Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Chess Club Security Defeated

Posted by timothy on from the global-thermonuclear-war dept.

Scott_F writes "Researchers at the University of Colorado at Boulder have been able to defeat the security mechanisms of the Internet Chess Club and can effectively play a zero-time match, as well as have complete control over the game. The paper is titled How to Cheat at Chess: A Security Analysis of the Internet Chess Club. If you're not familiar with the ICC, it is where many Grandmasters play regularly, with rumors of Bobby Fischer making an occasional appearance. It appears that the ICC has relied on security through obscurity, but we all know how poorly that works. Chess, anyone?" Update: 09/08 21:08 GMT by J : In totally unrelated chess news, I found today's commentary on Zermelo's Theorem interesting, both for the math of the game and the look at a mistaken echo chamber.

4 of 264 comments (clear)

  1. Security through obscurity.. by Karamchand · · Score: 3, Interesting

    ..is not as bad as its reputation. Of course it is not enough and you should not rely solely on it. But it can be a helpful part of your whole security-plan. Read more in this interesting paper by Jay Beale, the Lead Developer of the Bastille Linux Project.

    1. Re:Security through obscurity.. by arvindn · · Score: 3, Interesting

      Wrong. I've read Jay Beale's paper, and he argues that while "security implemented solely through obscurity is bad", obscurity can be a useful extra layer to improve security. But "security implemented solely through obscurity" is precisely what is happening in the ICC case, and a little reverse engineering renders the system completely defenseless. The theoretical reason why the reverse engg. was inevitable is the impossibility of obfuscating programs.

  2. The Real Challenge by randall_burns · · Score: 3, Interesting

    Is creating a _really_ secure equivalent of the internet chess club. I see this as a serious opportunity for an open source team to demonstrate how they can do security _right_.

    I can imagine that it _would_ be possible to do some really intersting things that would make remote matches _much_ harder to cheat at(i.e. do things like authenticate who is observing each of the remote players).

  3. FICS by bcrowell · · Score: 3, Interesting

    FICS is better than ICC anway. FICS is free. ICC makes you pay.

    --
    Find free books.