Securiplay.com

  • Location
  • Contact Us
  • Blog
    • Securiplay.com

Monthly Archives: December 2013

Geo-location as an event trigger

Posted on December 16, 2013 by brasscount Posted in Uncategorized .

http://www.wired.com/design/2013/12/with-location-ifttt-links-apps-to-your-real-world-activity/

Pretty cool use of a rules based business logic. See lots of potential for this from a security perspective.

http://www.wired.com/design/2013/12/with-location-ifttt-links-apps-to-your-real-world-activity/

Leave a comment .

Steve Jackson inspired white hat hacking game

Posted on December 12, 2013 by brasscount Posted in Uncategorized .

Ctrl-Alt-Hack. Interesting idea. Adam Shostack is involved, and it mentions GURPS and Munchkin.

https://www.novainfosec.com/2012/11/23/black-friday-pick-new-control-alt-hack-card-game/

Leave a comment .

BoingBoing: ACLU on geo-location as a pre-crime indicator

Posted on December 11, 2013 by brasscount Posted in geo-loc, Geo-location .

Interesting idea. Why not use geo-location data patterns to predict that a citizen might commit a crime?

Because its wrong perhaps? While crime analysis does aspire to make statistical predictions about future crime, and while we increasingly eschew any semblance of privacy, geo-location data really should be restricted to access by probable cause and warrant.

http://boingboing.net/2013/12/10/life-from-the-near-future-of-l.html?utm_source=dlvr.it&utm_medium=twitter

Leave a comment .
Tags: 4th amendment, fourth amendment, geo-location, privacy .

Ars Technica: Snowden leak examines gaming as a terrorist propaganda and training tool

Posted on December 11, 2013 by brasscount Posted in adversarial gamification .

Ars Technica: Snowden leak examines gaming as a terrorist propaganda and training tool.

Interesting article, about one of that asshole Snowden’s leaked documents. The idea is that video games can be used to train people. I know, shocking revelation, and all, but still… On buddy of mine pointed out that if you can get people addicted to MMO’s they will probably not have the drive to be suicide bombers. I counter that if you want them to become suicide bombers on our side, you crack their WoW or EVE password, plunder their accounts and sell their gear, then tell them that it was Iran.

In this case, though there is a assessment of video game genres and how useful they would be in training the adversary. As anyone who has played these games know, they are fantastic for thinking strategically about security.

20131210-190020.jpg

Leave a comment .
Tags: games as training tools, Leak, NSA, snowden .

A Plethora of Gamification articles

Posted on December 10, 2013 by brasscount Posted in gamification of function, gamification of performance .

Thank you @bsdunlap for this book review from Forbes:
Forbes: Gamification Nation

Thanks to @Shpantzer for these two gems on gamifying security related to yesterday’s post on DARPA’s code review game:

http://www.computerworld.com/s/article/9244630/DARPA_makes_games_of_finding_software_vulnerabilities?taxonomyId=17

http://www.sfgate.com/technology/dotcommentary/article/IPad-game-s-underlying-mission-checking-software-5045964.php

Thanks gentlemen!

Leave a comment .
Tags: bug-hunt, Code review, gamification, SDLC .

Wired contradicts itself on legality of warrantless Mobile geo-location.

Posted on December 10, 2013 by brasscount Posted in geo-loc, Geo-location .

Wired: NSA Wrongly Says Warrantless Mobile-Phone Location Tracking Is Legal

So, the sixth circuit says that a warrant is not needed to get a subscriber’s geo-loc info. The Supreme Court let the ruling stand. Why is the NSA lawyer incorrect?

The fifth circuit says that something less than probable cause is insufficient to compel a phone company to disclose the records. What if you simply request them? No law requires the cell companies to not disclose the information, based upon a reasonable request or subpoena. How was the NSA lawyer wrong?

The third circuit says that a court may choose to require a warrant. (At least they’re not ambiguous about it.)

The fourth circuit is likely to rule in favor of government, as the article mentions the argument that the Stored Communication Act makes it legal.

So if you want to make claims that its illegal for government to acquire geo-location data, first write letters to congress and the Senate requesting that they take up the geo-location privacy act, or one of the myriad other similar bills, and actually pass something. Is it against the Fourth Amendment? I have a sneaking suspicion that the entire SCA is unconstitutional, but I’m no attorney, just someone who wishfully thinks that my “papers” should include those documents that I have entrusted to a 3rd party, like the US Postal Service, Federal Express, Yahoo and Gmail. Also the electronic records that others gather about me. But that is an example of wishful thinking, not the legal opinion of an attorney.

Leave a comment .
Tags: geo-location, geolocation, NSA, privacy, Stored Communications Act, warrantless wiretap .

DARPA has gamified security code reviews

Posted on December 9, 2013 by brasscount Posted in gamification of function .

So, back in September at the (ISC)2 Security congress, I suggested making a game out of bug- hunting. Not suggesting that they stole my idea, but DARPA has launched a game portal that allows players to identify bugs in code. Looks like a good start, very similar to protein folding games, where the puzzle game allows a crowd-sourced approach to solving problems that require human thought.

I genuinely hope this goes well for them, as it will really revolutionize the way we deal with security challenges.

From the article:

Now there’s a new approach. “DARPA’s Crowd Sourced Formal Verification (CSFV) program has developed and launched its Verigames web portal (www.verigames.com) offering free online formal verification games.” (It has to be said that when this reporter visited the Verigames site in order to help the COTS industry, the site was unusable. Whether this is a problem is Verigames’ own code, or simply a self-induced DOS caused by the world’s gamers accessing the site in droves was not clear.)

The source article is here:
DARPA’s Crowdsourced Code Verification by Gamers

Leave a comment .
Tags: Code review, DARPA, gamification, SDLC .

Andrew Federspiel on selling your game, is spot on for gamifying management

Posted on December 6, 2013 by brasscount Posted in gamifying management .

Andrew Federspiel on 10 Tips for Writing Board Game Sell Sheets

In my gamifying security presentation, I suggest using intangible returns, such as experiences that your management can receive by funding your security program, as a means to make security a game for management, such as:

What experience can security provide your executives and your board?

  • Earn the “Briefing at Cheyenne Mountain” Badge
  • Earn the “Secret Clearance” Badge
  • Earn the “Best Security Program in Class” Badge
  • Earn the “Q works for me” Badge
  • Earn the “Not FUD But Science” Badge
  • Earn the “We PROTECT our Customers / Infrastructure / Nation” Badge
  • Andrew makes some really great points on punching up your communications to sell your game. A gamified security program will sell using the same techniques. Andrew’s points are:

    1. Sell Them Sex, Not How to Play
    2. Sell the Idea In 5 Seconds
    3. Make Every Sentence a Selling Point
    4. Get to the Strongest Word As Fast As Possible and Kill Superfluous Words
    5. End Every Sentence with a Strong Word
    6. Make Sentences Shorter the Further You Go
    7. Utilize Perspective and Pronouns the Publisher Can Relate To
    8. Tell a Story (my CIIO is all about this, and I find that this makes ALL the difference)
    9. Devote One Section to Why the Game Will Sell
    10. Arrange Your Information Neatly

    Definitely go take a look at this method, its really well thought out.

    Leave a comment .
    Tags: Andrew Federspiel .

    A security education game from Microsoft

    Posted on December 5, 2013 by brasscount Posted in gamification of awareness / knowledge, gamification of performance, gamification theory .

    So one of our security rockstars was at ISACA a few weeks back and picked up this beautiful little example of a gamified security education product.

    It is a security development life cycle playing card game called “escalation of privilege.” The game allows players to play a threat against a vulnerability type in order to get developers to think through their coding processes. If you, or anyone at Microsoft, know who developed this, I would LOVE to talk with them.

    Genius!

    20131204-220148.jpg

    Leave a comment .
    Tags: Escalation of privileges, microsoft, SDLC .

    Recent Securiplay Posts

    • Bartles vs. Keirsey September 28, 2014
    • Ancient Egyptian D20 September 22, 2014
    • Game software as an exploitation vector August 19, 2014
    • The business of gaming is not the gaming of business July 30, 2014
    • How a gamer is gaming YouTube to become the top channel June 19, 2014

    Twitterisms

    Follow @brasscount Spence Wilcox
    @brasscount

    • Thanks @securitymag for such a nice gesture. I truly appreciate the recognition for the hard work that my teams an… https://t.co/TUtcdnr4fP
      about 4 days ago
      Reply Retweet Favorite
    • @wimremes Sometimes your power works on gas too.
      about 2 weeks ago
      Reply Retweet Favorite
    • @thecaitcode Started Philosophy...
      about 3 weeks ago
      Reply Retweet Favorite
    • @langnergroup It tends to go up. Buy on the “cyber-dip.”
      about 3 months ago
      Reply Retweet Favorite
    • Dive into the tragedy of tyranny in the Americas and you often find, long before the consolidation of power, suppor… https://t.co/7qcbEAQlRX
      about 4 months ago
      Reply Retweet Favorite
    • NEED CPE’s? Hacker Halted is free, and online this year. If you sign up now too, you get an annual subscription t… https://t.co/NlkCGwjCs0
      about 5 months ago
      Reply Retweet Favorite
    • @HackingDave Wait til your beard goes grey and you get hair on your ears... Or so I hear....
      about 6 months ago
      Reply Retweet Favorite
    • I'm starting to write a web-book on cyber strategy development and delivery. Check out https://t.co/ZJwG1vIY06. First post is live!
      about 6 months ago
      Reply Retweet Favorite
    • @varcharr Update your resume.
      about 6 months ago
      Reply Retweet Favorite
    • @infracritical Its influence ops, its vulnerabilities, its threats....
      about 6 months ago
      Reply Retweet Favorite

    Securiplay Archives

    Categories

    • adversarial gamification
    • game theory
    • gamification of awareness / knowledge
    • gamification of function
    • gamification of performance
    • gamification of results
    • gamification theory
    • gamifying management
    • geo-loc
    • Geo-location
    • Live tweet
    • strategy
    • Uncategorized

    Pages

    • Location
    • Contact Us
    • Blog
      • Securiplay.com

    Archives

    • September 2014
    • August 2014
    • July 2014
    • June 2014
    • May 2014
    • April 2014
    • March 2014
    • February 2014
    • January 2014
    • December 2013
    • November 2013
    • October 2013
    • September 2013
    • June 2013

    Categories

    • adversarial gamification (8)
    • game theory (3)
    • gamification of awareness / knowledge (8)
    • gamification of function (7)
    • gamification of performance (12)
    • gamification of results (5)
    • gamification theory (12)
    • gamifying management (3)
    • geo-loc (4)
    • Geo-location (3)
    • Live tweet (1)
    • strategy (4)
    • Uncategorized (14)

    WordPress

    • Log in
    • WordPress

    CyberChimps WordPress Themes

    © Securiplay.com