If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...

If you have a not-so-usual solution for your problems but need to justify it to your boss...

If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...

...then 'No Bugs' Hare on Soft.ware might be the right place for you.

Your mileage may vary. Batteries not included

While classical security with its best practices can be considered a science – fraud prevention is a kind of art. It is not generally possible to build a system which is 100% protected from frauds and cheats – but at least we can try, even when it requires us to cross the line and go into realm of the security-by-obscurity.

Fraud Prevention, page 2:

Bot Fighting 103. Code Integrity Checks, Code Scrambling

posted December 12, 2017 by "No Bugs" Hare

Quote:	“Bingo! We’ve got an executable, which automagically performs TONS of integrity checks, which checks are spread all over the executable, and are extremely non-obvious too.”
Another Quote:	“This approach of ‘not revealing code until attack costs are high’ is certainly not limited to payments.”
	[→]

Bot Fighting 102: System-Specific Kinda-Protection. Anti-Debugger, Anti-DLL-Injection, VM Detection.

posted December 5, 2017 by "No Bugs" Hare

Quote:	“it is fundamentally impossible to prevent (or detect) debugging, at least as long we’re staying on one single box.”
Another Quote:	“DON’T spend more than 10% of your overall anti-bot-fighting time budget on system-specific protections.”
	[→]

Bot Fighting 101: Don’t Feed the Hacker

posted November 28, 2017 by "No Bugs" Hare

Quote:	“Some of the system calls are not absolutely necessary, and using them will significantly simplify life of the attacker”
Another Quote:	“Scrambling will help to protect your protocol even if the attacker manages to F.L.I.R.T. with your TLS library”
	[→]

MOGs: Hacks and Hackers

posted November 21, 2017 by "No Bugs" Hare

Quote:	“One of the nastier-for-us features of IDA Pro is so-called F.L.I.R.T.”
Another Quote:	“All the popular protection methods lag well-behind capabilities of the average-attacker-on-a-100K-simultaneous-player-game.”
	[→]

Merits of Anti-Reverse-Engineering for MOGs

posted November 14, 2017 by "No Bugs" Hare

Quote:	“Given enough time, everything can be broken”
Another Quote:	“in this fight, most of the non-cheating player population will be on our side”
	[→]

Payment Processing. Credit Cards. Chargebacks and Collateral Damage

posted December 20, 2016 by "No Bugs" Hare

Quote:	“Chargeback monster will come from under the bed and will eat all your hard-earned money!”
Another Quote:	“it is trivial to develop a system with guaranteed zero chargeback rate – to achieve this, it is sufficient to decline each and every transaction at pre-filter stage”
	[→]

War on Clones, Part II. Identifying Mobile and Browsers. Social and Payment-Based Identification. Putting it all together.

posted July 18, 2016 by "No Bugs" Hare

Quote:	“as much as iOS is a device identification nightmare, Android is a device identification paradise.”
Another Quote:	“Everybody makes occasional mistakes, cheaters/abusers included.”
	[→]

«Previous Page