But that interactivity can come with a price, Mr. McGraw said. For example, he said, when a game player moves about in the imaginary environment of Blizzard Entertainment's best-selling "World of Warcraft," his position is controlled by his personal computer.
The game server, which continually updates all players' activity, "believes whatever the PC tells it." As long as a player is merely walking around, that is fine. But a hacker can teleport across the imaginary world, thus gaining an unfair advantage over those who are playing according to the rules.
The server's total trust of the individual player's PC becomes an invitation to mischief. A more sophisticated cyber-miscreant can gain even more of an advantage by creating a "bot," a computer "robot" that functions automatically -- in this case, playing a game and accumulating virtual treasures while its creator sleeps. In the non-game world, Internet scammers already use bots on a large scale to send out fake e-mails purporting to come from merchants and banks.
With an increased use of client-server architecture, such activity could become even more prevalent. "As long as there's going be value available to them they're going to try to exploit that," said CERT internet security analyst Jason Milletary of online criminals. "It's not new crime, it's just new vectors of old crime.
" While merchants and law enforcement officials alike continually strive to educate users how to interact more securely, Mr. McGraw directs his message primarily to developers. "Most people who build our [computer] systems don't think about bad guys when they build, and that turns out to be a mistake," Mr.
McGraw said. "There are in fact people who want to cheat and who want to make your program fail in interesting ways.
News RSS