Value of two-factor authentication in MMOs

Cypher­punks ever­y­where know that using two-factor authen­ti­ca­tion, when done right, is inher­ently more secure.

Not­hing can be said against the secu­rity of wisely-used one-factor authen­ti­ca­tion, but care must be taken to ensure the ongo­ing secu­rity of that fac­tor. If you use a pass­word, you need to choose a secure one — and if you don’t change it regu­larly, it logi­cally gets wea­ker, too.

I know of at least one WoW player who is posi­tively para­noid about expo­sing their pass­words to someone, even though they don’t exhi­bit that beha­viour elsewhere.

And then, of course, there’s the people who com­plain about having their accounts hacked, even though they used a secure pass­word like their birth­day. Or abcde.

A miti­ga­ting fac­tor against people being too stu­pid to use pass­words secu­rely, then, is nee­ded. And that’s where two-factor authen­ti­ca­tion comes along.

Two-factor authen­ti­ca­tion, in essence, means that there you need to prove your own iden­tity by two dif­fe­rent means. This isn’t like using two dif­fe­rent pass­words. The com­mon exam­ples for fac­tors include “things the user knows” — like a pass­word, PIN, etc, “things the user has”, like some form of phy­si­cal secu­rity token, and “things the user is”, i.e. bio­me­tric veri­fi­ca­tion methods.

Bio­me­tric veri­fi­ca­tion is more “com­for­ta­ble” to use, but does have two major drawbacks:

  1. it requi­res spe­cia­li­zed equip­ment (in most cases)
  2. it is vul­nera­ble to replay attacks

So, mainly for rea­sons of prac­tica­lity, owning an authen­ti­ca­tion token is the best method of get­ting a second fac­tor into the mix.

But why would a com­pany like Bliz­zard, for example, cough up the effort to actually enable some­thing like authen­ti­ca­tors — not only via device, but by mobile phone, too — and then go ahead and reward play­ers (in the form of an in-game pet, but nevert­he­l­ess) for using an authen­ti­ca­tor — merely to save people from their own stupidity?

Sim­ple enough: to help battle against “eco­no­mic” abuse, and to help pro­tect their own inte­rests by having to deal with less “hacked account” cases.

Even though the lat­ter rea­son might just be enough to imple­ment it, the for­mer is actually the most import­ant one. Gold far­ming is a serious pro­blem for online gaming com­pa­nies, and even under­de­ve­l­o­ped eco­no­mies like that of WoW can suf­fer greatly from such manipulation.

If you want to read a fic­tio­nal example of a near-future vision on the import­ance and con­cepts of gold far­ming, you should read up on Cory Doctorow’s “For The Win”. Even though it’s a bit over the top com­pa­red to the cur­rent state of the game, it might very well be simi­lar in the years to come.

Of course, the battle.net authen­ti­ca­tion token Bliz­zard dis­tri­bu­tes does seem to have relia­bi­lity pro­blems, the mobile authen­ti­ca­tor — a Java app­li­ca­tion — seems to work fairly well, and, com­pa­red to the DIGI­PASS Go 6 authen­ti­ca­tors used by Bliz­zard, actually has a reverse-engineered spec avail­able.

Even though the DIGI­PASS algo­rithm was, to the author’s know­ledge, not bro­ken so far, the fact that the deve­lo­ping com­pany does not dis­close the DIGI­PASS source code to non-customers, along with a rather cheeky atti­tude, should serve as suf­fi­ci­ent indi­ca­tors to avoid their products.

D&D rules lawyering: cover and stealth

I was recently rea­ding up on the ste­alth and cover mecha­nics, and even though I was fairly cer­tain about what is and what is not pos­si­ble, I found out that one edge case isn’t par­ti­cu­larly well-documented.

The rules, to be exact the Ste­alth rules cor­rec­tion from Player’s Hand­book 2, state:

Beco­m­ing Hid­den: You can make a Ste­alth check against an enemy only if you have supe­rior cover or total con­ceal­ment against the enemy or if you’re outs­ide the enemy’s line of sight. Outs­ide com­bat, the DM can allow you to make a Ste­alth check against a dis­trac­ted enemy, even if you don’t have supe­rior cover or total con­ceal­ment and aren’t outs­ide the enemy’s line of sight. The dis­trac­ted enemy might be focu­sed on some­thing in a dif­fe­rent direc­tion, allo­wing you to sneak up.

So, what it espe­cially says is that “supe­rior cover” works as a basis to get hid­den behind. Accor­ding to the Dun­geon Master’s Guide on deter­mi­ning cover for ran­ged attacks:

Choose a Cor­ner: The atta­cker choo­ses one cor­ner of a square he occu­p­ies, and draws ima­gi­nary lines from that cor­ner to every cor­ner of any one square the defen­der occu­p­ies. If none of those lines are blo­cked by a solid object or an enemy crea­ture, the atta­cker has a clear shot. The defen­der doesn’t have cover. (A line that runs par­al­lel right along a wall isn’t blo­cked.)
Supe­rior Cover: The defen­der has supe­rior cover if no mat­ter which cor­ner in your space you choose and no mat­ter which square of the target’s space you choose, three or four lines are blo­cked. If four lines are blo­cked from every cor­ner, you can’t tar­get the defender.

So, in theory, if you’d have a situa­tion where you’d have supe­rior cover from an enemy, e.g.
Illustration with a player behind two allies, and lines of sight to an enemy.
you’d be able to ste­alth your­self and gain com­bat advantage.

The only thing that really denies this pos­si­bi­lity are, again, the Ste­alth updates from Player’s Hand­book 2, this time the “Remai­ning Hid­den” sec­tion [empha­sis mine]:

Keep Out of Sight: If you no lon­ger have any cover or con­ceal­ment against an enemy, you don’t remain hid­den from that enemy. You don’t need supe­rior cover, total con­ceal­ment, or to stay outs­ide line of sight, but you do need some degree of cover or con­ceal­ment to remain hid­den. You can’t use ano­ther crea­ture as cover to remain hid­den.

Many thanks to @Milambus for loo­king up that pas­sage. [And making me feel stu­pid for not having found it mys­elf, by the way.]

And that’s the only pro­blem. So, you could gain ste­alth moving behind enemies, but imme­dia­tely lose ste­alth sta­tus again by being only behind a creature.

In a sense, this is balan­ced, since your rogue strikers could then just con­ti­nue to camp behind your own figh­ters and shoot sneak attacks at enemies from just behind their bud­dies (since they don’t block for the player), which would make com­bat encoun­ters quick enough, but also a bit boring.

Then again, as my player rogue poin­ted out, when there’s two huge dra­gon­born war­ri­ors poun­ding away at an enemy, how are they not sup­po­sed to be able to hide behind them? They aren’t 5′ wide, surely, but cer­tainly big­ger than a half-elf in every other dimension.

I just think that with a fur­ther update (yuck), we might be able to get a bit of cla­ri­fi­ca­tion on the fact how allies grant cover, but can­not grant supe­rior cover.

A new reason for leaving Ubuntu

So, if you’re won­de­ring your­self: “Why, Ubuntu is in the pro­cess of making ever­y­thing quite a bit more annoy­ing and fucking things up”, yet still think “that might just be mis­jud­ged opi­nion”, then fret no more. There’s an easy way to now know that Cano­ni­cal has offi­ci­ally gone bonkers.

The Ubuntu One Music Store.

After instal­ling an annoy­ing App Market-like “Soft­ware cen­ter” by default, swit­ching users over to a IM cli­ent that’s only remo­tely usa­ble, try­ing to sell you a cloud-based sto­rage solu­tion and swit­ching to Yahoo as the default search engine, you really have to won­der what the guys responsi­ble are up to.

So.

In short, Cano­ni­cal is on the verge of going Apple. Just bail boat while you still can.

D&D item: Martyr’s Collar

See­ing how ever­yone else is cur­rently crea­ting inte­res­ting items, I thought that I should throw one of my ideas into the mix. And after a bit of tin­ke­ring with how it should work, I present:

Martyr’s Col­lar Level 5

Res­ting tight against the throat, the wea­rer is always remin­ded of the price of sacrifice.

Lv 5   1.000 gp

Item slot:
Neck
Pro­perty:
This item can mean instant death for the cha­rac­ter. To wield it, the cha­rac­ter must suc­ceed at a hard will­power check. After three failu­res, the cha­rac­ter needs to take an exten­ded rest before try­ing again.
Power (At-Will ♦ Necrotic):
Stan­dard action. A con­scious and wil­ling cha­rac­ter may activate the col­lar while it is around their throat. The col­lar magi­cally con­stricts, seve­r­ing the user’s head from their body. The user’s life energy ser­ves as a power source for the col­lar and sends every attu­ned ally in range (burst 10) to the point defined by the attu­ning pro­cess.
Being able to sur­vive the deca­pi­ta­tion does not save the user, as all of their life energy is used up to power the collar’s magic.
The allies do not need to be wil­ling, con­scious, or even alive. If, for wha­te­ver rea­son, the desti­na­tion is not reachable, the col­lar will not activate. After the tele­por­ta­tion, the col­lar expands to its nor­mal pro­por­ti­ons and loses any attunement.
Power (Daily):
Stan­dard action. Every wil­ling ally in a burst 5 are attu­ned to the col­lar, and the item its­elf is attu­ned to the loca­tion. When the at-will power is used, all allies attu­ned and in range are trans­por­ted back to the cur­rent loca­tion. The col­lar does not need to be worn to be attu­ned; any cha­rac­ter tou­ch­ing the item can initiate the pro­cess. When pas­sing bet­ween owners, the item does not lose con­nec­tion to any attu­ned user or the attu­ned location.

Nobody really knows how these devices ever came to be, but they seem to have been used by devout and loyal war­ri­ors throug­hout time to save com­ra­des from cer­tain death by using their own life to shield them. The ulti­mate heroic sacri­fice, most souls sacri­fi­cing their bodies this way ascend to the Astral Sea.

Trusting self-signed certificates with Google Chrome on Linux

Update: added the “C” flag to SSL attri­bu­tes which I acci­den­tally for­got to include.
Also chan­ged $HOST to $host, as $HOST is the shell para­me­ter for the cur­rent hostname…

If you’re not really sure about how you can stop Chrome from per­man­ently remin­ding you that the ser­ver you’re con­nec­ting to is a bad boy (read: using a self-signed cer­ti­fi­cate), you’ll pro­bably end up loo­king at CACert’s Brow­ser Cli­ent page by way of Google. With a bit of rea­ding docu­men­ta­tion, you can pro­bably find out how to import a self-signed cer­ti­fi­cate and mark it as trus­ted, but since you’re pro­bably lazy, you’d rather just copy and paste a few instructions.

First, I have to stress is that blindly trus­ting a cer­ti­fi­cate you down­load off the inter­net is a Bad Idea. But expres­sing a cer­tain laissez-faire atti­tude: if you’re stu­pid enough to copy and paste blindly, you deserve it.

Second, sim­ple copy and paste instructions:

openssl s_client -connect $host:443 -showcerts > temporary_file
certutil -d sql:$HOME/.pki/nssdb -A -t CP,,C -n "$host" -i temporary_file

Third, expla­na­ti­ons:

  • s_client just con­nects to the given host­name, 443 being, as you should know, the (default) HTTP SSL port.
  • –show­certs shows all kinds of infor­ma­tion about the cer­ti­fi­cate, inclu­ding the cer­ti­fi­cate its­elf. You will pro­bably have to hit ^C/^D to stop s_client.
  • If you get mul­ti­ple (and dif­fe­rent) cer­ti­fi­ca­tes, first one will be the ser­ver cer­ti­fi­cate, and second one the CA certificate.
  • cer­tu­til (package hint: libnss3-tools can be used to manage your local «Net­work Secu­rity Ser­vices» SQLite database.
  • The spe­ci­fied argu­ment for cer­tu­til are:
    1. The data­base to use (in this case, the user-specific NSS database).
    2. The flag to add some­thing to the data­base (-A).
    3. The “trust types” for the cer­ti­fi­cate, in “SSL, S/MIME, CA” noti­fi­ca­tion: “P” for a trus­ted peer, and “C” for a cer­ti­fi­cate aut­ho­rity that may issue ser­ver certificates.
    4. A short­name to iden­tify the cer­ti­fi­cate in the data­base. The host­name works well and is fairly obvious.

A records on top level domains

After I stum­bled upon the won­der­ful URL shor­te­ner http://to/ today and imme­dia­tely began pos­ting it on IRC, I recei­ved a com­ment that someone didn’t even know that is was pos­si­ble to do so. I, of course, could only com­ment “of course it’s pos­si­ble”. But in the same train of thought, I just had to have a look at who else has a valid A record on their top level domain. So I fet­ched the IANA TLD list and, after being baff­led by the puny­code TLDs, threw some sh at the pro­blem:
(for domain in $(grep -v '^#' tlds-alpha-by-domain.txt); do host -t A "${domain}."; done) | grep -v 'has no A record'

For the sake of enjoy­a­bi­lity, I thus offer the results in table form, along with what kind of site is run­ning on port 80. Data time­stamp is 2010–01-08T16:05:00+0100, loca­tion for rou­ting is DTAG-DIAL26 / AS3320.

TLD IP con­tent (port 80)
AC 193.223.78.210 “Always con­nec­ted” (NIC.AC)
AI 209.59.119.34 “Off­shore Infor­ma­tion Services”
BI 196.2.8.205 “It works!”
CM 195.24.205.60 cm [195.24.205.60] 80 (www) : Connection refused
DK 193.163.102.23 “DK Host­mas­ter” (NIC.DK)
GG 87.117.196.80 Chan­nel Isles Domain Registration
HK 203.119.2.28 hk [203.119.2.28] 80 (www) : No route to host
IO 193.223.78.212 NIC.IO
JE 87.117.196.80 Chan­nel Isles Domain Registration
PH 203.119.4.7 HTTP 500.100 via bro­ken Micro­soft IIS
PN 80.68.93.100 Apa­che default home page
PW 203.199.114.33 pw [203.199.114.33] 80 (www) : No route to host
SH 64.251.31.234 sh [64.251.31.234] 80 (www) : No route to host
TK 217.119.57.22 “TK your long URL”, free .tk domain name registry
TM 193.223.78.213 NIC.TM
TO 216.74.32.107 TO./ URL shortener
UZ 91.212.89.8 some WAP page I can’d decipher
WS 63.101.245.10 ws [63.101.245.10] 80 (www) : Connection timed out

So, in short, 5 of 18 (27%) are down­right bro­ken, one is being autistic, and a fur­ther 2 (11%) are not con­fi­gu­red to do anything mea­ningful, lea­ding to a total of 8 — or 44% — of TLD A records being use­l­ess. Bonus: none of the sites have AAAA records and, thus, no IPv6 availability.

Discordian iCal calendar

Since I was play­ing around with Date modu­les a bit, I deci­ded to con­jure up some iCal files for the Dis­cor­dian calen­dar, which chro­ni­cles the Year of Our Lady Dis­cord, as descri­bed in the Prin­ci­pia Discordia.

With the goal eli­mi­na­ting any kind of depen­dency on actions by me to gene­rate the calen­dar files, I just pre­ge­ne­ra­ted them for the whole 21st century.

The files are stored at /discordian/$year.ical, with $year ran­ging from 2001 (which was the real start of the cen­tury and the mil­le­nium) to 2100.

For the sake of easy access — and as an expe­ri­ment to see what Google’ll make of it — I’ve com­pi­led a handy table so you can just click for the file you want.

Feel free to include this on your Google calen­dar (will make for an inte­res­ting traf­fic study) or redis­tri­bute it with a kudos to me, lin­king to this page (http://ydal.de/discordian-ical/). Copy­right shouldn’t be an issue since this com­pi­la­tion does not exceed the Schöp­fungs­höhe, but I’ll declare them to be CC-BY-DE 3.0 just in case.

Read more

Ubuntu — why it sucks

Ear­lier this year, I swit­ched from Debian to Ubuntu on both my net­book and my desk­top machine, because it quite plea­sed me how well it worked. For the net­book, this was sort of appro­priate, when igno­ring the fact that a net­book is slow by prin­ciple, but with my desk­top, my choice might have been less than wise.

Jaunty, 9.04, left me with occa­sio­nal ran­dom cra­shing of my X ser­ver, and app­li­ca­ti­ons some­ti­mes only star­ting at the second try, if at all. You’d get situa­ti­ons like bans­hee firing up, dra­wing the win­dow on the desk­top, and then locking up — which my com­piz duly ack­now­ledged by shading the win­dow after about fif­teen seconds. You kill it, you restart it, ever­y­thing works.

Add to this some other app­li­ca­ti­ons (like Evo­lu­tion, Nau­ti­lus and Tom­boy), along with the fact that GNOME Do just seems to ran­domly eva­po­rate into digi­tal not­hing­ness in the course of my uptime, and voila, you have a sys­tem that works mostly well, but just some­ti­mes annoys the hell out of you, espe­cially when the X ser­ver cras­hed the sys­tem because you did some­thing like Alt-Tabbing while you had two app­li­ca­ti­ons run­ning full­screen on dif­fe­rent moni­tors. Yep, it happened.

So, alas and behold, comes the saviour: Ubuntu 9.10, Kar­mic Koala! It shi­nes, it glit­ters, and it saves kit­tens from trees! Ever­y­thing is so much bet­ter with it!

… not.

Kar­mic, in the vain hope to be so much grea­ter to the com­mon good, tries to opti­mize and dumb down things for the users. Which, accor­ding to others, seems to work sple­ndidly — but abso­lu­tely fai­led on my end.

My woes with the rare animal

odin (the desktop)

For the record: odin’s specs are some­thing along the line of a Core2 Duo, GeForce 260 lin­ked to two screens, a couple of tera­bytes of hard drive and a Sound­Blas­ter SB Live! 5.1, after the onbound sound­card star­ted acting up and being gene­rally retar­ded on the gaming OS.

  1. Boot time has gone way … up. Even though it’s sup­po­sed to be opti­mi­zed for qui­cker boot and what­not, my pre­vious “less than ten seconds” boot time some­what dimi­nis­hed in the face of the opti­mi­zed boo­tup, which made my resol­v­conf (which I haven’t even tou­ched!) for no appa­rent rea­son, adding a 30 to 60s time­out on the top.
  2. It sol­ved the cra­shing pro­blems … not at all. The only it actually mana­ged is to get bug-buddy to be all “It looks like nau­ti­lus cras­hed” with a nice dia­log say­ing I should report a bug to Ubuntu. Which I won’t, since there’s not­hing log­wor­thy to sub­mit, it just dies and that’s it.
  3. The sound inter­face has been made super-easy! And, also, bloody hard to con­fi­gure cor­rectly. The new sound pre­fe­ren­ces eschew any kind of know­ledge about your sound card and just pre­sume to know bet­ter than you, which is exactly why it thinks it should fiddle with the Mas­ter volume of my Sound­blas­ter when on four way ste­reo mix up, which con­trols only two chan­nels, and not the PCM, which then regu­la­tes ever­y­thing. Jaunty allo­wed me to change the mixer con­trol to one I deemed best — no dice in Kar­mic. I now need to fire up alsa­mi­xer for that, and can’t use my key­board volume wheel wit­hout fiddling.
  4. Speaking of sound, it has become even more annoy­ing to find a way to turn off the logon sounds with GDM, since gdmsetup has been repla­ced by some­thing which does quite about not­hing at all.
  5. And, of course, hiber­nate doesn’t work any­more. As if any dis­tri­bu­tion would ever get that right.

baldr, the netbook

  1. Boot time has gone way … up. Yes, even one the famed “we sooo lurv you” Atom note­books Kar­mic pre­tends to like so much, per­for­mance pretty much went down the drain.
  2. Impro­ved exter­nal moni­tor sup­port! Plug in a second screen, get none of the real estate! As soon as I plug in the VGA dis­play while the lap­top is still run­ning, screens go irre­ver­si­bly blank until reboot. Having it plug­ged in while reboo­ting allows you to run 800×600 on both dis­plays, clo­ned, wit­hout the abi­lity to change the resolution.
  3. Hiber­nate doesn’t work. Even though it did before.
  4. And myriads of minor nui­san­ces like stut­ters and all that jazz.

May I note that this even hap­pens when being freshly instal­led from source on the net­book, so this is no tale of the com­mon upgrade blues.

Con­clu­sion

Well, I’ll pro­bably be chan­ging dis­tri­bu­tion soo­nish, yet again. Fedora might be a neat idea for the net­book, not yet sure if I will revert to Debian on odin.

The Kar­mic Koala is beco­m­ing incre­a­sin­gly extinct and fails to repro­duce appro­pria­tely even with an accep­ting mindset.

Internet address (IPv6) autodiscovery

At the U23 yes­ter­day, we inclu­ded a sim­ple prac­tice les­son on how net­works work. We have a ser­ver on our net­work cal­led fiep.labor.koeln.ccc.de. fiep only has a sin­gle address, 192.168.23.240/25 accor­ding to the local DNS ser­ver, as oppo­sed to the rest of the net­work, 172.23.23.0/24.

The rou­ter did not announce any route for 192.168.23.128/25, but fiep still had addres­ses in other net­works (172.23.23.23 as well as an address in 2001:6f8:100c:1::/48), but they weren’t announ­ced anywhere.

The task, as given, was “to con­nect to http://fiep/hacking4pizza/”. In essence, this redu­ced the task at hand to eit­her just giving your­self an IP in the 192.168.23.128/25 net­work or just set­ting a route for said net­work, and then opening up your brow­ser. Along with other work­a­rounds, of course, that do require know­ledge not easily available.

We had an inte­res­ting case, though: one sin­gle Mac user could con­nect to the host wit­hout pro­blem, just typ­ing in http://fiep/ and everything’s good.

Con­fu­sion was amongst us. We couldn’t quite explain how the Mac mana­ged to just access the site. We assu­med it was IPv6, blo­cked it, and voilà, it didn’t work anymore.

Vague theo­ries were ram­ped up. Mine was the sca­riest, and also rather possible:

  1. The cli­ent looks up the host­name, as usual.
  2. It gets the IP, sees that it has no route to go there.
  3. Next, an ARP request is pus­hed out for the IP.
  4. The switch comes yap­ping along and says “got it!”, along with the MAC address.
  5. The cli­ent then gene­ra­tes an IPv6 address from the MAC address.
  6. Voila, con­nec­tivity.

There’s just two points where this would have went wrong:

  1. Usually, the default route cat­ches any stragglers.
  2. Why gene­rate a v6 address when it gets a con­nec­tion to the v4 address? Of course, it doesn’t know whe­ther the rou­ter will actually for­ward anything at all.

In the end, though, it was some­thing way more sim­ple: we still had an exter­nal DNS ser­ver which pro­pa­ga­ted the public IPv6 address, and the cli­ent was using an exter­nal DNS server.

But try­ing to find out what actually hap­pened did prove quite entertaining.

DNS prefetching for spam address verification

See­ing how DNS pre­fet­ching is the new fad with brow­sers, I reckon there’s an easy way to con­firm valid addres­ses of web­mail ser­vice users:

  1. Con­trol a DNS to assign uni­que has­hed hostnames.
  2. Inte­grate links to has­hed host­na­mes in spam mails.
  3. If the reci­pi­ent uses cur­rent Chrome, Fire­fox, etc:
    1. The DNS pre­fet­cher will resolve the host name,
    2. Giving you a con­fir­med hit for the address in your log­files, since your uni­que host­name gets resolved.

Kind of remi­nis­cent of the whole “oh, we can have e-Mails with HTML, let’s put in images!” affair. The only thing that might be a bit of a pro­blem for a spam­mer is get­ting a domain with DNS ser­ver control.

Next Page »