Jump to content

  • Log In with Google      Sign In   
  • Create Account


Indie computer security


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
19 replies to this topic

#1 Glass_Knife   Moderators   -  Reputation: 3426

Posted 27 April 2013 - 06:27 AM

Like many of you, I spend my nights, weekends, and holidays working on indie programming projects in the feeble attempt to be the next Minecraft.  I was checking my Windows security logs the other day, and I realized that I don't know anything about this stuff.  Immediately I got worried that some hacker is accessing my computer at night and stealing all my stuff (crazy, right).  

 

So, two questions.  This is a Audit Success.  It looks fishy, but I had no luck googling this to figure out what it is.  Any thoughts?

 

An account was successfully logged on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

New Logon:
	Security ID:		ANONYMOUS LOGON
	Account Name:		ANONYMOUS LOGON
	Account Domain:		NT AUTHORITY
	Logon ID:		0x64435
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	NTLM V1
	Key Length:		0

 

 

I googled the NtLmSsp, and it looks like a security program, but I'm paranoid.  

 

My second questions is what do you do for security while working on super-secret indie stuff?  Is there some website or book about securing your computer that I should know about?


I think, therefore I am. I think? - "George Carlin"
Indie Game Programming

Sponsor:

#2 Khatharr   Crossbones+   -  Reputation: 2819

Posted 27 April 2013 - 02:05 PM

Wrapping your computer in tinfoil is a good first step.

What are you running that would allow a remote user to access your filesystem?
void hurrrrrrrr() {__asm sub [ebp+4],5;}

There are ten kinds of people in this world: those who understand binary and those who don't.

#3 Glass_Knife   Moderators   -  Reputation: 3426

Posted 27 April 2013 - 06:07 PM

Wrapping your computer in tinfoil is a good first step.

 

I don't know if I can find foil made of tin.  Does aluminum foil work?

 

If there is a way for someone to login and/or access my file system, it would be through some weird security flaw I don't know about, or some service that I don't realize should be disabled.  I didn't see an file access, but I don't think I would recognize suspicious behavior if I saw it.


I think, therefore I am. I think? - "George Carlin"
Indie Game Programming

#4 Bacterius   Crossbones+   -  Reputation: 8157

Posted 27 April 2013 - 06:35 PM

The NT AUTHORITY and the fact that no account name, no network information, and only generic login credentials are provided hints that this is probably just a local system service elevating itself to perform some maintenance (updates or other). There is more than one account on your system.

 

But if you are so paranoid about people stealing your code, you should just get peace of mind by developing on a machine not connected to the internet and looking up information on a second machine. Not that your concerns are necessarily justified, but if that helps... to be fair if someone or something did manage to log into your system, I doubt he or it would make a beeline to your code. It'll probably just add your computer to some botnet and start churning out spam emails. It might also do a filesystem search for credit card info, that sort of stuff, ..


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#5 Khatharr   Crossbones+   -  Reputation: 2819

Posted 27 April 2013 - 07:42 PM

grep "teh monies" *.*


void hurrrrrrrr() {__asm sub [ebp+4],5;}

There are ten kinds of people in this world: those who understand binary and those who don't.

#6 Bacterius   Crossbones+   -  Reputation: 8157

Posted 27 April 2013 - 07:49 PM

grep "teh monies" *.*

 

You'd be surprised how many people put their passwords in a plain text file. Or even a keepass database with a crappy master passphrase. dry.png


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#7 TheChubu   Crossbones+   -  Reputation: 3699

Posted 28 April 2013 - 03:15 PM

Not even Microsoft gets hacked for source code. The worst they had was a leak (some Win 2000 sources I think?) from another company, and its not Linux devs were all like "OMG LETS STEAL THEIR SECRETZ!" Hell, if you're using C#/Java, there is a big chance that someone will get usable sources of your stuff anyway (*cough* Minecraft modding *cough*).

 

Besides, hackers are usually more interested in DRM code rather than the actual game code :D


Edited by TheChubu, 28 April 2013 - 03:16 PM.

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#8 Krohm   Crossbones+   -  Reputation: 2961

Posted 29 April 2013 - 01:35 AM

My second questions is what do you do for security while working on super-secret indie stuff?

I do nothing as I have enough stuff to think about already. I just keep OS and AV updated, firewall on and I feel fine.

 

But if you want to be paranoid, look at your NTFS file access permissions for network shares, I guess those could be a start.



#9 Glass_Knife   Moderators   -  Reputation: 3426

Posted 29 April 2013 - 04:53 AM

It isn't that I'm paranoid and ready to wrap me head in foil.  I was looking at the security logs and thinking "I don't know anything about these logs.  I wonder if I should be doing something else for security?"  After scanning the logs, I realized that I wouldn't know what to look for, and thought there may be some good resources out there for learning more about security.

 

I also did not realize a question about security would be mark me as a super-paranoid conspiracy theorist.  That's interesting.


I think, therefore I am. I think? - "George Carlin"
Indie Game Programming

#10 ranakor   Members   -  Reputation: 439

Posted 29 April 2013 - 06:04 AM

Not really no, on a non server computer running windows it just boils down to keep your windows up to date, don't install third party stuff unless you know about it and downloaded it from the publisher, don't run web browser plugins you don't need and keep those you need up to date, and don't click on stuff you shouldn't.

OSes are pretty secure by default nowadays so it's not much about "what should i do", but "what should i avoid doing", if you're not looking for trouble launching randomly downloaded stuff as an admin or clicking those nice weird extention links in viagram spam mails, you shouldn't really worry.



#11 ApochPiQ   Moderators   -  Reputation: 14281

Posted 29 April 2013 - 12:15 PM

Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary. If you need to port forward, do it on a second machine that doesn't contain any of your code, and segregate that physically (i.e. not on the same network/behind the same router) as your code machine. That'll keep out probably 99.9% of people who might try to sniff your system.

To study up on security auditing, there's always a handful of good books, although I haven't personally read any in years (on security specific topics for Windows) so I can't make any recommendations offhand. You could also consider looking at certification study guides for various security certs, those have some decent introductory information usually (but the certs themselves are vastly overrated IMHO).

#12 Glass_Knife   Moderators   -  Reputation: 3426

Posted 30 April 2013 - 08:27 AM

Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary.

 

Then I checked my router, and sure enough, there are open ports from games and torrents long ago.  So this whole exercise was a success.  

 

Thanks ApochPiQ!


I think, therefore I am. I think? - "George Carlin"
Indie Game Programming

#13 Bacterius   Crossbones+   -  Reputation: 8157

Posted 30 April 2013 - 09:28 AM

Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary.

 

Then I checked my router, and sure enough, there are open ports from games and torrents long ago.  So this whole exercise was a success.  

 

Thanks ApochPiQ!

 

Reminds me I have an old TF2 port open as well. Should probably close it. smile.png


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#14 TheChubu   Crossbones+   -  Reputation: 3699

Posted 03 May 2013 - 02:30 AM

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).


"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#15 Hodgman   Moderators   -  Reputation: 27622

Posted 03 May 2013 - 02:49 AM

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).

Generally if you're just a client of multiplayer games, you don't need to explicitly open/forward any ports at all. NAT should automatically set up all the forwarding.

 

If you have a firewall, which is set to block all ports by default, then you may need to tell it that you're intending to use a particular port... but nice ones will ask you (e.g. the basic Windows firewall pops up a dialog when you play a new MP game for the first time, asking if you'd like to block or allow that port.

 

If you're hosting a server for game, then you may need to forward ports, because when a client tries to connect to you by IP address, NAT hasn't occurred yet, so your home router will see their connection attempt as spam (you haven't contacted them first, so why are they contacting you?) and discard it. In these cases, you need to explicitly tell your router to forward this port on to your PC, so these unsolicited messages will make it to your game server. 



#16 Bacterius   Crossbones+   -  Reputation: 8157

Posted 03 May 2013 - 02:50 AM

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).

 

Port forwarding has nothing to do with latency. All it does is tell your router or system firewall "let me initiate a remote connection on outgoing port X and optionally translate said port to some other port Y" or (more likely) "let a remote host initiate a connection to my computer on incoming port X and optionally translate said port to some other port Y".

 

Basically, if you host a server and are behind a router, you'll most likely have to do some port forwarding, otherwise your router will deny anyone outside your network the ability to connect to your server. In general, most home routers by default let you connect to anything on any port, but do not let anything at all connect to you (which is not necessary for everday internet usage but only needed when you want to host a public service on your home network, which is by the way not recommended outside of the occasional game server as residential lines are not designed for this, in fact some ISP's will forbid you from doing so). Business or school routers, on the other hand, are stricter, due to security concerns.

 

This is really annoying because gamers around the world will typically just throw the same generic advice at people, "have you forwarded your ports", which is useless advice. Port forwarding is an all-or-nothing situation. If it's not configured right, you won't just lag, it simply will. not. work. at. all. And furthermore, allowing incoming connections on various ports on a home router is a security risk. And usually, unless you are hosting, you do not need to touch your ports as most people have it already set up by default. At least I've never had to.

 

So, no, unless your router has the horsepower of a pocket calculator, port forwarding should not affect latency. It will simply enable/prevent you to connect (or host).

 

^ and as Hodgman said above, computers behind a same router share the same IP, so unless you have told the router to "forward incoming stuff on port 1874 on my computer", it won't know where to send it inside the network and so will just discard it (or route it to the DMZ, if you have set that up)

 

Now UPNP is a different matter, though..


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#17 TheChubu   Crossbones+   -  Reputation: 3699

Posted 03 May 2013 - 03:04 AM

Ahhh, I understand now. Thanks for the answers! Imaginary +1s to both of you.


"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#18 Bacterius   Crossbones+   -  Reputation: 8157

Posted 03 May 2013 - 03:55 AM

Ahhh, I understand now. Thanks for the answers! Imaginary +1s to both of you.

 

That would be a +i then biggrin.png


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#19 Glass_Knife   Moderators   -  Reputation: 3426

Posted 03 May 2013 - 08:48 AM


Ahhh, I understand now. Thanks for the answers! Imaginary +1s to both of you.

 
That would be a +i then biggrin.png


But he said for both = -1 sad.png
I think, therefore I am. I think? - "George Carlin"
Indie Game Programming

#20 TheChubu   Crossbones+   -  Reputation: 3699

Posted 08 May 2013 - 04:41 PM

Now we need a reputation system with both real and imaginary parts...


"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator





Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS