http://www.wired.com/design/2013/12/with-location-ifttt-links-apps-to-your-real-world-activity/
Pretty cool use of a rules based business logic. See lots of potential for this from a security perspective.
http://www.wired.com/design/2013/12/with-location-ifttt-links-apps-to-your-real-world-activity/
Ctrl-Alt-Hack. Interesting idea. Adam Shostack is involved, and it mentions GURPS and Munchkin.
https://www.novainfosec.com/2012/11/23/black-friday-pick-new-control-alt-hack-card-game/
Interesting idea. Why not use geo-location data patterns to predict that a citizen might commit a crime?
Because its wrong perhaps? While crime analysis does aspire to make statistical predictions about future crime, and while we increasingly eschew any semblance of privacy, geo-location data really should be restricted to access by probable cause and warrant.
Ars Technica: Snowden leak examines gaming as a terrorist propaganda and training tool.
Interesting article, about one of that asshole Snowden’s leaked documents. The idea is that video games can be used to train people. I know, shocking revelation, and all, but still… On buddy of mine pointed out that if you can get people addicted to MMO’s they will probably not have the drive to be suicide bombers. I counter that if you want them to become suicide bombers on our side, you crack their WoW or EVE password, plunder their accounts and sell their gear, then tell them that it was Iran.
In this case, though there is a assessment of video game genres and how useful they would be in training the adversary. As anyone who has played these games know, they are fantastic for thinking strategically about security.
Thank you @bsdunlap for this book review from Forbes:
Forbes: Gamification Nation
Thanks to @Shpantzer for these two gems on gamifying security related to yesterday’s post on DARPA’s code review game:
Thanks gentlemen!
Wired: NSA Wrongly Says Warrantless Mobile-Phone Location Tracking Is Legal
So, the sixth circuit says that a warrant is not needed to get a subscriber’s geo-loc info. The Supreme Court let the ruling stand. Why is the NSA lawyer incorrect?
The fifth circuit says that something less than probable cause is insufficient to compel a phone company to disclose the records. What if you simply request them? No law requires the cell companies to not disclose the information, based upon a reasonable request or subpoena. How was the NSA lawyer wrong?
The third circuit says that a court may choose to require a warrant. (At least they’re not ambiguous about it.)
The fourth circuit is likely to rule in favor of government, as the article mentions the argument that the Stored Communication Act makes it legal.
So if you want to make claims that its illegal for government to acquire geo-location data, first write letters to congress and the Senate requesting that they take up the geo-location privacy act, or one of the myriad other similar bills, and actually pass something. Is it against the Fourth Amendment? I have a sneaking suspicion that the entire SCA is unconstitutional, but I’m no attorney, just someone who wishfully thinks that my “papers” should include those documents that I have entrusted to a 3rd party, like the US Postal Service, Federal Express, Yahoo and Gmail. Also the electronic records that others gather about me. But that is an example of wishful thinking, not the legal opinion of an attorney.
So, back in September at the (ISC)2 Security congress, I suggested making a game out of bug- hunting. Not suggesting that they stole my idea, but DARPA has launched a game portal that allows players to identify bugs in code. Looks like a good start, very similar to protein folding games, where the puzzle game allows a crowd-sourced approach to solving problems that require human thought.
I genuinely hope this goes well for them, as it will really revolutionize the way we deal with security challenges.
From the article:
Now there’s a new approach. “DARPA’s Crowd Sourced Formal Verification (CSFV) program has developed and launched its Verigames web portal (www.verigames.com) offering free online formal verification games.” (It has to be said that when this reporter visited the Verigames site in order to help the COTS industry, the site was unusable. Whether this is a problem is Verigames’ own code, or simply a self-induced DOS caused by the world’s gamers accessing the site in droves was not clear.)
The source article is here:
DARPA’s Crowdsourced Code Verification by Gamers
Andrew Federspiel on 10 Tips for Writing Board Game Sell Sheets
In my gamifying security presentation, I suggest using intangible returns, such as experiences that your management can receive by funding your security program, as a means to make security a game for management, such as:
What experience can security provide your executives and your board?
Andrew makes some really great points on punching up your communications to sell your game. A gamified security program will sell using the same techniques. Andrew’s points are:
1. Sell Them Sex, Not How to Play
2. Sell the Idea In 5 Seconds
3. Make Every Sentence a Selling Point
4. Get to the Strongest Word As Fast As Possible and Kill Superfluous Words
5. End Every Sentence with a Strong Word
6. Make Sentences Shorter the Further You Go
7. Utilize Perspective and Pronouns the Publisher Can Relate To
8. Tell a Story (my CIIO is all about this, and I find that this makes ALL the difference)
9. Devote One Section to Why the Game Will Sell
10. Arrange Your Information Neatly
Definitely go take a look at this method, its really well thought out.
So one of our security rockstars was at ISACA a few weeks back and picked up this beautiful little example of a gamified security education product.
It is a security development life cycle playing card game called “escalation of privilege.” The game allows players to play a threat against a vulnerability type in order to get developers to think through their coding processes. If you, or anyone at Microsoft, know who developed this, I would LOVE to talk with them.
Genius!
