Question

In: Computer Science

a video-game developer as received reports of players who are cheating. all game players each have...

a video-game developer as received reports of players who are cheating. all game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. players can move these points between capabilities at any time. the programming logic is as follows:

o a player asks to move points from one capability to another.

o the source capability must have enough points to allow the move.

o the destination capability must not exceed 10 after the move.

o the move from source capability to destination capability is then completed.

the time stamps of the game logs show each step of the transfer process takes about 900ms. however, the time stamps of the cheating players show capability transfers at the exact same time. the cheating players have 10 points in multiple capabilities. which of the following is MOST likely being exploited to allow these capability transfers?

A. TOC/TOU

B. CSRF

C. Memory leak

D. XSS.

E. SQL injection

F. Integer overflow

Solutions

Expert Solution

TOC/TOU:
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

TOCTOU Abbrevation - Time of Check To Time Of Use

Here in this case, check of points that gamer has caoability to send the points to allow other move.

------------------------------------

CSRF attack principle:

It's like the client must have a website and generate cookie credentials stored in the browser
When cookie is not cleared, the client tabs a page to visit other websites

Here in this case, the gamer wants to send the point to other move, and before that gamer must be created for move. Otherwise, points will be added to other gamer.

--------------------------------------
Memory leak

Memory leak, is not related to the given logic as memory is within gamer itself.

--------------------------------------

Cross site scripting (XSS)

There are two types of XSS. 1) Stored. 2) Reflected.

Stored Xss known as Persistent XSS. Example is SQLInjecton

Reflected XSS is known as malicious script off of a web application. It's like the link is activated once the link is closed on.

This is applicable for the given logic the multiple capabilties of cheating in 10 points

-----------------------------------------

SQL Injection

It's possible to execute malicious SQL statement. It controls a data base server behind the web application. Attackers can use SQL Injection to bypass application secuirty measures.
Ex: Credentials to find the users in database
May be duplicate database with duplicate credentials

There's possible in update of points

---------------------------------------------

Integer Overflow

Integer overflow is the condition related to arithmetic operation such as multiplication or addition etc.

This can be done when a change in point from one stage to other stage.

Ex: Sending capability transfers can be done but with high processing time as the integer length is more.



Related Solutions

A video game developer is testing a new game on three different groups. Each group represents...
A video game developer is testing a new game on three different groups. Each group represents a different target market for the game. The developer collects scores from a random sample from each group. The results are shown below Group A Group B Group C 97 152 99 103 148 110 95 161 198 110 112 183 106 129 155 That is the mean sum of squares Between  MS(Between)?
20. A video game developer is testing a new game on three different groups. Each group...
20. A video game developer is testing a new game on three different groups. Each group represents a different target market for the game. The developer collects scores from a random sample from each group. Show all work to receive credit. Include a table of your results. Group A Group B Group C 101 151 101 108 149 109 98 160 198 107 112 186 111 126 160 What is the df(Between)? What is the df(Within)? What are the SSbetween...
A video game developer is testing a new game on three different groups. Each group represents...
A video game developer is testing a new game on three different groups. Each group represents a different target market for the game. The developer collects scores from a random sample from each group. The results are shown below Group A Group B Group C 101 142 107 109 158 105 97 147 197 105 111 201 103 132 168 That is the mean sum of squares within  MS(Within)?
16. A developer of video game software has seven proposals for new games. Unfortunately, the company...
16. A developer of video game software has seven proposals for new games. Unfortunately, the company cannot develop all the proposals because its budget for new projects is limited to $950,000, and it has only 20 programmers to assign to new projects. The financial requirements, returns, and the number of programmers required by each project are summarized in the following table. Projects 2 and 6 require specialized programming knowledge that only one of the programmers has. Both of these projects...
This game is meant for two or more players. In the game, each player starts out...
This game is meant for two or more players. In the game, each player starts out with 50 points, as each player takes a turn rolling the dice; the amount generated by the dice is subtracted from the player’s points. The first player with exactly one point remaining wins. If a player’s remaining points minus the amount generated by the dice results in a value less than one, then the amount should be added to the player’s points. (As an...
A Nash equilibrium in a game is A. an outcome in which all players are choosing...
A Nash equilibrium in a game is A. an outcome in which all players are choosing the best strategy they can, given the choices being made by all the other players. B. a strategy which is always inferior for a player to choose, regardless of what other players do. C. an outcome in which all players experience their best possible collective outcome. D. an outcome in which a player receives his/her best possible individual payoff. The prisoners’ dilemma game A....
There are two players, each holding a box. At the beginning of the game, each box...
There are two players, each holding a box. At the beginning of the game, each box contains one dollar. Player 1 is offered the choice between stopping the game and continuing. If he chooses to stop,then each player receives the money in his own box and the game ends.If Player 1 chooses to continue, then a dollar is removed from his box and two dollars are added to Player 2’s box. Then Player 2 must choose between stopping the game...
The following table depicts the market supply and demand for Video Game Players. Suppose demand can...
The following table depicts the market supply and demand for Video Game Players. Suppose demand can be described with the equation Q = 900 – 5P and supply with the equation Q = 100 + 5P. Complete the following table. Determine the equilibrium price and quantity. Determine the surplus or shortage if the price were $90. Price Quantity Demanded Quantity Supplied Surplus/ Shortage Amount of Surplus or Shortage $100 $95 $90 $85 $80 $75 $70 $65 $60
PYTHON: Write the code to play a card game called Battle. Two players each have a...
PYTHON: Write the code to play a card game called Battle. Two players each have a card deck consisting of the following cards: two, three, four, … jack, queen, king, ace, in increasing order. One card deck could be represented by a list such as: cardsPlayer1 = ["two", "three", "four"..."jack", "queen", "king", "ace"] Both players have a card randomly selected. When a card is selected, remove it from the player’s deck. The player that plays the higher of the two...
RUN THIS PROGRAM ON NETBEANS As a Software Developer, you have received a requirement from a...
RUN THIS PROGRAM ON NETBEANS As a Software Developer, you have received a requirement from a Company to implement a prototype for its payroll system. You receive the following specifications: If an employee works more than its regular hours, it is considered overtime and it will be paid based on the employee’s experience. All employees are paid biweekly (80 hours) Employee taxes: 1% This company manages three categories of workers based on employee’s experience. Group 1 (Silver) o Pay rate:...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT