Posts Tagged ‘security’

Making Progess –

Posted by
Monday, August 24th, 2015 4:39 am

c

Making progress

Java Update 21

Posted by (twitter: @smilingrob)
Tuesday, April 23rd, 2013 3:44 pm

You may or may not know, but right now, there is a huge Java exploit going around.  And it’s in Metasploit, which means that you don’t have to be a hard-core hacker to use it.

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

So, being that many LD games are written in Java, you should update Java now, before the compo.  So you can play all the cool games that are going to be made with more peace of mind that you’re not getting hacked.

Just run Windows Update, or “Software Update” on a Mac.  Or whatever your Linux distro’s update is.  Everyone’s got an update out, it’s that big of a deal.

http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html

 

Getting data out of unsigned applets

Posted by (twitter: @secret_tomato)
Saturday, August 27th, 2011 12:38 pm

After finishing my game I noticed that I had plenty of spare hours left so I decided to add a scoreboard. Unfortunately that meant communicating with a web server, which to my knowledge meant I had to sign the thing.

Signing applets involves some console work, but most importantly it involves an annoying popup asking people to let the thing run. In my mind that’s nearly as bad as a installer and I didn’t want anything of the sort, besides I tried that on a previous project (which come to think of it was also a 48 hour game) and that resulted in people not playing it a all.

From some android work I’ve done I remembered I can call links to pages even if the app has no permissions(the browser handles the links), and I wasn’t too surprised when I found out that an unsigned applet can do the same.

Basically what I did was call

link(“http://example.com/scores.php?name=Andrew&score=asdfg”);

(processing function, no Idea if it’s the same in reglar java) where ‘asdfg’ was an encrypted version of the score.  This coupled with making each score unique prevented floods on the scoreboard.

The function spawns a popup window, and I’ve noticed that even if chrome blocks it, it still preloads the score page causing the score to go through. This may or may not be a security issue.

If anyone knows a better, or just different way to have an applet share its internal data I’d love to hear it.

VIEW GAME PAGE

 

[cache: storing page]