Skip navigation
Help

desktop

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Caleb Barlow

mobilesec380

Mobile phone image copyright Oleksiy Mark

When it comes to mobile computing, many organizations either cringe at the fear of security risks or rejoice in the business potential. On one hand, mobile is revolutionizing business operations — improving operational efficiency, enhancing productivity, empowering employees and delivering an engaging user experience. On the other hand, sensitive data that used to be housed in a controlled environment of a company desktop or even laptop is now sitting in an employee’s back pocket or purse.

In today’s ultra-connected world, it can seem like threats are all around us. High-profile breaches and attacks from hacker groups have organizations of all sizes — from multinational enterprises to mom-and-pop shops — doubling down on security and making sure there aren’t any cracks in their defenses. Mobile security doesn’t have to be the Achilles’ heel that leads to a breach. New, innovative solutions for securing mobile devices at the application level are rapidly hitting the market and the latest IBM X-Force report indicates that by 2014, mobile computing will be more secure than traditional desktops. Phones, tablets and other devices are a staple of the 21st century workplace and in order to fully embrace this technology, businesses must be certain they’re well protected and secure.

Do You Know Where Your Data Is?

Tackling mobile security can seem like a daunting task. The IBM X-Force report also indicates a 19 percent increase in the number of exploits publicly released that can be used to target mobile devices. Making the task more challenging is the fact that — especially in the case of BYOD — the line between professional and personal data is more blurred on mobile platforms than anywhere before. According to Gartner, by 2014, 90 percent of organizations will support corporate applications on personal devices. This means that devices being used to connect with enterprise networks or create sensitive company data are also being used for social networking and to download mobile apps, leaving organizations with the predicament of how to manage, secure and patrol those devices. From the point of view of a hacker, a mobile device becomes an ideal target as it has access to the enterprise data as well as personal data that can be used to mount future attacks against your friends and colleagues.

Mobile apps are a great example of why mobile security tends to raise concerns among security professionals and business leaders. Employees install personal apps onto the same devices they use to access their enterprise data, but are not always careful or discriminating about the security of those apps — whether they are the real version or a manipulated version that will attempt to steal corporate data. According to a recent report by Arxan Technologies, more than 90 percent of the top 100 mobile apps have been hacked in some capacity. Some free mobile apps even demand access to an employee’s contact list in order to function correctly. Just pause and think about that for a second. Would you give your entire contact list to a complete stranger? That’s effectively what you are doing when you install many of these popular applications. If an organization takes a step back and really considers what employees are agreeing to, willingly or not, the results can be troublesome. So the challenge remains — how to get employees to recognize and understand just how vulnerable their mobile device can be to an enterprise.

Mitigating Mobile Risks: Why it’s easier than you think

Mobile app security and device management do not have to be a company’s security downfall. By employing intelligent security solutions that adapt to the requirements of a specific context, businesses can mitigate operational risk and unleash the full potential of mobility.

The key to mitigating security risks when it comes to mobile devices accessing enterprise data is access control. This may include passcode locks, data protection and malware and virus prevention. With that said, IT security priorities should focus on practices, policies and procedures, such as:

  • Risk analysis: Organizations must understand what enterprise data is on employee devices, how it could be compromised and the potential impact of the comprise (i.e. What does it cost? What happens if the device is lost? Is the data incidental or crucial to business?).
  • Securing the application: In the pre-mobile, personal computer era, simply securing the device and the user were sufficient. When it comes to mobile devices, we also need to think about securing the application itself. As a typical application is downloaded from a store, the end user really has no idea who built the application, what it actually does with your data or how secure it is. Corporate applications with sensitive data need to be secure in their own right.
  • Secure mobile access — authentication: Since mobile devices are shared, it’s important to authenticate both the user and the device before granting access and to look at the context of the user requesting access based on factors like time, network, location, device characteristics, role, etc. If the context appears to be out of line with normal behavior, appropriate counter measures can be taken.
  • Encryption: Simply put, if the data is sensitive it needs to be encrypted both while at rest as well as while in motion on the network.

Once an enterprise has defined its security policy — establishing set policies/procedures regarding content that is allowed to be accessed on devices, how it’s accessed and how the organization will handle lost/stolen devices that may contain business data — mobile technology solutions can help ensure that no opening is left unguarded.

So if security concerns are holding you back from “going mobile,” rest assured — there are many companies that have embraced trends like “Bring Your Own Device” without sending their Chief Security Officers into a panic. As long as organizations take the right steps and continually revisit their security posture to ensure that every endpoint is secured and that the proper technology is in place, it really is possible to be confident about your mobile security strategy.

Caleb Barlow is part of the executive team in IBM’s Security division. He manages three portfolios — Application Security, Data Security and Mobile Security. In addition to his day job, Caleb also hosts a popular Internet Radio show focused on IT Security with an audience averaging over 20k listeners per show.

0
Your rating: None
Original author: 
Staff

ftl-small.jpgDevelopers who set out to create a game without a design document or template still must have a clear focus to test their ideas against. This was the advice of Matthew Davis and Justin Ma, co-founders of Subset Games and creators of FTL: Faster Than Light, the Kickstarter-funded space strategy game released to widespread critical and commercial success in 2012.

The pair began work on the game with only a target atmosphere - no genre, pacing or scope planned, thinking the development would be a three-month side-project for them.

"We started with a very vague idea for a concept and used that as a guiding light for the entire project," said Davis. "By having one singular focus we were able to abandon everything else that didn't fit in line with that vision."

The pair admitted that many features were dropped from the game that they had initially hoped to include. "We wanted multiplayer features that didn't fit the template," said Ma. "We kept ditching things to keep moving towards the goal."

Davis said that this focus can be various things to various different developers. "Technically that focus can be anything: a certain type of visual aesthetic a piece of audio; a story," he said. "By having one focus and letting that direct your entire experience you can approach your builds from a distance and find out what to keep in order to make that game into the experience you want it to be."

"Very often you get bogged down in a certain system and it just doesn't work out," said Ma. "We just had this one idea and it steered out path, allowing us to follow the fun and find what was interesting."

Finding this focus was especially useful for the team when their Kickstarter exceeded its goal twenty times over, generating $200,000 instead of the requested $10,000 from 10,000 backers. "You can't just throw money at a game and it gets better," said Davis. "It's a difficult balancing act - how to take advantage of clump of new resources, but also stick to release date and keep everyone happy. The focus helped us know where to expend energy and expand the game."

[Simon Parkin wrote this article originally for sister site Gamasutra]

0
Your rating: None

tommy refenes sm.jpgBy Tommy Refenes

I think I can safely say that Super Meat Boy has been pirated at least 200,000 times. We are closing in on 2 million sales and assuming a 10% piracy to sales ratio does not seem unreasonable. As a forward thinking developer who exists in the present, I realize and accept that a pirated copy of a digital game does not equate to money being taken out of my pocket. Team Meat shows no loss in our year end totals due to piracy and neither should any other developer.

For the sake of argument, some of those people that did pirate Super Meat Boy could have bought the game if piracy didn't exist but there is no actual way to calculate that lost revenue. It is impossible to know with certainty the intentions of people. With the SimCity fiasco and several companies trying to find new ways to combat piracy and stating piracy has negatively affected their bottom line I wonder if they've taken the time to accurately try to determine what their losses are due to piracy.

My first job outside my parents cabinet shop was at KMart. KMart, like countless other retailers, calculates loss by counting purchased inventory and matching it to sales. Loss is always built into the budget because it is inevitable. Loss could come from items breaking, being stolen, or being defective. If someone broke a light bulb, that was a calculable loss. If someone returned a blender for being defective, it wasn't a loss to KMart, but a calculable loss to the manufacturer. If someone steals a copy of BattleToads, it's a loss to KMart.

All loss in a retail setting is calculable because items to be sold are physical objects that come from manufacturers that have to be placed on shelves by employees. You have a chain of inventory numbers, money spent and labor spent that goes from the consumer all the way to the manufacturer. A stolen, broken, or lost item is an item that you cannot sell. In the retail world your stock is worth money.

In the digital world, you don't have a set inventory. Your game is infinitely replicable at a negligible or zero cost (the cost bandwidth off your own site or nothing if you're on a portal like Steam, eShop, etc). Digital inventory has no value. Your company isn't worth an infinite amount because you have infinite copies of your game. As such, calculating worth and loss based on infinite inventory is impossible. If you have infinite stock, and someone steals one unit from that stock, you still have infinite stock. If you have infinite stock and someone steals 1 trillion units from that stock , you still have infinite stock. There is no loss of stock when you have an infinite amount.

Because of this, in the digital world, there is no loss when someone steals a game because it isn't one less copy you can sell, it is potentially one less sale but that is irrelevant. Everyone in the world with an internet connection and a form of online payment is a potential buyer for your game but that doesn't mean everyone in the world will buy your game.

Loss due to piracy is an implied loss because it is not a calculable loss. You cannot, with any accuracy, state that because your game was pirated 300 times you lost 300 sales. You cannot prove even one lost sale because there is no evidence to state that any one person who pirated your game would have bought your game if piracy did not exist. From an accounting perspective it's speculative and a company cannot accurately determine loss or gain based on speculative accounting. You can't rely on revenue due to speculation, you can't build a company off of what will "probably" happen. Watch "The Smartest Guys in the Room" and see how that worked out for Enron.

Companies try to combat piracy of their software with DRM but if loss due to pirated software is not calculable to an accurate amount does the implementation of DRM provide a return on investment? It is impossible to say yes to this statement. Look at it as numbers spent in a set budget. You spend $X on research for your new DRM method that will prevent people from stealing your game. That $X is a line item in accounting that can be quantified. Can you then say "This $X we put into research for our DRM gained us back $Y in sales"? There is no way to calculate this because it is not possible to quantify the intentions of a person. Also, there's no way of accurately determining which customers would have stolen the game had there not been DRM.

To add to that, the reality of our current software age is the internet is more efficient at breaking things than companies are at creating them. A company will spend massive amounts of money on DRM and the internet will break it in a matter of days in most cases. When the DRM is broken is it worth the money spent to implement it? Did the week of unbroken DRM for your game gain you any sales from potential pirates due to the inability to pirate at launch? Again, there is no way of telling and as such cannot be used as an accurate justification for spending money.

So what should developers do to make sure people don't steal games? Unfortunately there is nothing anyone can do to actively stop their game from being pirated. I do believe people are less likely to pirate your software if the software is easy to buy, easy to run, and does what is advertised. You can't force a person to buy your software no more than you can prevent a person from stealing it. People have to WANT to buy your software, people have to WANT to support you. People need to care about your employees and your company's well being. There is no better way to achieve that than making sure what you put out there is the best you can do and you treat your customers with respect.

Lets loop back to what's going on with SimCity. I bought SimCity day one, I played it and experienced the same frustrations that countless others are experiencing. For total fairness, I know the always on DRM isn't the main issue, but I can't help but think that the server side calculations are a "wolf in sheep's clothing" version of DRM. I won't claim to know the inner workings of SimCity and this isn't a Captain Hindsight article because that is irrelevant. EA and Maxis are currently facing a bigger problem than piracy: A growing number of their customers no longer trust them and this has and will cost them money.

After the frustrations with SimCity I asked Origin for a refund and received one. This was money they had and then lost a few days later. Applying our earlier conversation about calculable loss, there is a loss that is quantifiable, that will show up in accounting spreadsheets and does take away from profit. That loss is the return, and it is much more dangerous than someone stealing your game.

In the retail world, you could potentially put a return back on the shelf, you could find another customer that wants it, sell it to them and there would be virtually no loss. In the digital world, because there is no set amount of goods, you gain nothing back (one plus infinity is still infinity). It's only a negative experience. A negative frustrating experience for a customer should be considered more damaging than a torrent of your game.

Speaking from my experience with SMB, I know for a fact we have lost a lot of trust from Mac users due to the Mac port of SMB being poor quality. I could go into the circumstances of why it is the way it is but that is irrelevant...it's a broken product that is out in the public. We disappointed a good portion of our Mac customers with SMB and as a result several former customers have requested and received refunds. I'd take any amount of pirates over one return due to disappointment any day.

Disappointment leads to apathy which is the swan song for any developer. If people don't care about your game, why would people ever buy it? When MewGenics comes out, I doubt many Mac users are going to be excited about our launch. When EA/Maxis create their next new game how many people are going to be excited about it and talking positively about it? I imagine that the poison of their current SimCity launch is going to seep into potential customers thoughts and be a point of speculation as to "Is it going to be another SimCity launch?".

This is not a quantifiable loss of course, but people are more likely to buy from distributors they trust rather than ones they've felt slighted by before. Consumer confidence plays a very important role in how customers spend money. I think its safe to say that EA and Maxis do not have a lot of consumer confidence at this point. I think its also safe to say that the next EA/Maxis game is going to be a tough sell to people who experienced or were turned away by talk of frustration regarding SimCity.

As a result of piracy developers feel their hand is forced to implement measures to stop piracy. Often, these efforts to combat piracy only result in frustration for paying customers. I challenge a developer to show evidence that accurately shows implementation of DRM is a return on investment and that losses due to piracy can be calculated. I do not believe this is possible.

The reality is the fight against piracy equates to spending time and money combating a loss that cannot be quantified. Everyone needs to accept that piracy cannot be stopped and loss prevention is not a concept that can be applied to the digital world. Developers should focus on their paying customers and stop wasting time and money on non-paying customers. Respect your customers and they may in turn respect your efforts enough to purchase your game instead of pirating it.

[Tommy Refenes wrote this on sister site Gamasutra's free community blogs.]

0
Your rating: None

triad.pngSleepovers are really just elaborate, animated Tetris puzzles, suggests Anna Anthropy's and Leon Arnott's free game TRIAD for Windows and Mac. Players must learn the sleeping habits of three humans and one cat to make sure they all fit comfortably on the bed without bumping into each other. Once the terti-humans are in place, players can click off the lamp and watch how they toss and turn. I found that when I took too long to make some moves, I wore out Liz Ryerson's music that otherwise fit the late-night mood.

Here's to hoping TRIAD becomes a live-action, physical game in future indie events, maybe with more tertri-humans. Each player also must communicate and then role-play their sleeping habits until they arrive at a solution. Or something.

0
Your rating: None

24 Caret Games' reverse rhythm-shooter Retro/Grade is coming to Steam on March 20th, offering up exclusive support for PlayStation 3, Xbox 360, and Wii guitar controllers.

The port otherwise boasts all of the features that made the original PS3 release such a standout, including a broad selection of challenge levels and difficulty settings that range from "doable" to "ridiculously challenging." Seriously, don't underestimate the hardest difficulty setting. It will humble you.

It's worth noting that the PS3 version of Retro/Grade is currently on sale for $3.49, or $2.44 if you're a PlayStation Plus member. It's definitely worth the cash -- I really enjoyed the time I spent with the game, and it easily ranked among my favorite PlayStation Network releases of last year.

[via Joystiq]

0
Your rating: None

There have been numerous commercial attempts at "games" that are controlled with biometrics, particularly brain waves. There's Mattel's Mindflex, for example, as well as the Star Wars Force Trainer. They're almost purely novelty items, and don't particularly work that well.

Crooked Tree Studios founder Lat Ware (who's programmed games at studios including Realtime Worlds and Crytpic) wants to add some real competitive gameplay to the novelty of brainwave-controlled applications. He's using Kickstarter to try to fund Throw Trucks with Your Mind, a competitive multiplayer game in which players put on a commercially-available brainwave sensor and essentially focus their thoughts to toss vehicles and pieces of the environment at other players to win. Movement is done via mouse and keyboard but attacks are pure thought.

We caught up with Ware to talk about Throw Trucks and pick his brain about the future of biometrics-controlled games.

How does it work?

The headset is an EEG, which is basically a really sensitive volt-meter. It looks at surface voltages in the brain, which decades of research have mapped to specific thought patterns. NeuroSky's MindWave is processing the data for me to extract how calm and focused you are. I do not know the details of the algorithm that they're using, but it does work.

You don't have to think a specific thought to raise your focus, though it is different for different people. In my case, I stare at the dot in the center of the screen and tune out everything else. Some people focus on a specific word on the screen. Some people listen to a specific sound, like the laptop fan. I have one friend who computes prime numbers in his head. The headset doesn't care what you focus on, only that you are focused. Calm is more subject and interesting.

In my case, I have to believe in myself and if I doubt myself, I can't do it. I have one friend that imagines the effect that he wants and trusts that it will happen, and that raises his calm. Focusing on your breathing helps. Thinking about something that makes you happy helps. People in happy, committed relationships often have their calm jump by 30 percent when they think about their significant other. It's fundamentally about mental relaxation, but what makes you relaxed is a complex beast.

What's the difference between this and other biometrics-controlled games? Why is it more responsive?

The biggest difference between this and other biometric games is that this is a fully fleshed out game. Levitating a ball with your focus is not a game. Unlocking doors with your calm is not a game. Filling up a meter is not a game. Those are elaborate meters. Throw Trucks With Your Mind is an actual game, as competitive as the Modern Warfare games, but with a completely new style of play that uses the features of the headset. I have a general rule about games: If you can't win and you can't lose, it's not a game. There are a couple exceptions, but it has served me well.

Where do you see biometrics-controlled games going in the future?

Well, in the next 15 years, a game like Throw Trucks With Your Mind will come out. If my Kickstarter succeeds, it will happen right now. If that is a success, then we can expect a wave of EEG-based games about 10 years afterwards. That would drive not so much innovation, but a reduction in price. Right now, purely brain-controlled interfaces just aren't there yet. We're getting better, and I feel like we might have a good, affordable brain-controlled interface in 15 years, depending on how much is invested in this technology. That said, I don't see the controller going away from mainstream gaming.

Why Kickstarter? Are venture capitalists unconvinced?

I actually spoke to eight venture capitalists and a number of investors about the game and the feedback I kept getting was to prove user traction, then come back. So, I had a conundrum because I needed user traction to get funding, I needed a product to get user traction, and I need funding to get a product. The minimum viable product doesn't work so well when it requires an $80 piece of hardware. Kickstarter broke me out of that loop.

What happens to the game if the Kickstarter fails?

If Kickstarter fails, I don't know. Maybe the project will be salvageable as I will have shown that I was able to raise $27,000 (at the time of this writing), even though I didn't get it because of Kickstarter's rules. Maybe that would still show solid demand for the product, since it was raised entirely from customers. Maybe that would be enough to convince an incubator or investor to pick me up. I am unsure. I haven't given it any thought, because all of my energy and time has gone to campaigning for the Kickstarter as hard as I possibly can. I haven't given myself any time off.

[Kris Graft wrote this article originally on sister site Gamasutra.]

0
Your rating: None

Described as a 'single player, three-act sequence in a poetic game environment', Leaving is apparently intended to explore the concept of 'digital theatre' and will have you play as Willem, a young man who has to say good-bye to his loved ones at the airport. Heavily inspired by the works of Antonio Machada, Leaving is scheduled for eventual arrival on the iPad.

Official website here.

0
Your rating: None

Rainbow Nightmare: Libra will be a retro RPG mashup with traditional overhead RPG exploring, side scrolling platforming, and card collecting. Featuring cat girls, robots, zombies, and sometimes a combination of these three, AudioMew seems to be hitting several of the popular gaming tropes.

I reached out to developer Karl Crawford about the battle system, since it wasn't too apparent in the video. "The battle system is standard turn based, much like Final Fantasy 6 with class switching, except during battle you're allowed to switch between 3 different classes." In an update, Crawford describes "class dancing," which allows you to "switch between these 3 classes to maximize healing, damage, or defense. This allows you to set up your own strategies and pacing."

These hyper chiptunes jolted me out of my otherwise mellow weekend, and I figured they'd do the same for you. It might be just me, but the character closeup art doesn't mesh as well as it could with the otherwise charming pixel graphics. If you want to help out Rainbow Nightmare: Libra, visit its Kickstarter page or spread the word. The Windows-bound game is almost at 15% of its $9,000 goal, and if it reaches $20,000, the developer will support Mac and Linux.

[Thanks, readers Kimberly W. and Molly]

0
Your rating: None

Remember MaK? The developers called it a 'physics sandbox with tethers, rockets, engines, balloons, explosives, teleportation, relative gravity and potentially unlimited room for creativity.' There's more than a whiff of Super Mario space Galaxy wrapped in up in it as well. If you've ever wanted a whimsical Minecraft set in space, this may be it.

As you might have guessed from the title, they're also in need of some financial help. MaK currently has a Kickstarter project up that is looking to achieve $230, 000 in funding. If you feel like contributing, here's the appropriate link.

0
Your rating: None

[Guest reviewer Colin Brown profiles each game in the Fall Bundle, available at the IndieGames co-created site Indie Royale.]

There's a rather high number of what I like to call casual real time strategy games hanging around these days. For clarity, a casual RTS is defined as a title where you forgo direct control over your units in exchange for simple, general commands, and unit production is either vastly simplified or taken out of the player's hands entirely. For people who don't have the head or muscle memory for the full blown RTS experience, a casual RTS can be a terrific, simplified and addictive burst of strategy gaming. Swords and Soldiers and Auralux are two great examples, and there are plenty more. But it's hard to name a casual RTS that aims for both high end visual production values and deeper strategy, and that's where Unigine's Oil Rush comes in.

Nuclear war has melted those pesky ice caps, and now the entire Earth is flooded. However, some things always stay the same as the new status quo of the world retained its reliance on oil. Indeed, oil is now the most important resource on Earth, and the oceans are in a constant state of warfare over this precious black gold. As an up and coming commander of the Sharks, a military force in the flooded world, your goal is to travel from mission to mission and conquer each oil rig, airfield and mechanical harbour using a varied army of vehicles and a handful of special abilities. The campaign mostly functions as an extended tutorial, however there's often unique goals or mission elements thanks to some well used heavy scripting. Of course, if that gets old you can try a skirmish or go online and take the resource war to your friends.

But how exactly does the game work? Each battle begins with a handful of units and a selection of bases under your flag. Bases generate units automatically, so your main role is to send these units to neutral and enemy bases to gain new footholds and additional resources. Like the aforementioned Auralux, units are managed not through direct commands but from directing one base to send a certain percentage of its units to another. That's not all though, as you also need to keep an eye on your own turf to avoid losing a crucial rig. Most of your bases can have up to five towers built on their perimeter, so careful maintenance of these towers and management of resources is just as important as a good offence. You'll also be working your way up the tech tree, upgrading towers and deploying special abilities, not unlike a tower defence. And if you have a breather in there, pressing the F key zooms to the most interesting and cinematic angles to enjoy the fights.

It all comes together in a surprisingly compelling package. Some of the tutorial bits are a little heavy handed, and the voice acting is less than terrific, but the basic casual RTS gameplay combined with the focus on a high powered engine makes Oil Rush a seriously compelling strategy title. The available commands are easy to grasp, but the strategic side of the game offers up a deep experience without the need for twitchy reflexes or hours of practice. Indeed, it's simple enough for anyone uncomfortable with the genre, but there's a certain degree of command precision and counter based gameplay that would make mastering the game fun for anyone.

[To The Moon, Oil Rush, Blackwell Deception, AVSEQ, and Reprisal are now available in the Fall Bundle at Indie Royale.]

0
Your rating: None