How to hack an MMO

 Posted by (Visited 79868 times)  Game talk  Tagged with: , , , , , ,
Apr 172008
 

Given the recent hack to the blog, and also given the recent news of the decompiled Eve Online client, it seemed like a good time to go over some of the ways in which a virtual world gets hacked.

The interesting thing, of course, is that all the hacks I am going to talk about are actually not hacking the virtual world at all; they instead attack the client, which is your window into the world, and also your waldo, your means of exercising control over what happens in that world. And that’s because…

The client is in the hands of the enemy.

The Laws of Online World Design

You’ve probably heard that before — I wasn’t the first one to say it, but it constantly gets misattributed to me. That particular phrasing may have originated with Kelton Flinn, but I am sure many of us came up with it independently.

Continue reading »

Derivative games in 2008

 Posted by (Visited 7717 times)  Game talk  Tagged with:
Apr 162008
 

2008 is the year of gaming | Tech news blog – CNET News.com

Over the course of the next few months, we’ll be inundated with titles that will let us explore totally new worlds and enjoy totally new ways of playing video games. Unlike many other years where most of the titles were derivative, this year we may have something to propel creativity in the industry.

Emphasis is mine. Their list?

  • Grand Theft Auto IV – sequel
  • Ninja Gaiden 2 – sequel
  • Ghostbusters: The Video Game – semi-sequel, plus the movie is how old?
  • Devil May Cry 4 – sequel
  • Metal Gear Solid 4: Guns of the Patriots – sequel
  • Killzone 2 – sequel
  • Far Cry 2 – sequel
  • Rainbow Six Vegas 2 – sequel
  • Super Smash Bros. Brawl – sequel
  • Mario Kart Wii – sequel
  • Fallout 3 – sequel
  • Lost Odyssey – a spiritual sequel and pretty derivative
  • Fable 2 – sequel
  • Starcraft 2 – sequel
  • Gran Turismo 5 – sequel
  • Little Big Planet
  • Spore

So, by my count, two. Thank goodness for the smaller titles.

What WordPress needs

 Posted by (Visited 9518 times)  Misc  Tagged with: ,
Apr 162008
 

A plugin that

  • Greps every file in your public web directory, recursively, looking for “base64” and tells you about them. The default WP install has none of these.
  • Warns you on modification date of any file in the install, plus in any themes.
  • Checks header and footer for unusual size changes.
  • Warns you on any files added to install directories that are not something in the vanilla install — e.g., any new php files in wp-admin that aren’t part of the install.
  • Warns you on any .htaccess redirects.
  • Pulls out the list of administrators by querying in wp_usermeta for wp_metavalue containing %administrator% — not whatever the dashboard uses, which appears to correlate to other tables and therefore misses hacked accounts.
  • Generates a table of everything in wp_options that is not a part of the vanilla WP install, so you can check it. Sure, a whole bunch of plugins will show up, but maybe you can check that manually.

Doing all this by hand is getting old. 🙂 The saga continues at the other post, which continues to get updates.

More on the blog hacking

 Posted by (Visited 14303 times)  Game talk  Tagged with: , , , , , , ,
Apr 152008
 

I keep updating this post as I learn more. So if you’re affected, there’s new material at the bottom. I am currently running this full sweep every day, because each day I find something different. But three days ago there were twenty things, yesterday five, and today only one, so maybe I am getting closer.

Latest news 4/25/08: blog seems secure again. But be sure to do the “secret key” thing newly listed at the bottom as well!

So, I mentioned before that I was a victim of a hack. It was a spam injection attack — the one known as the Goro injection attack. But my symptoms were slightly different from some of the ones I have seen on the net, so here’s some war stories even though I suspect the blog is STILL not clean.

First, read these two posts:

Also read the advice from Jeff Freeman in the last post on this.

OK, in addition to that advice, I also had the following problems:

Continue reading »

The Sunday Song: Polliwog

 Posted by (Visited 7486 times)  Music, The Sunday Poem  Tagged with:
Apr 132008
 

OK, I lied. It’s not a song. It’s more of a jam session. Since it wasn’t fully grown and looked likely to have warts even upon attaining adulthood, I named it “Polliwog.” Drum tracks, bass, acoustic, two electrics, and the piano all piled onto a standard blues progression played really fast.

Basically, I slammed together three different blues riffs I like to jam with, two for guitar and one for piano. They were originally all in different keys, but I piled ’em all into one. If you want to add to the cacophony, it’s in E.

 Older Entries  Newer Entries