|
280 | (2) |
|
|
|
282 | (4) |
|
Integration for Automation |
|
|
286 | (1) |
|
|
|
287 | (1) |
|
|
|
287 | (1) |
|
More Money: Security, Technical, and Legal Issues |
|
|
288 | (6) |
|
|
|
289 | (1) |
|
Account Security, Virtual Items, and Real Money |
|
|
289 | (1) |
|
Money Laundering and Illegal Payments |
|
|
290 | (1) |
|
Money Laundering: Legal Issues |
|
|
291 | (2) |
|
|
|
293 | (1) |
|
Identity, Anonymity, and Privacy |
|
|
294 | (19) |
|
The State of Identity and Anonymity |
|
|
295 | (1) |
|
The Registration Problem and Identity Management Systems |
|
|
296 | (6) |
|
|
|
302 | (2) |
|
Usage Controls and Game Addiction |
|
|
304 | (2) |
|
Account Compromise, Identity Theft, and Privacy |
|
|
306 | (2) |
|
Legal Requirements for Privacy Protection |
|
|
308 | (2) |
|
|
|
310 | (3) |
|
Protecting Kids from Pedophiles, Stalkers, Cyberbullies, and Marketeers |
|
|
313 | (11) |
|
Dealing with Cyberbullies, Pedophiles, and Stalkers |
|
|
315 | (1) |
|
Kids' Communications, Parental Controls, and Monitoring |
|
|
316 | (3) |
|
|
|
319 | (1) |
|
|
|
320 | (1) |
|
|
|
321 | (1) |
|
|
|
322 | (2) |
|
Dancing with Gambling: Skill Games, Contests, Promotions, and Gambling Again |
|
|
324 | (11) |
|
What Is Gambling and What Is Not |
|
|
325 | (1) |
|
|
|
326 | (1) |
|
|
|
327 | (1) |
|
Miscellaneous Security Issues |
|
|
328 | (1) |
|
|
|
329 | (4) |
|
|
|
333 | (2) |
|
Denial of Service, Disasters, Reliability, Availability, and Architecture |
|
|
335 | (9) |
|
What Can Go Wrong, Will Go Wrong |
|
|
335 | (1) |
|
|
|
336 | (3) |
|
Scalability and Availability |
|
|
339 | (1) |
|
Sample Game Operations Architecture |
|
|
340 | (2) |
|
Disasters and Disaster Recovery |
|
|
342 | (1) |
|
|
|
342 | (1) |
|
|
|
343 | (1) |
|
Scams and Law Enforcement |
|
|
344 | (7) |
|
|
|
345 | (2) |
|
|
|
347 | (1) |
|
|
|
348 | (1) |
|
Facilities Requirements: Potential Unexpected Laws and Regulations |
|
|
349 | (1) |
|
|
|
350 | (1) |
|
Operations, Incidents, and Incident Response |
|
|
351 | (8) |
|
|
|
352 | (2) |
|
|
|
354 | (1) |
|
Incidents and Incident Response |
|
|
354 | (2) |
|
Public Relations and the Perception of Security |
|
|
356 | (2) |
|
|
|
358 | (1) |
|
|
|
359 | (5) |
|
|
|
359 | (1) |
|
Online Tools for the Modern Terrorist |
|
|
360 | (3) |
|
|
|
363 | (1) |
|
|
|
364 | (7) |
|
``We Have Met the Enemy and He Is Us'' |
|
|
364 | (3) |
|
The Business of Game Protection |
|
|
367 | (3) |
|
|
|
370 | (1) |
|
|
|
370 | (1) |
| Selected Game Security Incidents |
|
371 | (8) |
| Glossary |
|
379 | (6) |
| Index |
|
385 | |
