I am interested in how cyber security works. Got any good reading material on open source security that could be used to prevent botting?
I mean it isn;t going to happen in classic but I am still interested.
https://owasp.org/
1 Like
le reddit spacing
Pretty sure there were like 800 customer facing employees that were laid off after BfA (predictably) flopped
Sounds like you typed that straight from Blizzards response sheet
1 Like
Ad Hominem? I suppose your guild name is everything we need to know about you 
No, that was across the entirety of Activision Blizzard; zero CS employees were laid off at Blizzard. This narrative has been perpetuated across this forum and various subreddits and has been proven false by multiple sources.
I don’t I’m sorry. My knowledge on cyber security is limited to the one course I took in college and since I’m not working in that I haven’t kept up to date on it. I’m sure some google searches on why open source cyber security code is good or why you shouldn’t trust an encryption method that is private would provide you some good results.
This thread actually just reignited my interest in this topic and I’ll probably delve into some of this myself!
Google would always have a million dollar reward to break the sandbox and once someone did they would have them show them how.
If you have some time Wikinomics is a pretty decent read, in general, for why open sourcing problem solving (anecdotally) can be much, much better than taking a handful of experts and siloing them off from the world.
OWASP is probably one of the best starting points for open source security.
Thanks! I’ll take a look. I’m trying to dig back into my brain to remember what I learned and I’m trying to think about how something like this would play into botting (besides the obvious of having more eyes on it to spot the holes and such).
I mean, that’s really the main part of it. And just because it’s obvious doesn’t mean it isn’t incredibly better.
Like, what are the benefits of guns over swords in a war, other than the obvious? (Who cares? The obvious is so much better, and that definitely is a factor - you could even say that it’s obvious which is better).
1 Like
I’ve seen over 20 mages in Stratholme at 6 AM on Heartseeker Alliance. You can also see mages all over the game at various levels and hunters in certain locations. Hell, there’s a human rogue that circles Duskwood botting Grave Moss at all hours of the day. He’s leveled from 33 to 35 and is still guildless. Exact pattern every loop, stealthing in the exact same spots.
Whether Blizzard is “banning thousands per day” globally is irrelevant; they’ve not made any significant strides in Classic or Retail to combat botting.
The entire reason why Blizzard doesn’t make that information public is because if botters knew how they were getting detected, they would find ways around it.
1 Like
Sounds like a reasonable thing to think, however, other than that only feeling intuitive, I don’t think there’s much weight to that as an argument.
Look, beyond the fact that telling bot-makers what they need to avoid so that they don’t get caught so they make better bots is a silly idea, you also have security concerns when you allow people to play with open source code in a live game. Modding is great for single-player games like Skyrim and Fallout 4. It is SIGNIFICANTLY LESS GREAT in a live multiplayer game like Fallout 76. Do you want WoW to be Fallout 76, where people can, literally, steal all your gear, even your equipped gear and stuff in your inventory, with a single mouse click? Because that is the kind of crap that goes on in Fallout 76.
That’s not really what I was saying at all.
Actually, I’m not very familiar with what sorts of bot detection Blizzard uses, but I suppose it would make the most sense that they run server side programs to analyze event data, as client-side, or network bot-detection could have negative effects on performance.
Obviously they wouldn’t make their data publicly accessible, and their bot detection tooling may not be applicable to other data sets, so it just might not make sense to open source it.
Open source means anyone can access it and alter it as they see fit. This is good for many things. The mod community in Skyrim is the best example of it. But open source means anyone can access it, and that means the bad actors, too, as we see in Fallout 76.
Open source is a beautiful thing for single-player games, or other locally hosted and run applications. For an MMO with servers that people connect to from across the world, it is the mother of all security breaches waiting to happen. The fly hacking and botting we see are client-side mods, with open source tools, it is incredibly more likely that you could see people doing stuff SERVER-SIDE.
Part of the reason detecting bots is difficult, unless you’re physically present, watching someone, is because the changes are all client-side. A ‘bot’ going through the same route hour after hour farming gold could actually be a bot, or it could be someone who makes gold farming their real life job, which is a different detection scheme altogether. And before you talk about how anyone doing such mindless drudgery is clearly a bot, I just want to remind you that there are people who work in call centers, saying the same script again and again all day long, six days a week. People will do some severely boring stuff for gold.
Not really. They would have to have access to be able to do anything server-side.
Also, it is worth noting the statement I made: