Is being watched in an MMO by Spooks OK?

By now most gamers have head about the NSA watching games like WoW and SecondLife for dangerous individuals. If you’re also watching out for potential impacts from the NSA’s activities exposed recently, you’re probably now saturated with odd and scary stories.

A meandering thought or two is below.

Frankly the entire concept reads like fiction to me, and is scary enough that I’m seriously considering changing a huge amount of what tools I use and what I do online.

By way of really dreadful example – please consider these revelations about what is plausible for surveillance. It is an video explanation of the methods recently exposed. Actual hardware hacks, device exploits, and all other manner of “hacks and hijacks”.

Continue reading

Advertisements

Interesting security alert for Blizzard

Logo of Blizzard Entertainment

Not the first, and not the last account security alert for a game company came yesterday from Blizzard. In short – their systems were significantly compromised sometime around Aug 4 2012, and while no credit card information, billing addresses, or real names were exposed, the basic message is that everyone needs to change their passwords and account information. Details here.

Honestly I think that this is a mess, and a mess that demonstrates a few points worth noting for organisations which have either a vocal population or sensitive information (yes, everyone):

  • Anyone is vulnerable to a hack, even the monolithic software devs. Consider that the larger the company, the larger the revenue, and the larger the honeypot of information is that could be obtained. That makes Blizzard an exceedingly juicy target.
  • Good tools and development principals can assist in protecting customers. The authenticator makes a big difference. The password storage mechanism inside the system/DB makes a huge difference.
  • Telling customers the open truth will garner the best reaction. Following up with extra news and responses to questions will save the share price.
  • Telling customers quickly is critical. If a customer finds out late then the vendor is on the hook for every poor experience in the customers mind from that point forward, however illogical they are.
  • Always provide a plan of what to do next, and what is happening next.

It is not that companies need good security (they do), but they also need excellent protocols for security events. A gaff in dealing with a breach in security will hurt a long after the actual systems are restored. The public has a long memory.

This means that while trying to patch the issue Blizzard are also considering the PR damage control. It appears from my first review that Blizzard took the honest path – they spoke clearly about what happened. I think I read elsewhere that they also have involved external consultants to help. Even bloody better. Nothing makes a systems or a dev person stand up like having another techie review how you do things. In spite of the hack, its good to see.

So go update your passwords, I’m not sharing a “password reset” link as I distrust any links like this that I don’t type out myself. Continue reading