Dominion Strategy Forum

Please login or register.

Login with username, password and session length
Pages: 1 2 [3] 4 5  All

Author Topic: Convince me that Goko is a good site, security-wise  (Read 27030 times)

0 Members and 1 Guest are viewing this topic.

DStu

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2627
  • Respect: +1490
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #50 on: March 14, 2013, 08:23:59 am »
+3

I don't want to get into hate-goko-mode again, but what they delivered on launch day was not some bugs, that was some demonstration of complete unawerness on any security concern, and was reason enough to shatter any believe in a safe product from their side.
Of course you can say they fixed it so it's probably fine, and nobody has proven the opposite, and of course it's impossible to prove that there are no bugs anymore, so it's unreasonable to expect such a proof.  It's even unreasonable to expect there are no bugs anymore.
But, given the history, I think that it is reasonable to just not trust in the security and demand some strong evidence on the contrary to gain trust again, no matter how unlikely the existence of such an evidence is.

And this is how I understand WW's request here, and that's also more or less my stance on this topic.

The best I have heard on this topic is something like 'we have someone to review our code and a paying more attention while developing', which is not even 'we have hired $CompanyA to review our code and implemented policies $X,$Y and $Z' which would be a lot more concrete.  Of course one could say usually companies don't publish these kind of things, but there again, companies usually also don't knowingly release a product with JS-injection in the chat.
Logged

werothegreat

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 8172
  • Shuffle iT Username: werothegreat
  • Let me tell you a secret...
  • Respect: +9625
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #51 on: March 14, 2013, 08:43:08 am »
0

Well, you *can* buy a Platinum turn 1 in the Adventures if you use enough zaps.
Logged
Contrary to popular belief, I do not run the wiki all on my own.  There are plenty of other people who are actively editing.  Go bother them!

Check out this fantasy epic adventure novel I wrote, the Broken Globe!  http://www.amazon.com/Broken-Globe-Tyr-Chronicles-Book-ebook/dp/B00LR1SZAS/

Polk5440

  • Torturer
  • *****
  • Offline Offline
  • Posts: 1708
  • Respect: +1788
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #52 on: March 14, 2013, 09:06:19 am »
+1

4. My sense is that this isn't really about specific security questions, but rather a much more esoteric issue... Reputation. For you, goko's reputation took a hit last summer. They've made a lot of fixes to their system, but you are unwilling to forgive them or even give them a fresh look as if you first heard about them today. I'm not saying you don't have your reasons or aren't justified, I just think you should at least recognize this thread for what it really is... "I'm WW, I don't trust goko (and you can't make me)"

No, we can't. All I can request is that you be fair. Last July 4, the company responsible for the San Diego firework show had a bug that simultaneously shot off all their $500,000 worth of fireworks in 20 seconds. You can YouTube the event. They investigated the cause and gave a detailed report about the problem. Now this year cities have two choices: they can use this company and assume that they worked the glitch out and their show is more robust for it... Or they can hire another company, because, you know, company b has never had a glitch, and company a had a big one.

My question is: Is it fair to boycott company a after they acknowledged and fixed their glitch?

I am so glad you mentioned reputation. It's such a big deal and I think you are right that there might be more of a reputation problem than a security problem. Customer perception matters. Because of it, companies who have built good reputations can weather a few storms (Google Buzz, anyone?) while new companies with no reputation can't, as easily.
Logged

gryph202

  • Baron
  • ****
  • Offline Offline
  • Posts: 54
  • Respect: +8
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #53 on: March 14, 2013, 10:58:06 am »
0

4. My sense is that this isn't really about specific security questions, but rather a much more esoteric issue... Reputation. For you, goko's reputation took a hit last summer. They've made a lot of fixes to their system, but you are unwilling to forgive them or even give them a fresh look as if you first heard about them today. I'm not saying you don't have your reasons or aren't justified, I just think you should at least recognize this thread for what it really is... "I'm WW, I don't trust goko (and you can't make me)"

No, we can't. All I can request is that you be fair. Last July 4, the company responsible for the San Diego firework show had a bug that simultaneously shot off all their $500,000 worth of fireworks in 20 seconds. You can YouTube the event. They investigated the cause and gave a detailed report about the problem. Now this year cities have two choices: they can use this company and assume that they worked the glitch out and their show is more robust for it... Or they can hire another company, because, you know, company b has never had a glitch, and company a had a big one.

My question is: Is it fair to boycott company a after they acknowledged and fixed their glitch?

I am so glad you mentioned reputation. It's such a big deal and I think you are right that there might be more of a reputation problem than a security problem. Customer perception matters. Because of it, companies who have built good reputations can weather a few storms (Google Buzz, anyone?) while new companies with no reputation can't, as easily.

I guess that's what it boils down to for me.  No matter how well Goko manages to get their act together, I will always have that memory of the grade-A disastrous initial roll out.  I love playing Dominion, but not enough to spend money on a product that was  ever botched that badly.
Logged

rrenaud

  • Administrator
  • *****
  • Offline Offline
  • Posts: 991
  • Uncivilized Barbarian of Statistics
  • Respect: +1197
    • View Profile
    • CouncilRoom
Re: Convince me that Goko is a good site, security-wise
« Reply #54 on: March 14, 2013, 11:11:30 am »
+7

How about this.  Assume goko will get hacked.  You want to play dominion on it anyway.  What do you do?  Use a linux live CD.  If you are super paranoid, disconnect your hard drive (either physically, or via BIOS), and then boot into linux from the CD.  Use goko, get hacked.  All fine and good.  There is no way to persist any information on your machine.  Turn off your machine, reconnect the disk, reboot on your machine, and then laugh at all the poor infected suckers who didn't have your enlightened level of paranoia.
Logged

Kirian

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7096
  • Shuffle iT Username: Kirian
  • An Unbalanced Equation
  • Respect: +9411
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #55 on: March 14, 2013, 11:16:14 am »
+7

How about this.  Assume goko will get hacked.  You want to play dominion on it anyway.  What do you do?  Use a linux live CD.  If you are super paranoid, disconnect your hard drive (either physically, or via BIOS), and then boot into linux from the CD.  Use goko, get hacked.  All fine and good.  There is no way to persist any information on your machine.  Turn off your machine, reconnect the disk, reboot on your machine, and then laugh at all the poor infected suckers who didn't have your enlightened level of paranoia.

I play Goko on a hand-written browser using a Difference Engine.  No way for that to get a virus.

You may experience some lag while playing me.
Logged
Kirian's Law of f.DS jokes:  Any sufficiently unexplained joke is indistinguishable from serious conversation.

Hertz_Doughnut

  • Baron
  • ****
  • Offline Offline
  • Posts: 52
  • Respect: +227
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #56 on: March 14, 2013, 12:20:32 pm »
+4

I don't want to get into hate-goko-mode again, but what they delivered on launch day was not some bugs, that was some demonstration of complete unawerness on any security concern, and was reason enough to shatter any believe in a safe product from their side.
Of course you can say they fixed it so it's probably fine, and nobody has proven the opposite, and of course it's impossible to prove that there are no bugs anymore, so it's unreasonable to expect such a proof.  It's even unreasonable to expect there are no bugs anymore.
But, given the history, I think that it is reasonable to just not trust in the security and demand some strong evidence on the contrary to gain trust again, no matter how unlikely the existence of such an evidence is.

And this is how I understand WW's request here, and that's also more or less my stance on this topic.

The best I have heard on this topic is something like 'we have someone to review our code and a paying more attention while developing', which is not even 'we have hired $CompanyA to review our code and implemented policies $X,$Y and $Z' which would be a lot more concrete.  Of course one could say usually companies don't publish these kind of things, but there again, companies usually also don't knowingly release a product with JS-injection in the chat.

Very fair points.  Question 1 is, of course, have they fixed the JS-injection issue?  (Or are they working on it?)  I honestly don't know... I'm not following the nuances of goko-development that closely.  My goko issue is that on my 10" tablet, their site is (at most) 2.5".  It is literally unplayable, as my finger cannot select the right card... and there's no option to zoom in or go full-screen.  [And yes, it is strange to me that goko won the rights to make computer-Dominion because they promoted themselves as having the solution for tablets, phones, and all devices... and yet, as of today, it is much easier to play on iso with my tablet than goko... even though it's a pain to play on iso... so lately I've been just playing Androminion against the AI, which is 0/10 against me. :) ]

Maybe because I'm a video-game hobbyist, I looked at the launch differently.  When I first joined the goko beta, I was impressed with how much it could do.  It's important to keep that in mind, because Dominion is a very complex game.  200+ unique cards... blue-dog scenarios... as a programmer, that would not be a fun assignment.  Making online Monopoly, for example, would be about 1000 times easier.  Sitting here at my computer I can wrap my mind around Monopoly... what the basic classes would look like, the database of properties, etc.  But when I think about Dominion, my brain quickly throws an out-of-RAM exception message.  I mean, even Bridge and Highway... which have basically the same effect, have to be programmed independently, because, you know, you can't King's Court the highway for -3.  And King's Court doesn't play like Throne Room (because King's Court may be used, and Throne Room must.  And then we have Possession... and KC'ed Possession...  Monopoly doesn't have anything like that, because the cards barely interact with one another.  Monopoly sounds like a high school Intro to Computers assignment compared to Dominion.

So yes, I was impressed that goko wrote all that crazy code and the game basically worked in beta.  (Also impressed with DougZ and the Androminion team. Kudos to all...)

I presume that the managers at goko were also similarly impressed that their coders tackled all this complexity, and in their giddyness, they wanted to show the world... "Look!  We've got something!"  Also bear in mind the public relations pressures they must have felt prior to beta... namely that our community knew that Rio Grande had made a deal with someone to make an official computer version, and yet we knew next-to-nothing about that company or that version.  Thus to "prove" to us that they didn't screw up Dominion for its fans, they invited us into the beta to show us that the game basically worked.  And then there was the PR pressure to release with Dark Ages (by far the most complex set to date) at the same time as print Dark Ages... and at the gaming convention.  And come on... we were all dying to see Dark Ages... and play it against the world's top players (the iso community).

Yes, they rushed it.  By rushing it, they didn't do due diligence on their server load capabilities or their JS-injection vulnerabilities.  But I think it is understandable why they did so.  There were lots of real-world pressures to show the community something cool... there was lots of crazy code to write for Dark Ages cards (which already had their programmers working double-shifts)... and they didn't have the resources to test every possible security angle (which even a major company like Heartland Payment Systems failed to do in 2009).  They figured that they could iron out the bugs down the road... that users would understand.  I mean Starcraft 2 players understand that Blizzard is going to patch their game about once a month... and this is for their own good.

[Side-note... maybe the patching process is hurting goko's reputation?  I mean... when you update a stand-alone game like Starcraft, you get a log of the patch's fixes so you would see something like "JS-injections via chat fixed in version 1.2.1".  Maybe that's the kind of concrete "implemented policies $X,$Y and $Z" that you're looking for?  Websites don't (usually) have version logs, so you can't easily see if goko fixed something like that.  When their PR guy comes on our forum and says "yeah we fixed that" maybe it doesn't seem as official as a patch log?]

It is unfortunate that so many companies are moving toward a release-early patch-in-production mentality (Skyrim on the PS3 anyone?).  And a company's reputation is impacted by that.  Personally, I prefer to be a mid-to-late adopter, because I deal with computer bugs all day at work and when I'm at home I prefer not to QA someone else's product.  So I didn't get Skyrim until a year after it was released, for half the price, loved the game immensely, and had none of the frustration over my PS3 crashing.  I completely respect you or WW waiting to be a late-adopter.... especially if you're still having fun at iso.  Let other people jump in and deal with the bugs and frustration first, I get that.

What I don't get is boycotting goko forever and ever... and refusing to give them a second chance after they've fixed the specific issues.  If I had done that with Skyrim, I would have missed out on one of my all-time favorite games.


From one goko-hesitant to another...
David
Logged

Watno

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2745
  • Shuffle iT Username: Watno
  • Respect: +2982
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #57 on: March 14, 2013, 12:27:25 pm »
0

I agree with the above.
Goko failed the initial relase, no doubt about that. You can go and punish them for that by not playing there now. But then you're also punishing yourself. Is that worth it? I don't think so.
Logged

DStu

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2627
  • Respect: +1490
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #58 on: March 14, 2013, 12:35:13 pm »
0

Very fair points.  Question 1 is, of course, have they fixed the JS-injection issue?
I'm quite sure they have done it already in August, that was a very severe bug where you could basically do everything JS can to everyone connected to the game, the game wouldn't be playable for one second now if they hadn't.

Quote
and they didn't have the resources to test every possible security angle
The problem was that it wasn't some obscure attack vector, it was writing '<script>document.write("")</script>' in the chat.

Quote
But then you're also punishing yourself. Is that worth it? I don't think so.
I usually feel quite happy punishing companies for behaviour I don't want to support...
Logged

Watno

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2745
  • Shuffle iT Username: Watno
  • Respect: +2982
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #59 on: March 14, 2013, 12:45:54 pm »
0

I usually feel more happy playing Dominion, not saying this is through for everyone though. I just wanted to point out what the alternatives are.
Logged

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #60 on: March 14, 2013, 02:20:06 pm »
0

WW... I'm not on goko and not prejudiced in their favor, but I maintain an insurance company's website for a living.  Couple observations...
First of all, thanks for the thoughtful post.

Quote
1. It's not a fair question to ask if everything is "good security-wise". That's like asking your doctor if you're 100% healthy. What doctor can test you for every single possible disease and abnormality? What doctor is a specialist on every organ of the body? Especially if you don't have symptoms.

You can ask a doctor if this skin spot is cancer, or what it means to have a fever and chills... I.e. specific questions. And so too with goko... you can ask if credit card info is saved on their site, if it's encrypted, if players can hack to see their opponents' hands, if you can trick the game into buying platinums on turn 1, etc. Those are questions that can be answered. So I would encourage you to write out every specific thing you can think of that you are concerned about, so we/goko can go through them 1 by 1.
First, I maintain that it is fair; the big thing here is that I'm not asking them to be *perfect*, just reasonably good. I obviously don't expect perfection, which itself would also be "fair" to ask, though unfair to expect, as it isn't isn't going to happen.

If you want to continue with the doctor analogy, I am not looking for the doctor to be able to stop me from ever getting sick at all. But I would like physicals - which I don't get the impression are happening here.

Quote
2. It sounded like you were concerned that somehow a hacker was going to punch through goko and take over your computer. This, frankly, is totally unrealistic in today's internet. You are vastly undermining the armies of security professionals who work for (a) internet servers (b) web browsers and (c) operating systems. (Not to mention firewalls and anti-virus companies.) All 3 are continually being patched/updated to deal threats that came out last week.

I'm not saying it's impossible to have your computer taken over... That is possible if you go to a site that is intentionally trying to do that... What I am saying is that there are multiple layers of security built in to the way the internet works in 2013. There are at least 3 levels of checks that stop websites from running code directly on your computer... And these checks are maintained by non-goko companies. In other words, even if goko was no more secure than a cardboard box, my browser, google chrome, itself prevents all websites from accessing any data or running code outside of the tab the site is in without my permission. They can't even access info from other tabs in chrome, let alone delete files off my hard drive or install a program.
I am not sure exactly what you mean by 'take over'. On the other hand, stuff is able to go on, surely, with all the stories that are out there, even which we've been hearing about this very week. But the bigger point is that people were successfully able to run code on other people's machines off of goko last fall (sanitize your inputs!). It actually happened. And while nobody actually did anything particularly pernicious with that, and that particular hole is fixed now, it's mostly their response that shows a lack of concern and care that has me worried.

Quote
3. Security and bug-fixing is very much like an immune system. You get the flu, body develops a response, then you're immune to that strain. Kids are sick all the time, developing immunity that serve them for the rest of their life.

Programming is the same way. New software is buggy, someone gripes about a bug, programmers fix it, never an issue again. Hell, StarCraft 2 Heart of the Swarm came out yesterday, and there was a patch for it today... And that's with one of the best game companies in the business. Even Blizzard couldn't catch everything before release day.

What goko can be criticized for is that they let the public (beta testers) see things too early. They launched with too many bugs. This was a marketing mistake.

But they have been fixing them. You can't buy platinum on turn 1. The "immune system" is working.

I could care less about bugs, generally. Bugs will happen, they get fixed, I'm pretty satisfied with them there.

Quote
4. My sense is that this isn't really about specific security questions, but rather a much more esoteric issue... Reputation. For you, goko's reputation took a hit last summer. They've made a lot of fixes to their system, but you are unwilling to forgive them or even give them a fresh look as if you first heard about them today. I'm not saying you don't have your reasons or aren't justified, I just think you should at least recognize this thread for what it really is... "I'm WW, I don't trust goko (and you can't make me)"
That isn't what the thread is, because of what you put in parentheses. I don't get how this is about forgiveness - they didn't do anything purposefully wrong. If you get a locksmith to do the lock on your house, and it turns out you can pick it with a paperclip in 5 minutes, he doesn't need to be forgiven (it's not that he's undeserving, it's that he hasn't transgressed), but at the same time, even if he makes it un-paper-clip-pickable, you are going to lose confidence in his locksmithing abilities. Now, you can get them back, if he does something to show you signs of improvement - a course he completes, or some test he passes, some kind of check.

Quote
No, we can't. All I can request is that you be fair. Last July 4, the company responsible for the San Diego firework show had a bug that simultaneously shot off all their $500,000 worth of fireworks in 20 seconds. You can YouTube the event. They investigated the cause and gave a detailed report about the problem. Now this year cities have two choices: they can use this company and assume that they worked the glitch out and their show is more robust for it... Or they can hire another company, because, you know, company b has never had a glitch, and company a had a big one.

My question is: Is it fair to boycott company a after they acknowledged and fixed their glitch?

I mean, fixing the glitch is one thing, and that is good and fine. But when they say it wasn't a big deal, and the way we know they're good in this area, where they have admitted deficiencies in the past, is that they say so? Are you trying t suggest that we should pick the same firework company again if they say "it wasn't a serious problem" and "We're fireworks experts, and you can take our word for that." I mean, I am willing to believe that they believe that, but I'm a little in doubt as to whether they know what being experts means.

For the record - and not that it matters really - I actually like what I have seen with their implementation pretty well. There are some bugs, sure, but they get worked out; their implementation is perfectly reasonable - particularly when they get the last few rule things worked out, which I'm confident they will; their pricing is better than reasonable; they seem perfectly friendly they seem to be interested. Really, this is the only issue of note.

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #61 on: March 14, 2013, 02:22:09 pm »
0

I don't want to get into hate-goko-mode again, but what they delivered on launch day was not some bugs, that was some demonstration of complete unawerness on any security concern, and was reason enough to shatter any believe in a safe product from their side.
Of course you can say they fixed it so it's probably fine, and nobody has proven the opposite, and of course it's impossible to prove that there are no bugs anymore, so it's unreasonable to expect such a proof.  It's even unreasonable to expect there are no bugs anymore.
But, given the history, I think that it is reasonable to just not trust in the security and demand some strong evidence on the contrary to gain trust again, no matter how unlikely the existence of such an evidence is.

And this is how I understand WW's request here, and that's also more or less my stance on this topic.

The best I have heard on this topic is something like 'we have someone to review our code and a paying more attention while developing', which is not even 'we have hired $CompanyA to review our code and implemented policies $X,$Y and $Z' which would be a lot more concrete.  Of course one could say usually companies don't publish these kind of things, but there again, companies usually also don't knowingly release a product with JS-injection in the chat.
I would actually just be fine with 'we hired CompanyA to review security on our code, they looked at it and it is fine' (assuming I can find anything about CompanyA, which shouldn't be a problem).

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #62 on: March 14, 2013, 02:23:31 pm »
0

How about this.  Assume goko will get hacked.  You want to play dominion on it anyway.  What do you do?  Use a linux live CD.  If you are super paranoid, disconnect your hard drive (either physically, or via BIOS), and then boot into linux from the CD.  Use goko, get hacked.  All fine and good.  There is no way to persist any information on your machine.  Turn off your machine, reconnect the disk, reboot on your machine, and then laugh at all the poor infected suckers who didn't have your enlightened level of paranoia.
Thanks for the suggestion. And this would be fine, except that it's too much hassle.
I'm sure there are ways I could feel safe enough, but the hassle (and cost) of doing them isn't worth the enjoyment for me. It's a hobby, but not THAT great of one.

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #63 on: March 14, 2013, 02:27:29 pm »
0

Quote
But then you're also punishing yourself. Is that worth it? I don't think so.
I usually feel quite happy punishing companies for behaviour I don't want to support...
Is it worth it? Absolutely - I don't need to have this hobby near as much as I need security.
Having said that, I'm not intending to punish them at all - I am merely looking out for myself. Is it punishing Kraft that I don't buy their cheese because I can't stand cheese, and ergo have insufficient interest in their product to be worth my money? If you have such a broad definition, then sure, I am punishing them, but at that point, the word also loses a huge part of its meaning.

LastFootnote

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7495
  • Shuffle iT Username: LastFootnote
  • Respect: +10721
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #64 on: March 14, 2013, 02:36:23 pm »
0

WW, have you contacted Goko and asked if they hired Security Firm A to look at their code? You've told me multiple times now that if I have no additional information, there's no need for me to post, but then why the hell did you start this thread in the first place? If it's Goko you want info about, ask Goko.
Logged

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #65 on: March 14, 2013, 02:40:37 pm »
0

WW, have you contacted Goko and asked if they hired Security Firm A to look at their code? You've told me multiple times now that if I have no additional information, there's no need for me to post, but then why the hell did you start this thread in the first place? If it's Goko you want info about, ask Goko.
Oh, gee, that hadn't occurred to me...

D Bo

  • Conspirator
  • ****
  • Offline Offline
  • Posts: 213
  • Respect: +93
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #66 on: March 14, 2013, 02:54:58 pm »
0

Quote
But then you're also punishing yourself. Is that worth it? I don't think so.
I usually feel quite happy punishing companies for behaviour I don't want to support...
Is it worth it? Absolutely - I don't need to have this hobby near as much as I need security.
Having said that, I'm not intending to punish them at all - I am merely looking out for myself. Is it punishing Kraft that I don't buy their cheese because I can't stand cheese, and ergo have insufficient interest in their product to be worth my money? If you have such a broad definition, then sure, I am punishing them, but at that point, the word also loses a huge part of its meaning.


YOU DON'T LIKE CHEESE?!
Logged

LastFootnote

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7495
  • Shuffle iT Username: LastFootnote
  • Respect: +10721
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #67 on: March 14, 2013, 03:04:56 pm »
0

WW, have you contacted Goko and asked if they hired Security Firm A to look at their code? You've told me multiple times now that if I have no additional information, there's no need for me to post, but then why the hell did you start this thread in the first place? If it's Goko you want info about, ask Goko.
Oh, gee, that hadn't occurred to me...

I legitimately can't tell if you're being sarcastic here. I…think you are? Maybe?

For what it's worth, I don't like cheese either.
Logged

Beyond Awesome

  • Global Moderator
  • *****
  • Offline Offline
  • Posts: 2941
  • Shuffle iT Username: Beyond Awesome
  • Respect: +2466
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #68 on: March 14, 2013, 03:08:07 pm »
0

I can't eat cheese. I'm allergic.

Anyway, Goko did state they hired an outside firm. They mentioned this in one of their Q&As. You can always email Goko and asked what exact firm it was and what tests they did and the reason you are asking is to put your mind at ease as a potential paying customer. Their email is support@goko.com At lest, I am pretty sure that is their email.
Logged

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #69 on: March 14, 2013, 03:09:17 pm »
0

Anyway, Goko did state they hired an outside firm. They mentioned this in one of their Q&As.
When was this?

Watno

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2745
  • Shuffle iT Username: Watno
  • Respect: +2982
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #70 on: March 14, 2013, 03:10:08 pm »
0

I don't like cheese either.
Anyway, I wasn't really addressing you with that comment, WW.
Logged

Watno

  • Margrave
  • *****
  • Offline Offline
  • Posts: 2745
  • Shuffle iT Username: Watno
  • Respect: +2982
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #71 on: March 14, 2013, 03:13:19 pm »
0

http://forum.dominionstrategy.com/index.php?topic=6707.0
there it was said that they would have periodic reviews, which is kinda vague.
Logged

LastFootnote

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7495
  • Shuffle iT Username: LastFootnote
  • Respect: +10721
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #72 on: March 14, 2013, 03:15:15 pm »
+1

Anyway, Goko did state they hired an outside firm. They mentioned this in one of their Q&As.
When was this?

We also hired a security consultant who evaluated the site and attempted to break our security. We’ve made changes he recommended and will update you once he’s completely done with his analysis.
Logged

GendoIkari

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 9701
  • Respect: +10741
    • View Profile
Re: Convince me that Goko is a good site, security-wise
« Reply #73 on: March 14, 2013, 03:16:42 pm »
0

How about this.  Assume goko will get hacked.  You want to play dominion on it anyway.  What do you do?  Use a linux live CD.  If you are super paranoid, disconnect your hard drive (either physically, or via BIOS), and then boot into linux from the CD.  Use goko, get hacked.  All fine and good.  There is no way to persist any information on your machine.  Turn off your machine, reconnect the disk, reboot on your machine, and then laugh at all the poor infected suckers who didn't have your enlightened level of paranoia.

A bad enough virus can do actual damage to your other hardware like the processor.
Logged
Check out my F.DS extension for Chrome! Card links; Dominion icons, and maybe more! http://forum.dominionstrategy.com/index.php?topic=13363.0

Thread for Firefox version:
http://forum.dominionstrategy.com/index.php?topic=16305.0

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4381
    • View Profile
    • WanderingWinder YouTube Page
Re: Convince me that Goko is a good site, security-wise
« Reply #74 on: March 14, 2013, 03:18:28 pm »
0

Anyway, Goko did state they hired an outside firm. They mentioned this in one of their Q&As.
When was this?

We also hired a security consultant who evaluated the site and attempted to break our security. We’ve made changes he recommended and will update you once he’s completely done with his analysis.
Thank you. This is the exact kind of thing I was hoping to find from the thread!

Now, did they ever update us on that, as she says they plan on doing here? If so, then I'm good.
Pages: 1 2 [3] 4 5  All
 

Page created in 0.101 seconds with 23 queries.