… and you solve basically all the problems with computers in the entire security world – at least the problems that aren’t directly related to user stupidity.
What I’m talking about is how to vet information which comes from remote systems that you don’t control. In this latest instance, it’s people griping about how VALVe haven’t patched out the “fake full servers” that you connect to and they redirect you to another (probably empty) server.
In the past, it’s been people griping about MMORPGs like MapleStory, in which the clients are responsible for large amounts of the game logic. The root cause of the problem is that any time you rely on any information that comes from an untrusted source (what security concious programmers sometimes refer to as “the filthy userland”), the information is always suspect.
However there’s only so much you can do to vet this information before it becomes inefficient – that is you reach a point and you might as well just move all the logic back to your own machines so you can ensure the integrity of the data.
In layman’s terms, look at it this way: You and I both take walkie talkies to a large building and go off in different directions, and after a certain amount of time we agree to tell each other what color the rooms are painted. If you decided it were in your best interests to lie to me, how could I tell you weren’t? The obvious answer is that I walk over there and check it myself, but how long do we do that before it becomes inefficient?
Basically, if you solve this dillemma you solve one of the biggest problems in computer security – the issue of trusting an endpoint. We have encryption to ensure that data doesn’t get tampered with in transit, but as I try to impress upon people all the time – encryption is a giant, mostly impenetrable tunnel through which things travel unmolested. However, if you can get to either end of the tunnel you can influence what goes through it without much effort at all.
So, having said all that, how would you solve the problem of servers lying to Valve’s master servers about player counts?
Tags: security