TABLE OF CONTENTS Computer security is an important field of study for most day-to-day transactions. It arises when we turn on our cellular phones, check our voice mail and e-mail, use debit or credit cards, order a pay-per view movie, use a transponder through EZ-Pass, sign on to online video games, and even during visits to the doctor. It is also often used to establish virtual private networks (VPNs) and Secure Shell connections (SSH), which allows employees to telecommute and access computers remotely.
The use, and often misuse, of cryptography to solve security problems are driven by one cause: the need for security. Simply needing security does not make it so, a lesson all too often learned after the fact, or more importantly, after the exploits.
URL: http://capnbry.net/daoc/advisory20040323/daoc-advisory2.html
In March 2004, an exploit for the video game Dark Age of Camelot (Mythic Entertainment) made use of the weak server authentication the game used to perform secure billing transactions. It allowed attackers to intercept communication between a real server and client and read all the private billing data.
Even though the developers used a known and tested cryptographic library to provide core algorithms, they had used the algorithms incorrectly. As a result, the attackers did not have to break hard cryptographic algorithms such as RSA or RC4, just the weak construction in which they were used.
The Mythic exploit is a classic example of not knowing how to use tools properly.
