It's none of the rental company's business where I went with their car. How long the car was parked where. That I drove on side roads. That I had to brake hard to miss that chicken. That I was speeding. That I sometimes drive with my windows open. That I picked up two hitchhikers. That I set the airconditioning to 82F. Which radio stations I listened to. That I brought my own CDs and what was on them. That I used the wide-beams every so often...
But rpm and apt-get are light years of what Microsoft has to offer, all their apps come with is a program that just smears junk dlls all over the file system and wantonly updates OS configuration information in that "registry" of theirs. They're amateurs, come to think of it, why even DEC's Ultrix 32 had a package manager.
Not really, but the one analogy my grandmother would understand real quick was if I could get at the wireless interface they use in the hospital to reprogram her pacemaker. Yes... pacemakers are nowadays very smart and they accept commands over a wireless interface and I pretty much doubt that they bother with message authentication codes or encryption. Imagine how fast I could get the diag codes to all the car a certain company makes if I told the auto maker's CEO I already have access to the command interface of his pace-maker, while standing next to him with a Palm in my hands?:-)
"Important notice to everybody in California: if you value the Internet or fair use rights, your Senators and Representatives could use a good flushing."
$ senatectl -f Permission denied. su - # senatectl -f Resource busy. #fuser/dev/senate 1674 RIAA 1681 MPAA #kill -TERM 1674 #ps 1674 PID TTY STAT TIME COMMAND 1674 ? R 353:12 lobbysenate -f/dev/senate #kill -9 1674 #ps 1674 PID TTY STAT TIME COMMAND 1674 ? R 353:12 lobbysenate -f/dev/senate #kill -TERM 1681 #ps 1681 PID TTY STAT TIME COMMAND 1681 ? R 320:19 bribesenators/dev/senate #kill -9 1681 #ps 1681 PID TTY STAT TIME COMMAND 1681 ? R 320:19 bribesenators/dev/senate
BSI = "Bundesamt fuer Sicherheit in der Informationstechnik" -> "Federal Department for Security in Information Technology". Their mission is comparable to NSA's Information Assurance Directorate. Their site is far more informative than NSA's site, chock full of security advice though as always in all things security I advise to take whatever anybody says with a grain of salt. They've also got that other mission just like NSA does.
They've opensourced Sphinx, formerly a project aimed at providing secure email within German government agencies which is essentially a plugin for various email clients (appa which implements S/MIME as well as an S/MIME incompatible national encrypted email standard called MailTrust (spec available in German only). Apparently they're integrating the Sphinx code in KDE's kMail and in mutt. You can find the Sphinx code here.
Another opensource project I could find right away is DiCop (Distributed Computing in Perl), a GPL'd distributed job execution environment consisting of an administration server and client/worker software. The administration server sends jobs to the client/workers and collects the results. You can get DiCop here.
Please keep in mind that BSI is an agency of a foreign government no longer outright sympathetic to American interests.
I just did that do my Windows partition. Took a little too long to eat it's way through all that junk so I switched to 'dd if=/dev/zero of=/dev/sda3 bs=512'. There goes the last of Microsoft code on my system. It wont be missed.
I might also add that the Macromedia source code for version 5 of their Flash player is available here here. Don't get all excited just right now though, they make you fill out a questionaire and then decide whether they want to let you have it.
There's this saying that goes like "I would rather have a sister in the whorehouse than a brother on a Honda." I guess you catch my drift, Ballmer, especially when it's YOU talking about security.
Right on! Fact is, the copy protection has got to go through the driver code for reading cdrom devices which in turn has to eventually go through ide/scsi host adapter code to get to the drive. Even in systems like Windows[0-9]+/Millenium/XP there are very convenient ways of inserting a layer between the application and the drivers to simulate anything at all a copy-protected CD-ROM/DVD could come up with.
Sierra's Space Quest II had an oddly formatted track on the diskette it came on, so what did I do? Instead of stepping through all that code to get to wherever they checked for that track, I just read that track the same way the SQII's copy protection would read it, and then I hooked INT13 and fed SQII that track whenever it wanted it. That simple, and that's just the way to take care of any and all medium oriented copy protection. Even the newer CD-ROM copy protection schemes which exploit timing differences caused by odd low-level formatting a burner can't reproduce.
Wrong. IANAWNS, but I would never EVER turn on a machine on with evidence on it. Instead I would yank it's hard drives and put them into a system I know is safe. The only way I know of which could cause a lot of confusion and inconvenience would be to modify the firmware of the hard drive itself to expect an authentication handshake before executing read commands properly, and if it doesn't get a handshake just give out junk and silently start corrupting data on the media. Of course, the self-destruct should not be allowed to be interrupted once its in self-destruct mode and authentication data such as keys should be in part stored on a secure smart card and in part in the users head. Oh and while we're at it modifying that firmware, it would also make sense to encrypt the data on the medium using a key derived from the authentication data. That way, even if they're smart enough to hookup the drive's medium to another "clean" controller, they're still fscked.
I am very security conscious and the problem is not only limited to 3rd parties exploiting a security flaw in the XBox. What I am also worried about is that Microsoft, Sony or whoever has "legitimate" access to the box to upload code which could simply run in the background, put the box's ethernet interface into promiscous mode and start logging what's on the lan and report back to the mothership. Corporations do not care the least bit about your security at home. Another good real-life example of that was my TelCo suggesting I connect their DSL modem directly to my lan. Then they'd only have to upload a modified firmware to that modem and voila: instant carnivore!
They did make a movie of sorts from BNW though not keeping very close to the book. In the BNW nobody, regardless whether they were "predestinated" at birth as alpha/beta/gamma or delta was supposed to read books. Reminds me of Fahrenheit 451, and I can just imagine Jack Valenti and the rest of the RIAA/MPAA mobsters driving through town on a wailing fire engine (sponsored by Sony of course).
In addition to wireless LAN maybe also a subsystem for accessing GSM/PCS and UMTS services (needs one smart card interface), and while we're at it, let's throw in another, secondary smart card interface so finally use the Geldkarte and similar electronic purses and we'd finally be set for M-Commerce!
"uniqueness" of HK... and if you were in Germany..
on
Hong Kong's Octopus
·
· Score: 1
Yes, and if you were in Germany you could have a Geldkarte ("Moneycard", an electronic purse which will hold up to EUR 200 (about USD 200)), and you could use that for public transit, parking garages, restaurants, buying merchandise, in short, nearly everywhere where you had to use cash and small change before. Geldkarte has been very well adopted in Germany and it's been there for _years_, and there are equivalent systems out there like the Dutch Chipper system, and I can't remember the name of the french one. Just plug it into an ATM machine and load it up again.
It's not a question whether I trust them or not with the "safety" of nuclear weapons. As a matter of fact I don't, and if I had any say in this then I'd say we disarm them all immediately on both sides and we'd all be better off.
For your information, I have already worked on a couple of government project, albeit not as a government employee, and not in the US, but I suspect it's the same all over the world. The team from our company did almost all of the work, they honed their solitaire scores. I'm not even bitching about that because the more work we got done, the larger was our bonus, but still... these people's payroll comes directly out of my tax money and they spend the day surfing the web and goofing off.
Oh and I didn't necessarily mean that they were technically incompetent (some were of course, but you get that everywhere). I'm just saying that the way I see it, they don't have what it takes to survive on the open job market and that doesn't necessarily include only technical skills, but also being capable of getting things done and communicating with people. I didn't see any of that back then.
It's not that government employees can't possibly get a job anywhere else, but because they have neither the skills, nor the tenacity to compete in a normal workplace, in other words: some light work, yes thank you, but don't pressure me with any deadlines, please.
Au contraire, mon capitain... Even if I'm sitting in a public place, you HAVE NO BUSINESS WHATSOEVER looking at what is on my screen. Consider the monitor equivalent to the screen of an ATM machine. You don't lean over people's shoulders when they're withdrawing cash, why should you be breathing down their neck and gawking at their screen just because they're using a computer?
I remember cracking Space Quest III like that. I believe cyl #15 on head 0 of the 720K floppy disk was written with a bunch of odd sized sectors (n > 512 bytes) overlapping each other. There was no way I could copy it with the fdc in my PC, so I didn't even go looking for the function that read and evaluated that track. Instead I intercepted BIOS INT13, checked for reads to that track and just gave out the same data as a fdc would read it.
I defeated the protection to Larry II in a similar way. Larry II would force you to lookup the phone numbers of random women in the accompanying documentation before it would start. For its random function it went through BIOS INT1A to get the time. Again I didn't feel like wading through Sierra's code so I just hooked into BIOS INT1A and let it return the same time value whenever it was called and henceforth Larry II always ask for the same womans phone number.
I defeated the protection of a major Production and Planning System (PPS) package for the AS/400 with about 5 lines CL code (and a weekend of tracing through all the CL and RPG program objects it called). It involved deleting a program object and replacing it with a dummy program object that would return the parameters it got exactly the way it got it. Winded up installing the "fix" too, at customer sites upgrading to a new AS/400 which would get you a different machine serial but that's another story:-)
All of these crimes were committed long before the DMCA and in another jurisdiction, at a time when you had to park your Pinto half a mile away from your cubicle, Ashcroft.
When I first got NuMega's SoftIce I took it for a test ride to a certain piece of software that lets users click their way through a zip file. I set a breakpoint on the registration dialogs's dialog function and went from there. Turned out that the program would calculate the required serial number from the user name given and would compare the serial it came up with to the serial number I typed in the registration dialog. You know who you are:-)
Those were the days, and I suppose your approach would be very valid for the scenarios like the ones I listed above but even makers of copy protection have become a little smarter. Nowadays you have convoluted binary code generated by a code generator that takes your unprotected application binary, encrypts it and embeds it into a cesspool of phony decoy and tamper protection code. Somewhere in there is of course also the code for talking to the dongle and decrypting/reencrypting the application code, good luck finding it. Extracting the application code and piecing it together again should be a piece of cake then:-). (Automated protection schemes have also been cracked, when people discovered regularities in the obfuscation code generated by the code generator.)
Anyway... as long as the code is loaded on and executed on a computer I have control over, it is hackable. It's just not as simple as you make it sound.
That is not entirely true. It is more likely you meant to say that most dongles schemes are easy to crack and I'll agree with you, because the program executes on the PC and somewhere along the line the dongle is going to eventually decrypt the program code. Things get very interesting, however, once parts of the program are located on a remote server and the dongle is used to authenticate to the server or parts of the program run on the dongle itself.
There is some awesome military grade security hardware out there which I promise you, no norwegian 14-year old is going to hack over the long winter nights. One example of what would really make some grown hackers cry is this little device here.
Even in a setup where the computer's job is only to render the graphics, output the sound and return keystroke and joystick movements to a secure hardware, some bots would _still_ be possible. It's kind of like how the analog hole prevents any and all copy protection schemes from working: in this case, if you can see and hear it, you can play it, and so can your bot.
I could imagine in the worst case a bot that would do some limited image recognition on the graphics he extracts from the framebuffer or a dummy graphics driver to walk through the gameworld, recognize enemies and then blast away at them. More likely that the bot would be able to intercept commands and data sent to the graphics driver and start form there.
Cheating with bots is not only a problem limited to online gaming. As a matter of fact many ad schemes where they pay you for clicking ads suffer from bots, and have put a lot of effort into developing heuristics to tell an user from a cheater. The cheaters in turn retaliated by making their clickbots more and more human-like in their behavior and so in turn you will find slightly less than perfect gamebots once you start eliminating perfect players.
How about using OS/360? It's one hell of a secure operating system. First of all, it eliminates the one major security hole you can have on a system: TCP/IP. OS/360's answer to networking and communication is TCAMS (Terminal Control Access Methods) where you can handcode secure communication procedures in S/360 Assembler and PL/I yourself. It's fun, try it! The system itself is open source btw and anyone not in their right mind with a working knowledge of S/360 assembler and PL/1 can hack it! If you don't have access to a S/360 system then there's an emulator, the OS/360 software distribution also includes the assembler, and PL/I and Cobol compilers.
Just look at the beauty of it! Why even the boot (pardon IPL) messages look so intimidating:
IEA218I MOD=158, ALTSYS=350 ASSUMED S370 IEA101A SPECIFY SYSTEM PARAMETERS FOR RELEASE
IEE140I SYSTEM CONSOLES CONSOLE/ALT COND AUTH AREA ROUTCD 30E/01F H STCMDS 03 ALL 01F/31F M ALL 01 ALL 31F/01F N ALL 02 ALL 30E/01F A NONE 03 ALL
IEE101A READY IEF249I FOLLOWING P/R AND RSV VOLUMES ARE MOUNTED SYSRES ON 150 (RSV-STR) WORK01 ON 151 (RSV-PUB) MVTRES ON 350 (P/R-PRV) DLIB01 ON 351 (RSV-PRV) WORK02 ON 352 (RSV-PUB) IEE103I S WTR,00E * IEE103I S RDR,00C * IEE103I S INIT *
*00 IEE116A TOD CLOCK INVALID- REPLY WITH SET PARAMETERS r 0,'date=72.045'
IEE600I REPLY TO 00 IS; 'date=72.045' IEE118I SET PARAMETER(S) ACCEPTED IEE037I LOG NOT SUPPORTED. *01 IEC123D 00E SPECIFY UCS PARAMETER *IEA000A 00A,INT REQ,02,0E00,4000,,,RDR r 1,pn
IEE600I REPLY TO 01 IS; PN mn status mn jobnames,t
IEF403I INIT STARTED TIME=01.32.11 IEF429I INITIATOR 'INIT' WAITING FOR WORK
d a IEE102I 01.33.30 ACTIVE DISPLAY 072 STRADDR ENDADDR SQA R SUBT NAME1 NAME2 NAME3 02022K 02048K 01728 02 MASTER SCHEDULER 02002K 02022K 00392 00 WTR 00E 00000K 00000K 00504 00 INIT
Slashdot Mirror
It's none of the rental company's business where I went with their car. How long the car was parked where. That I drove on side roads. That I had to brake hard to miss that chicken. That I was speeding. That I sometimes drive with my windows open. That I picked up two hitchhikers. That I set the airconditioning to 82F. Which radio stations I listened to. That I brought my own CDs and what was on them. That I used the wide-beams every so often...
Osama Bin Laden has a lot of money and he can hire the brightest hackers on the planet to come after your information systems. :-)
But rpm and apt-get are light years of what Microsoft has to offer, all their apps come with is a program that just smears junk dlls all over the file system and wantonly updates OS configuration information in that "registry" of theirs. They're amateurs, come to think of it, why even DEC's Ultrix 32 had a package manager.
Not really, but the one analogy my grandmother would understand real quick was if I could get at the wireless interface they use in the hospital to reprogram her pacemaker. Yes... pacemakers are nowadays very smart and they accept commands over a wireless interface and I pretty much doubt that they bother with message authentication codes or encryption. Imagine how fast I could get the diag codes to all the car a certain company makes if I told the auto maker's CEO I already have access to the command interface of his pace-maker, while standing next to him with a Palm in my hands? :-)
"Important notice to everybody in California: if you value the Internet or fair use rights, your Senators and Representatives could use a good flushing."
/dev/senate /dev/senate /dev/senate /dev/senate /dev/senate
$ senatectl -f
Permission denied.
su -
# senatectl -f
Resource busy.
#fuser
1674 RIAA 1681 MPAA
#kill -TERM 1674
#ps 1674
PID TTY STAT TIME COMMAND
1674 ? R 353:12 lobbysenate -f
#kill -9 1674
#ps 1674
PID TTY STAT TIME COMMAND
1674 ? R 353:12 lobbysenate -f
#kill -TERM 1681
#ps 1681
PID TTY STAT TIME COMMAND
1681 ? R 320:19 bribesenators
#kill -9 1681
#ps 1681
PID TTY STAT TIME COMMAND
1681 ? R 320:19 bribesenators
"Tak!" ?
What if you said "nie"?
BSI = "Bundesamt fuer Sicherheit in der Informationstechnik" -> "Federal Department for Security in Information Technology". Their mission is comparable to NSA's Information Assurance Directorate. Their site is far more informative than NSA's site, chock full of security advice though as always in all things security I advise to take whatever anybody says with a grain of salt. They've also got that other mission just like NSA does.
They've opensourced Sphinx, formerly a project aimed at providing secure email within German government agencies which is essentially a plugin for various email clients (appa which implements S/MIME as well as an S/MIME incompatible national encrypted email standard called MailTrust (spec available in German only). Apparently they're integrating the Sphinx code in KDE's kMail and in mutt. You can find the Sphinx code here.
Another opensource project I could find right away is DiCop (Distributed Computing in Perl), a GPL'd distributed job execution environment consisting of an administration server and client/worker software. The administration server sends jobs to the client/workers and collects the results. You can get DiCop here.
Please keep in mind that BSI is an agency of a foreign government no longer outright sympathetic to American interests.
yes > /dev/sda3
I just did that do my Windows partition. Took a little too long to eat it's way through all that junk so I switched to 'dd if=/dev/zero of=/dev/sda3 bs=512'. There goes the last of Microsoft code on my system. It wont be missed.
I might also add that the Macromedia source code for version 5 of their Flash player is available here here. Don't get all excited just right now though, they make you fill out a questionaire and then decide whether they want to let you have it.
There's this saying that goes like "I would rather have a sister in the whorehouse than a brother on a Honda." I guess you catch my drift, Ballmer, especially when it's YOU talking about security.
Right on! Fact is, the copy protection has got to go through the driver code for reading cdrom devices which in turn has to eventually go through ide/scsi host adapter code to get to the drive. Even in systems like Windows[0-9]+/Millenium/XP there are very convenient ways of inserting a layer between the application and the drivers to simulate anything at all a copy-protected CD-ROM/DVD could come up with.
Sierra's Space Quest II had an oddly formatted track on the diskette it came on, so what did I do? Instead of stepping through all that code to get to wherever they checked for that track, I just read that track the same way the SQII's copy protection would read it, and then I hooked INT13 and fed SQII that track whenever it wanted it. That simple, and that's just the way to take care of any and all medium oriented copy protection. Even the newer CD-ROM copy protection schemes which exploit timing differences caused by odd low-level formatting a burner can't reproduce.
Wrong. IANAWNS, but I would never EVER turn on a machine on with evidence on it. Instead I would yank it's hard drives and put them into a system I know is safe. The only way I know of which could cause a lot of confusion and inconvenience would be to modify the firmware of the hard drive itself to expect an authentication handshake before executing read commands properly, and if it doesn't get a handshake just give out junk and silently start corrupting data on the media. Of course, the self-destruct should not be allowed to be interrupted once its in self-destruct mode and authentication data such as keys should be in part stored on a secure smart card and in part in the users head. Oh and while we're at it modifying that firmware, it would also make sense to encrypt the data on the medium using a key derived from the authentication data. That way, even if they're smart enough to hookup the drive's medium to another "clean" controller, they're still fscked.
I am very security conscious and the problem is not only limited to 3rd parties exploiting a security flaw in the XBox. What I am also worried about is that Microsoft, Sony or whoever has "legitimate" access to the box to upload code which could simply run in the background, put the box's ethernet interface into promiscous mode and start logging what's on the lan and report back to the mothership. Corporations do not care the least bit about your security at home. Another good real-life example of that was my TelCo suggesting I connect their DSL modem directly to my lan. Then they'd only have to upload a modified firmware to that modem and voila: instant carnivore!
... if some website or magazine issues an "editor's award" or whatever to product, _especially_ when we're talking about security.
They did make a movie of sorts from BNW though not keeping very close to the book. In the BNW nobody, regardless whether they were "predestinated" at birth as alpha/beta/gamma or delta was supposed to read books. Reminds me of Fahrenheit 451, and I can just imagine Jack Valenti and the rest of the RIAA/MPAA mobsters driving through town on a wailing fire engine (sponsored by Sony of course).
In addition to wireless LAN maybe also a subsystem for accessing GSM/PCS and UMTS services (needs one smart card interface), and while we're at it, let's throw in another, secondary smart card interface so finally use the Geldkarte and similar electronic purses and we'd finally be set for M-Commerce!
Yes, and if you were in Germany you could have a Geldkarte ("Moneycard", an electronic purse which will hold up to EUR 200 (about USD 200)), and you could use that for public transit, parking garages, restaurants, buying merchandise, in short, nearly everywhere where you had to use cash and small change before. Geldkarte has been very well adopted in Germany and it's been there for _years_, and there are equivalent systems out there like the Dutch Chipper system, and I can't remember the name of the french one. Just plug it into an ATM machine and load it up again.
Electronic purses are nothing new under the sun.
It's not a question whether I trust them or not with the "safety" of nuclear weapons. As a matter of fact I don't, and if I had any say in this then I'd say we disarm them all immediately on both sides and we'd all be better off.
For your information, I have already worked on a couple of government project, albeit not as a government employee, and not in the US, but I suspect it's the same all over the world. The team from our company did almost all of the work, they honed their solitaire scores. I'm not even bitching about that because the more work we got done, the larger was our bonus, but still... these people's payroll comes directly out of my tax money and they spend the day surfing the web and goofing off.
Oh and I didn't necessarily mean that they were technically incompetent (some were of course, but you get that everywhere). I'm just saying that the way I see it, they don't have what it takes to survive on the open job market and that doesn't necessarily include only technical skills, but also being capable of getting things done and communicating with people. I didn't see any of that back then.
I've got enough Karma to burn over this one.
It's not that government employees can't possibly get a job anywhere else, but because they have neither the skills, nor the tenacity to compete in a normal workplace, in other words: some light work, yes thank you, but don't pressure me with any deadlines, please.
You always get what you pay for.
Au contraire, mon capitain... Even if I'm sitting in a public place, you HAVE NO BUSINESS WHATSOEVER looking at what is on my screen. Consider the monitor equivalent to the screen of an ATM machine. You don't lean over people's shoulders when they're withdrawing cash, why should you be breathing down their neck and gawking at their screen just because they're using a computer?
I could send a couple of dozen Windows boxes to that office to get their ATX behinds whipped!
I remember cracking Space Quest III like that. I believe cyl #15 on head 0 of the 720K floppy disk was written with a bunch of odd sized sectors (n > 512 bytes) overlapping each other. There was no way I could copy it with the fdc in my PC, so I didn't even go looking for the function that read and evaluated that track. Instead I intercepted BIOS INT13, checked for reads to that track and just gave out the same data as a fdc would read it.
:-)
:-)
:-). (Automated protection schemes have also been cracked, when people discovered regularities in the obfuscation code generated by the code generator.)
I defeated the protection to Larry II in a similar way. Larry II would force you to lookup the phone numbers of random women in the accompanying documentation before it would start. For its random function it went through BIOS INT1A to get the time. Again I didn't feel like wading through Sierra's code so I just hooked into BIOS INT1A and let it return the same time value whenever it was called and henceforth Larry II always ask for the same womans phone number.
I defeated the protection of a major Production and Planning System (PPS) package for the AS/400 with about 5 lines CL code (and a weekend of tracing through all the CL and RPG program objects it called). It involved deleting a program object and replacing it with a dummy program object that would return the parameters it got exactly the way it got it. Winded up installing the "fix" too, at customer sites upgrading to a new AS/400 which would get you a different machine serial but that's another story
All of these crimes were committed long before the DMCA and in another jurisdiction, at a time when you had to park your Pinto half a mile away from your cubicle, Ashcroft.
When I first got NuMega's SoftIce I took it for a test ride to a certain piece of software that lets users click their way through a zip file. I set a breakpoint on the registration dialogs's dialog function and went from there. Turned out that the program would calculate the required serial number from the user name given and would compare the serial it came up with to the serial number I typed in the registration dialog. You know who you are
Those were the days, and I suppose your approach would be very valid for the scenarios like the ones I listed above but even makers of copy protection have become a little smarter. Nowadays you have convoluted binary code generated by a code generator that takes your unprotected application binary, encrypts it and embeds it into a cesspool of phony decoy and tamper protection code. Somewhere in there is of course also the code for talking to the dongle and decrypting/reencrypting the application code, good luck finding it. Extracting the application code and piecing it together again should be a piece of cake then
Anyway... as long as the code is loaded on and executed on a computer I have control over, it is hackable. It's just not as simple as you make it sound.
That is not entirely true. It is more likely you meant to say that most dongles schemes are easy to crack and I'll agree with you, because the program executes on the PC and somewhere along the line the dongle is going to eventually decrypt the program code. Things get very interesting, however, once parts of the program are located on a remote server and the dongle is used to authenticate to the server or parts of the program run on the dongle itself.
There is some awesome military grade security hardware out there which I promise you, no norwegian 14-year old is going to hack over the long winter nights. One example of what would really make some grown hackers cry is this little device here.
Even in a setup where the computer's job is only to render the graphics, output the sound and return keystroke and joystick movements to a secure hardware, some bots would _still_ be possible. It's kind of like how the analog hole prevents any and all copy protection schemes from working: in this case, if you can see and hear it, you can play it, and so can your bot.
I could imagine in the worst case a bot that would do some limited image recognition on the graphics he extracts from the framebuffer or a dummy graphics driver to walk through the gameworld, recognize enemies and then blast away at them. More likely that the bot would be able to intercept commands and data sent to the graphics driver and start form there.
Cheating with bots is not only a problem limited to online gaming. As a matter of fact many ad schemes where they pay you for clicking ads suffer from bots, and have put a lot of effort into developing heuristics to tell an user from a cheater. The cheaters in turn retaliated by making their clickbots more and more human-like in their behavior and so in turn you will find slightly less than perfect gamebots once you start eliminating perfect players.
Just look at the beauty of it! Why even the boot (pardon IPL) messages look so intimidating