WEBVTT

00:00:03.679 --> 00:00:06.240
Welcome to the Azure Security Podcast, where

00:00:06.240 --> 00:00:08.759
we discuss topics relating to security, privacy,

00:00:09.039 --> 00:00:11.480
reliability, and compliance on the Microsoft

00:00:11.480 --> 00:00:15.779
Cloud Platform. Hey everybody, welcome to episode

00:00:15.779 --> 00:00:20.120
117. This week is myself, Michael, with Sarah.

00:00:20.339 --> 00:00:23.100
Everyone else is busy. And our guest this week

00:00:23.100 --> 00:00:25.460
is Russ Rogers, who's here to talk to us about

00:00:25.460 --> 00:00:28.019
a topic we have never discussed, which is gaming

00:00:28.019 --> 00:00:30.820
security. But before we get to our guest, let's

00:00:30.820 --> 00:00:32.799
take a little lap around the news. By the way,

00:00:32.840 --> 00:00:35.460
we have a lot of news this week. Sarah, so why

00:00:35.460 --> 00:00:38.560
don't you kick things off? lots of AKS stuff.

00:00:38.740 --> 00:00:42.600
So let's run through it. So Azure Bastion will

00:00:42.600 --> 00:00:46.579
now connect to a private AKS cluster. So if you

00:00:46.579 --> 00:00:50.219
need to do that, it's a nice way of connecting

00:00:50.219 --> 00:00:53.619
securely. I would call it a jump box, but it's

00:00:53.619 --> 00:00:55.799
all managed by Microsoft if you haven't used

00:00:55.799 --> 00:00:59.679
Azure Bastion. Confidential VMs for Ubuntu 24

00:00:59.679 --> 00:01:04.340
.04 are now also available in AKS. So if you

00:01:04.340 --> 00:01:08.019
want to use a confidential compute, you can do

00:01:08.019 --> 00:01:10.799
that with your Ubuntu. We've also got deployment

00:01:10.799 --> 00:01:14.400
safeguards and now GA and AKS. So they are helping

00:01:14.400 --> 00:01:18.680
enforce particular configurations, which get

00:01:18.680 --> 00:01:21.239
rid of potential security issues and non -compliant

00:01:21.239 --> 00:01:23.620
things. You can do them in warning or you can

00:01:23.620 --> 00:01:26.359
do enforcement. So again, some nice safeguards

00:01:26.359 --> 00:01:29.000
to reduce bugs and misconfigurations. And we

00:01:29.000 --> 00:01:32.390
know that can be... Bad for your security. Also,

00:01:32.530 --> 00:01:35.730
we've got application gateways for containers,

00:01:36.030 --> 00:01:39.049
which is one which is now in public preview.

00:01:39.209 --> 00:01:42.090
Now, we've talked about WAF before. You should,

00:01:42.129 --> 00:01:45.129
if you're running a web application in your containers,

00:01:45.370 --> 00:01:48.430
you should be using a web application firewall.

00:01:48.590 --> 00:01:52.640
So go do the thing. And obviously the thing at

00:01:52.640 --> 00:01:55.799
the moment, we've got in public preview the AKS

00:01:55.799 --> 00:01:59.939
MCP server. So that means that you can use the

00:01:59.939 --> 00:02:03.959
AKS MCP server to advertise your cluster as a

00:02:03.959 --> 00:02:08.020
tool. So go and do that if you are wanting to

00:02:08.020 --> 00:02:11.460
have your LLMs access AKS. But as we talked about

00:02:11.460 --> 00:02:13.759
a few episodes ago, obviously there are security

00:02:13.759 --> 00:02:16.139
considerations to take into account. So definitely

00:02:16.139 --> 00:02:20.020
have a think before you do that. AKS has now

00:02:20.020 --> 00:02:22.960
got a security dashboard, which is super exciting.

00:02:23.319 --> 00:02:25.520
That means that you can actually have a look

00:02:25.520 --> 00:02:27.500
at your security posture across your whole cluster,

00:02:27.620 --> 00:02:30.719
which is nice for visibility. And then last but

00:02:30.719 --> 00:02:33.180
not least, for all the product things, we have

00:02:33.180 --> 00:02:36.759
the app service is now supporting inbound IP

00:02:36.759 --> 00:02:41.939
version 6 support. So eventually everyone's going

00:02:41.939 --> 00:02:44.680
to have to do IP version 6. So get ahead of things

00:02:44.680 --> 00:02:48.740
and go have a look at that. So I'll take a breath

00:02:48.740 --> 00:02:51.900
for a second. And that is all our product stuff.

00:02:52.159 --> 00:02:55.479
But also, we've mentioned this before, we've

00:02:55.479 --> 00:02:58.099
been releasing our developer security questions

00:02:58.099 --> 00:03:00.879
that we recorded at Build a few months ago. And

00:03:00.879 --> 00:03:03.219
there's a couple we put in the show notes to

00:03:03.219 --> 00:03:06.520
highlight. We did keys or tokens, and we asked

00:03:06.520 --> 00:03:08.979
everyone what they would prefer to use. And they've

00:03:08.979 --> 00:03:11.580
got a lot of views so far. And also, what's your

00:03:11.580 --> 00:03:14.240
worst security coding mistake? And what's the

00:03:14.240 --> 00:03:18.979
best advice you received as about coding securely.

00:03:19.379 --> 00:03:22.139
Now, that's my personal favorite one. I won't

00:03:22.139 --> 00:03:24.800
give it away why it's my personal favorite, but

00:03:24.800 --> 00:03:27.539
it's the answer from David Favler, which was

00:03:27.539 --> 00:03:31.330
hilarious. And I know... A lot of people have

00:03:31.330 --> 00:03:34.430
asked you, Michael, I think. This was not rehearsed,

00:03:34.430 --> 00:03:37.250
just to say again. Yeah, 100%. It was great,

00:03:37.330 --> 00:03:39.009
the fact that they were not rehearsed. Their

00:03:39.009 --> 00:03:41.210
responses were absolutely gorgeous. They really,

00:03:41.250 --> 00:03:43.129
really were. Actually, I have a ton of news as

00:03:43.129 --> 00:03:46.189
well. First one is CodeQL support for Rust is

00:03:46.189 --> 00:03:49.509
now in public preview. This is huge. CodeQL is

00:03:49.509 --> 00:03:51.409
one of my favorite tools. It is a static analysis

00:03:51.409 --> 00:03:54.530
platform. It's been around for a while, supporting

00:03:54.530 --> 00:03:58.210
C, C++, C Sharp, JavaScript, Python, and a few

00:03:58.210 --> 00:04:00.900
other languages. but we now have support in public

00:04:00.900 --> 00:04:02.759
preview for Rust as well. The nice thing about

00:04:02.759 --> 00:04:04.919
CoQL is you can write your own little rules.

00:04:04.960 --> 00:04:07.099
You don't have to pay someone $50 ,000 to write

00:04:07.099 --> 00:04:08.979
a bunch of rules. You can actually go ahead and

00:04:08.979 --> 00:04:13.879
write your own. Next, ASP .NET Core now supports

00:04:13.879 --> 00:04:17.920
passkeys. Big fan of passkeys because the credential

00:04:17.920 --> 00:04:21.639
is maintained in some hardware device or on your

00:04:21.639 --> 00:04:24.819
laptop or whatever. So it's great to see the

00:04:24.819 --> 00:04:28.279
support now being added to ASP .NET Core. Key

00:04:28.279 --> 00:04:31.139
thing with passkeys is that they are phishing

00:04:31.139 --> 00:04:34.699
resistant. Next is in public preview is Roslyn

00:04:34.699 --> 00:04:37.839
Analyzer for durable functions in .NET isolated

00:04:37.839 --> 00:04:40.399
as available. Okay, quick history lesson. Back

00:04:40.399 --> 00:04:44.959
in the day, the managed code tool chain, so C

00:04:44.959 --> 00:04:48.319
Sharp, VB .NET, and all those other tools were

00:04:48.319 --> 00:04:53.379
rewritten and the project name was Roslyn. A

00:04:53.379 --> 00:04:56.100
key part of Roslyn is the ability to add your

00:04:56.100 --> 00:04:58.839
own analysis tools or use off -the -shelf analysis

00:04:58.839 --> 00:05:02.269
tools that plug into the environment. It's not

00:05:02.269 --> 00:05:04.230
the same as CodeQL, it's quite different. But

00:05:04.230 --> 00:05:05.990
at the various stages of the compilation process,

00:05:06.329 --> 00:05:07.990
like all the lexical analysis, all the syntax

00:05:07.990 --> 00:05:09.930
parsing, all the code generation, all that sort

00:05:09.930 --> 00:05:11.569
of optimization, all that sort of stuff, you

00:05:11.569 --> 00:05:14.029
can actually add your own code in that process

00:05:14.029 --> 00:05:16.589
to do your own analysis. I don't believe that's

00:05:16.589 --> 00:05:18.350
the case here, but you can certainly put your

00:05:18.350 --> 00:05:21.790
own coding constraints by using Roslyn. So this

00:05:21.790 --> 00:05:23.810
is great to see. I'm a huge fan of anything that

00:05:23.810 --> 00:05:28.089
makes detection of issues early is a good thing.

00:05:28.839 --> 00:05:32.399
Next thing in private preview, we have confidential

00:05:32.399 --> 00:05:35.600
VMs now support Intel TDX. If you're familiar

00:05:35.600 --> 00:05:39.579
with SGX, that's now been replaced by trusted

00:05:39.579 --> 00:05:43.420
domain extensions or TDX from Intel. So those

00:05:43.420 --> 00:05:47.740
VM series of confidential VMs is DC ESV6 and

00:05:47.740 --> 00:05:51.459
EC ESV6. Next, from my own stomping ground in

00:05:51.459 --> 00:05:54.240
Azure Data, in public preview, Azure Cosmos DB

00:05:54.240 --> 00:05:57.509
from MongoDB. now supports encryption with customer

00:05:57.509 --> 00:05:59.269
-managed keys. I've said this a billion times,

00:05:59.410 --> 00:06:02.069
I'll say it again, it's great to see key support

00:06:02.069 --> 00:06:05.410
being given to the customers. If they opt in

00:06:05.410 --> 00:06:07.529
to use it, you don't have to. You can obviously

00:06:07.529 --> 00:06:11.110
use system -managed keys. But do be aware that

00:06:11.110 --> 00:06:13.410
the keys are yours, and if you lose them, we

00:06:13.410 --> 00:06:15.889
don't have a copy of them. So make sure you do

00:06:15.889 --> 00:06:19.180
appropriate backups of keys. Next is, and this

00:06:19.180 --> 00:06:20.879
is a bit of a mouthful, but it's generally available,

00:06:21.100 --> 00:06:24.259
Private Application Gateway is now available

00:06:24.259 --> 00:06:28.500
on Azure Application Gateway version 2. A keyword

00:06:28.500 --> 00:06:31.839
there is Private Application Gateway. It gives

00:06:31.839 --> 00:06:34.000
you things like a private IP -only front -end

00:06:34.000 --> 00:06:36.500
configuration, enhanced control over network

00:06:36.500 --> 00:06:39.779
security groups, and things like control over

00:06:39.779 --> 00:06:42.379
route table rules and forced tunneling support.

00:06:42.680 --> 00:06:45.019
Great to see anything that provides extra layers

00:06:45.019 --> 00:06:48.670
of network isolation. I'm a big fan of. Back

00:06:48.670 --> 00:06:51.009
to confidential VMs in public preview, we now

00:06:51.009 --> 00:06:53.209
have confidential VMs for Azure Linux. That is

00:06:53.209 --> 00:06:56.430
essentially the Microsoft distribution of Linux,

00:06:56.550 --> 00:06:59.500
so great to see that as well. Generally available

00:06:59.500 --> 00:07:03.600
is the network security perimeter support. This

00:07:03.600 --> 00:07:07.040
allows organizations to define a logical network

00:07:07.040 --> 00:07:10.620
isolation boundary for PaaS services. So for

00:07:10.620 --> 00:07:13.680
example, Azure storage accounts or Azure SQL

00:07:13.680 --> 00:07:16.500
databases. This is, again, it's another way of

00:07:16.500 --> 00:07:20.470
defining an isolation. This case, it's obviously

00:07:20.470 --> 00:07:23.029
the network layer, but you can do things like

00:07:23.029 --> 00:07:26.370
provide private access to various resources within

00:07:26.370 --> 00:07:28.829
the network environment, within the network security

00:07:28.829 --> 00:07:32.029
perimeter, without exposing them publicly. Another

00:07:32.029 --> 00:07:34.610
one which is developer -related, even though

00:07:34.610 --> 00:07:38.009
the CoQL one was developer -related, safeguarding

00:07:38.009 --> 00:07:41.129
VS Code against prompt injections. There's a

00:07:41.129 --> 00:07:44.699
blog post up on GitHub. Long story short, if

00:07:44.699 --> 00:07:47.019
you're using VS Code and you're using any of

00:07:47.019 --> 00:07:49.819
the AI agents that are built into or have access

00:07:49.819 --> 00:07:52.240
to within Visual Studio Code, you need to go

00:07:52.240 --> 00:07:56.019
ahead and read this blog post. An old colleague

00:07:56.019 --> 00:07:59.300
of mine, Simone Curtsy, has produced a tool called

00:07:59.300 --> 00:08:03.220
QRisk Tree Editor. If you're really confused

00:08:03.220 --> 00:08:08.920
about how to bridge the gap between threats and

00:08:08.920 --> 00:08:12.000
organizational risk, This is a really cool tool.

00:08:12.240 --> 00:08:14.319
I'm kind of sad that Mark isn't here because

00:08:14.319 --> 00:08:17.480
he would be really ecstatic about this. Okay,

00:08:17.500 --> 00:08:20.319
second to last item, I promise. I was interviewed

00:08:20.319 --> 00:08:24.699
by the fine folks at .NET Rocks. The title of

00:08:24.699 --> 00:08:28.720
the episode, which by the way is episode 1963,

00:08:28.899 --> 00:08:33.360
which is insane. It was entitled 30 Years of

00:08:33.360 --> 00:08:36.259
Application Security. And basically we just have

00:08:36.259 --> 00:08:39.299
a good old chat about the history of... Application

00:08:39.299 --> 00:08:41.960
security, how far we've come, things that are

00:08:41.960 --> 00:08:44.679
still of concern, so on and so forth. Very laid

00:08:44.679 --> 00:08:48.139
back conversation. And the last one, and I just

00:08:48.139 --> 00:08:50.799
threw this in just out of interest. It sort of

00:08:50.799 --> 00:08:54.960
passed my desk this morning. The first known

00:08:54.960 --> 00:08:58.200
AI powered ransomware has been detected in the

00:08:58.200 --> 00:09:01.639
wild. And if you want my opinion, this is just

00:09:01.639 --> 00:09:04.580
the start. So I'll provide a link to that. I

00:09:04.580 --> 00:09:08.059
haven't dug into it in any great detail, so take

00:09:08.059 --> 00:09:10.460
it with a pinch of salt, but I don't doubt these

00:09:10.460 --> 00:09:13.500
guys are telling the truth. All right, so now

00:09:13.500 --> 00:09:14.580
that we've got the news out of the way, I think

00:09:14.580 --> 00:09:16.700
it's actually the longest news section we ever

00:09:16.700 --> 00:09:19.080
had. Anyway, so as I mentioned at the top of

00:09:19.080 --> 00:09:22.299
the hour, our guest this week is Russ Rogers,

00:09:22.519 --> 00:09:25.399
who is here from the Xbox team to talk about

00:09:25.399 --> 00:09:28.220
gaming security. So Russ, thank you so much for

00:09:28.220 --> 00:09:30.379
joining us this week. Would you like to take

00:09:30.379 --> 00:09:32.799
a moment and introduce yourself to our listeners?

00:09:33.279 --> 00:09:36.639
Hey, thanks for having me. I appreciate it. It's

00:09:36.639 --> 00:09:42.200
an honor. I am an old school hacker. I've done

00:09:42.200 --> 00:09:45.620
penetration testing, red team, exploit dev, that

00:09:45.620 --> 00:09:49.740
kind of stuff for many, many years, over 25 years

00:09:49.740 --> 00:09:52.940
at this point. I was chief of operations for

00:09:52.940 --> 00:09:56.330
DEF CON when I retired after 20 years. That was

00:09:56.330 --> 00:10:00.490
a while ago. Now I went to work at Xbox. I actually

00:10:00.490 --> 00:10:02.389
went back and got a second bachelor's degree

00:10:02.389 --> 00:10:05.929
in game programming because I wanted to solve

00:10:05.929 --> 00:10:09.649
some big data problems with security tools like

00:10:09.649 --> 00:10:12.009
EDR, that kind of stuff, making the data more

00:10:12.009 --> 00:10:15.850
intuitive. And it ended up landing me a job over

00:10:15.850 --> 00:10:20.230
on Xbox. So I'm coming up on, oof, I don't know,

00:10:20.289 --> 00:10:24.070
four or five years over here now. And that's

00:10:24.070 --> 00:10:26.269
basically what I do. It's kind of a dream job

00:10:26.269 --> 00:10:29.870
for me. I always wanted to work in the gaming

00:10:29.870 --> 00:10:32.470
industry. I never assumed as a kid that it would

00:10:32.470 --> 00:10:36.409
be working in security. But yeah, so that's where

00:10:36.409 --> 00:10:40.289
I'm at now. I work in gaming security as the

00:10:40.289 --> 00:10:43.389
new org. Love what I do. It's a good time. It

00:10:43.389 --> 00:10:46.350
really is. So before we get stuck into this,

00:10:46.429 --> 00:10:49.090
I want to sort of bridge the gap between Azure

00:10:49.090 --> 00:10:51.950
and gaming. Again, it's a topic that we've never

00:10:51.950 --> 00:10:54.509
discussed on this podcast at all. But at the

00:10:54.509 --> 00:10:57.690
end of the day, many games, especially multiplayer

00:10:57.690 --> 00:11:01.950
games, are hosted on cloud infrastructure, including

00:11:01.950 --> 00:11:04.210
Azure. There's many games that you know and love.

00:11:04.809 --> 00:11:07.610
that are also hosted on Azure. But it extends

00:11:07.610 --> 00:11:10.309
beyond that, right? Because a lot of assets in

00:11:10.309 --> 00:11:12.350
games, even single -player games, are stored

00:11:12.350 --> 00:11:15.389
in quotes in the cloud, so that way you can hop

00:11:15.389 --> 00:11:18.190
from device to device or whatever. But the key

00:11:18.190 --> 00:11:20.230
point is that the cloud plays a really important

00:11:20.230 --> 00:11:24.090
role in gaming, and cloud security obviously

00:11:24.090 --> 00:11:26.789
plays a key role there as well. So I thought

00:11:26.789 --> 00:11:29.029
I'd just give some, like, why are you guys actually

00:11:29.029 --> 00:11:31.690
covering gaming security? Well, that's the exact

00:11:31.690 --> 00:11:34.360
reason why. So before we get stuck into the questions

00:11:34.360 --> 00:11:36.600
and the sort of commentary, so just so everyone

00:11:36.600 --> 00:11:38.679
knows, the three of us spoke a few days ago about

00:11:38.679 --> 00:11:41.000
some topics we want to talk about, and we came

00:11:41.000 --> 00:11:42.700
up with a list. So we're going to go through

00:11:42.700 --> 00:11:45.220
that list, and it'll be hopefully very conversational.

00:11:45.600 --> 00:11:48.059
So the first thing I really want to point out,

00:11:48.080 --> 00:11:49.519
which I sort of already touched on, is we've

00:11:49.519 --> 00:11:52.120
never done gaming before. My background back

00:11:52.120 --> 00:11:54.840
in the day, I actually worked on the Xbox 360

00:11:54.840 --> 00:11:58.779
security on many of the defenses. that go into

00:11:58.779 --> 00:12:00.259
that product, both at the hardware level and

00:12:00.259 --> 00:12:03.059
at the software level. Fun fact, the first version

00:12:03.059 --> 00:12:05.759
of Windows to actually have a hypervisor was

00:12:05.759 --> 00:12:09.080
actually a variant of Windows running on the

00:12:09.080 --> 00:12:11.700
Xbox 360. Not a lot of people know that, but

00:12:11.700 --> 00:12:14.460
there you go. All right, so let's get into a

00:12:14.460 --> 00:12:17.580
series of comments that we talked about a couple

00:12:17.580 --> 00:12:20.700
of days ago. Okay, so Russ, there are so many

00:12:20.700 --> 00:12:23.700
things I could ask you about gaming in general,

00:12:23.879 --> 00:12:29.039
but we'll stick with security. What are the main

00:12:29.039 --> 00:12:33.299
things that you have to work on and secure? The

00:12:33.299 --> 00:12:37.059
software, the services, the client machines that

00:12:37.059 --> 00:12:41.080
obviously are running things. Tell me more. That's

00:12:41.080 --> 00:12:45.159
a great question. The landscape here is growing.

00:12:45.659 --> 00:12:49.960
Xbox is evolving. The whole concept of gaming

00:12:49.960 --> 00:12:53.139
for everyone and Phil Spencer's mission of...

00:12:53.470 --> 00:12:56.070
providing gaming on any platform where there

00:12:56.070 --> 00:12:58.909
are players that want to play our games. It's

00:12:58.909 --> 00:13:01.509
really kind of expanded the attack surface. And

00:13:01.509 --> 00:13:03.629
one of the things I thought Michael said that

00:13:03.629 --> 00:13:05.610
was really interesting was the discussion on

00:13:05.610 --> 00:13:09.330
cloud. And cloud is critical. to what we do in

00:13:09.330 --> 00:13:12.610
the gaming industry, particularly within Xbox.

00:13:13.049 --> 00:13:15.929
You know, even in situations where game services

00:13:15.929 --> 00:13:20.330
or games themselves are using assets or services

00:13:20.330 --> 00:13:23.389
in those clouds, there's intercommunication between

00:13:23.389 --> 00:13:26.350
the various clouds, right? So while we have a

00:13:26.350 --> 00:13:29.909
large footprint in Azure, as Michael kind of

00:13:29.909 --> 00:13:33.269
stated already, there's stuff in other clouds

00:13:33.269 --> 00:13:37.850
as well. And so we have to Look at security across

00:13:37.850 --> 00:13:40.529
all the different cloud platforms as well as,

00:13:40.549 --> 00:13:44.350
you know, on our clients. The software that gets

00:13:44.350 --> 00:13:48.110
loaded by players, whether that be a handheld,

00:13:48.350 --> 00:13:51.090
whether that's on a PC gaming computer like I

00:13:51.090 --> 00:13:54.929
use, a Steam Deck, a console, right? One of the

00:13:54.929 --> 00:13:59.049
Xbox Series S or Series X or, you know, one of

00:13:59.049 --> 00:14:02.269
the older platforms. All of those things have

00:14:02.269 --> 00:14:05.610
to be taken into consideration. And as Michael

00:14:05.610 --> 00:14:07.830
also mentioned, we do have a lot of multiplayer

00:14:07.830 --> 00:14:11.370
stuff. And those multiplayer games are connected

00:14:11.370 --> 00:14:13.970
via services that run out on the internet, probably

00:14:13.970 --> 00:14:18.090
in the cloud, right? And so there's a whole lot

00:14:18.090 --> 00:14:21.129
that happens there. And what it really boils

00:14:21.129 --> 00:14:24.110
down to is securing the software, right? The

00:14:24.110 --> 00:14:27.009
secure software development lifecycle, making

00:14:27.009 --> 00:14:30.590
sure we're running CodeQL, like Michael was talking

00:14:30.590 --> 00:14:34.370
about in the news, right? We eat our own dog

00:14:34.370 --> 00:14:37.429
food along those lines. We run these tools. We

00:14:37.429 --> 00:14:41.750
improve these tools. And a lot of the stuff that

00:14:41.750 --> 00:14:44.110
we do internally ends up being public because

00:14:44.110 --> 00:14:47.029
those tools become very useful. It's funny you

00:14:47.029 --> 00:14:48.470
should bring up the software security thing.

00:14:48.549 --> 00:14:50.029
At the end of the day, a game is just software.

00:14:50.830 --> 00:14:52.669
And that means the software will have vulnerabilities.

00:14:53.009 --> 00:14:54.769
I mean, it's just a fact of life, unfortunately,

00:14:54.929 --> 00:14:56.950
but it is what it is. I remember back in the

00:14:56.950 --> 00:15:00.230
day, there was a vulnerability in a game. I can't

00:15:00.230 --> 00:15:02.250
remember the game exactly, but there was a...

00:15:02.669 --> 00:15:05.049
a memory corruption vulnerability loading a saved

00:15:05.049 --> 00:15:07.690
file. That obviously isn't one of the older platforms.

00:15:09.230 --> 00:15:11.029
But yeah, once there was a memory corruption

00:15:11.029 --> 00:15:16.230
inside the game, then the bad guy could create

00:15:16.230 --> 00:15:19.009
a malformed save file. You would load that save

00:15:19.009 --> 00:15:22.009
file into memory and yeah, your malicious code

00:15:22.009 --> 00:15:23.610
would potentially run inside the environment.

00:15:23.730 --> 00:15:25.429
It may be isolated because it's running inside

00:15:25.429 --> 00:15:29.980
a hypervisor controlled environment. It doesn't

00:15:29.980 --> 00:15:32.759
matter, right? It's still a potential for serious

00:15:32.759 --> 00:15:34.539
damage. So yeah, at the end of the day, it's

00:15:34.539 --> 00:15:37.000
just software. That's all it really is. Which

00:15:37.000 --> 00:15:38.360
then leads to another interesting thing that

00:15:38.360 --> 00:15:41.419
always worries me from just looking at Microsoft

00:15:41.419 --> 00:15:43.279
software from a general, industry software in

00:15:43.279 --> 00:15:46.580
general, but Microsoft specifically, is supply

00:15:46.580 --> 00:15:49.360
chain issues, dependencies and so on. One thing

00:15:49.360 --> 00:15:51.460
that we track all the time is dependencies, right?

00:15:51.600 --> 00:15:54.419
In fact, there's a Dependabot ability on GitHub,

00:15:54.580 --> 00:15:56.720
right? So if one of your dependencies... as a

00:15:56.720 --> 00:15:58.720
vulnerability, you will automatically get a message

00:15:58.720 --> 00:16:00.620
saying, hey, you've got a problem, and it will

00:16:00.620 --> 00:16:02.379
even provide a fix for you, like to bump up to

00:16:02.379 --> 00:16:04.759
the next version. So do you guys have to worry

00:16:04.759 --> 00:16:06.460
about dependencies as well? I mean, is that part

00:16:06.460 --> 00:16:08.419
of the reason why perhaps sometimes an update

00:16:08.419 --> 00:16:11.980
to a game is available? Absolutely. There are

00:16:11.980 --> 00:16:15.000
public libraries that we use, functions that

00:16:15.000 --> 00:16:17.940
we need to use either in services or client -side.

00:16:18.809 --> 00:16:21.250
We track that stuff. There are entire programs

00:16:21.250 --> 00:16:24.149
inside of Microsoft that we use within Xbox as

00:16:24.149 --> 00:16:27.309
well, within gaming overall, where we track those

00:16:27.309 --> 00:16:30.929
dependencies, where we track the version numbers,

00:16:31.049 --> 00:16:34.149
we track when vulnerabilities or new CVEs come

00:16:34.149 --> 00:16:37.610
out for those libraries that we utilize. We're

00:16:37.610 --> 00:16:41.289
very, very careful with that. And you'll find

00:16:41.289 --> 00:16:44.669
that these vulnerabilities get picked up by our

00:16:44.669 --> 00:16:47.740
teams very, very quickly. And the reaction time

00:16:47.740 --> 00:16:53.019
is usually a matter of hours. And those are things

00:16:53.019 --> 00:16:55.679
that we worry about. But, you know, I think it's

00:16:55.679 --> 00:16:57.860
important to state that that's a very common

00:16:57.860 --> 00:17:01.360
vision for us across gaming. I know that all

00:17:01.360 --> 00:17:04.660
of the teams at all the studios. And it's also

00:17:04.660 --> 00:17:07.180
important here to point out that the development

00:17:07.180 --> 00:17:10.079
that occurs within gaming is not strictly for

00:17:10.079 --> 00:17:14.299
the clients and the services specific to a game

00:17:14.299 --> 00:17:19.140
title. tools that we build for ourselves to make

00:17:19.140 --> 00:17:23.180
our processes work better our operational support

00:17:23.180 --> 00:17:26.000
as you were and so we look at the dependencies

00:17:26.000 --> 00:17:29.039
and the software development stuff and the supply

00:17:29.039 --> 00:17:32.279
chain where we're picking up libraries from entities

00:17:32.279 --> 00:17:35.240
that are not internal to microsoft we watch those

00:17:35.240 --> 00:17:38.079
very very carefully to ensure that anything we're

00:17:38.079 --> 00:17:41.339
building is locked down, right? I mean, that's

00:17:41.339 --> 00:17:44.680
a core process. And you see that coming out from

00:17:44.680 --> 00:17:47.940
NIST and CISA and some of these other United

00:17:47.940 --> 00:17:51.920
States -based regulation and standard organizations

00:17:51.920 --> 00:17:55.740
where they're creating these software bill and

00:17:55.740 --> 00:17:58.680
material requirements, right? This SBOM is what

00:17:58.680 --> 00:18:20.750
we call them. And that's basically... So one

00:18:20.750 --> 00:18:24.509
of the things I wanted to ask about is leaderboards.

00:18:26.269 --> 00:18:29.509
I've heard that it is something that sometimes

00:18:29.509 --> 00:18:32.029
people do. I mean, we used to do it offline back

00:18:32.029 --> 00:18:35.509
in the day, right? How about tampering with leaderboards?

00:18:35.970 --> 00:18:39.130
Is that actually something that, because that's

00:18:39.130 --> 00:18:42.069
a risk that we wouldn't think of in the rest

00:18:42.069 --> 00:18:46.029
of enterprise security? I think it's a really

00:18:46.029 --> 00:18:48.609
good example because it's one of those things

00:18:48.609 --> 00:18:51.210
where we get kind of locked into that corporate

00:18:51.210 --> 00:18:54.779
mindset of what security means. I think it would

00:18:54.779 --> 00:18:57.720
be really easy if you weren't a gamer to lose

00:18:57.720 --> 00:19:00.559
sight of the frustration and the emotional attachment

00:19:00.559 --> 00:19:03.700
that players have to their progress and to their

00:19:03.700 --> 00:19:06.700
characters and to their gaming experience. And

00:19:06.700 --> 00:19:09.859
leaderboards are critical to that. I mean, they're

00:19:09.859 --> 00:19:12.839
just a huge part of it. And so I think it was

00:19:12.839 --> 00:19:15.380
probably a few years ago was the last time I

00:19:15.380 --> 00:19:18.720
saw an active leaderboard issue. And it was huge.

00:19:19.690 --> 00:19:22.150
The players were understandably upset, right?

00:19:22.250 --> 00:19:24.289
This isn't a situation where you get on and you

00:19:24.289 --> 00:19:27.970
play for 30 minutes, 45 minutes, or a cell phone

00:19:27.970 --> 00:19:30.710
game where you're standing in line at the bank

00:19:30.710 --> 00:19:33.309
or a restaurant for some pickup and you play

00:19:33.309 --> 00:19:36.650
a game for 12, 15 minutes. These are people that

00:19:36.650 --> 00:19:40.779
play and they devote their time to... be it a

00:19:40.779 --> 00:19:44.700
racing game or a fighting game or whatever it

00:19:44.700 --> 00:19:47.759
is, right? They get on these leaderboards. And

00:19:47.759 --> 00:19:50.480
so when people are able to manipulate the backend

00:19:50.480 --> 00:19:55.099
services or the protocols, or maybe they manipulate

00:19:55.099 --> 00:19:58.880
the client side and the data that gets sent up

00:19:58.880 --> 00:20:02.269
to the leaderboards. And they get these impossible

00:20:02.269 --> 00:20:04.529
records that are on the leaderboard that can

00:20:04.529 --> 00:20:07.569
never, ever be beat by a human player. That's

00:20:07.569 --> 00:20:10.009
big, right? That's disheartening. It's frustrating.

00:20:11.410 --> 00:20:14.970
It's not just that you spent $40, $50, $60 on

00:20:14.970 --> 00:20:17.210
this game. It's that you've spent all these hours,

00:20:17.230 --> 00:20:19.470
weeks, months of your life playing these games.

00:20:19.569 --> 00:20:21.569
Like you said, Sarah, these games have been around.

00:20:21.670 --> 00:20:24.650
Some of these have been around for 10, 15 years.

00:20:24.849 --> 00:20:28.230
And these leaderboards are hugely important to

00:20:28.230 --> 00:20:32.130
the players. It is something we track. It is

00:20:32.130 --> 00:20:35.890
something that when it pops up or we hear news

00:20:35.890 --> 00:20:40.450
of a potential leaderboard issue, we start investigating

00:20:40.450 --> 00:20:42.970
immediately. It's very, very important to us

00:20:42.970 --> 00:20:44.670
to make sure that the players are having a good

00:20:44.670 --> 00:20:47.170
time and that the environment is fair for everybody.

00:20:48.289 --> 00:20:51.829
Okay, switching gears a little bit. So one thing

00:20:51.829 --> 00:20:54.670
that always worries me from a security standpoint...

00:20:55.019 --> 00:20:57.180
is essentially backward compatibility because

00:20:57.180 --> 00:20:59.039
sometimes there may be decisions that are made

00:20:59.039 --> 00:21:03.019
20 years ago, 15 years ago, that may have been

00:21:03.019 --> 00:21:06.079
fine back then, but it may not be the greatest

00:21:06.079 --> 00:21:09.279
thing today. Do you guys have issues like that

00:21:09.279 --> 00:21:12.440
with legacy games running on the platform, especially

00:21:12.440 --> 00:21:15.140
those that are multiplayer? Yeah, we've had to

00:21:15.140 --> 00:21:18.539
change a lot of our focus on legacy games. It's

00:21:18.539 --> 00:21:22.359
a big strategy for Phil Spencer and the rest

00:21:22.359 --> 00:21:25.369
of Xbox gaming or Microsoft gaming. to ensure

00:21:25.369 --> 00:21:27.670
that we keep the legacy games that are still

00:21:27.670 --> 00:21:30.950
very popular with players around as long as we

00:21:30.950 --> 00:21:33.630
possibly can. And some of these games were built

00:21:33.630 --> 00:21:37.509
15, 20 years ago, completely different operating

00:21:37.509 --> 00:21:42.789
systems, completely different hardware architectures,

00:21:42.789 --> 00:21:47.349
languages, libraries, right? The list is endless.

00:21:47.569 --> 00:21:51.900
And so it's a constant challenge for... the studios

00:21:51.900 --> 00:21:56.420
to keep these games accessible in a in a manner

00:21:56.420 --> 00:22:01.700
that's secure right and you talk about using

00:22:01.700 --> 00:22:04.220
containers and stuff like that and using the

00:22:04.220 --> 00:22:06.940
cloud all those things come into play as well

00:22:06.940 --> 00:22:10.000
as making sure that we're really tracking those

00:22:10.000 --> 00:22:12.299
those libraries we bring in that supply chain

00:22:12.299 --> 00:22:15.900
that we already touched on you've got to figure

00:22:15.900 --> 00:22:17.900
out how to keep those games accessible right

00:22:17.900 --> 00:22:20.079
how do we keep those in game pass how do we keep

00:22:20.480 --> 00:22:22.619
players playing those and keep the leaderboard

00:22:22.619 --> 00:22:25.519
safe and keep the game functioning the way it

00:22:25.519 --> 00:22:29.500
was intended um but make sure it's secure right

00:22:29.500 --> 00:22:32.359
and that's those are very very real considerations

00:22:32.359 --> 00:22:36.519
i deal with that on a weekly basis with with

00:22:36.519 --> 00:22:41.019
what i do at work it's just It's huge, right?

00:22:41.319 --> 00:22:45.039
It's very important to Microsoft gaming to keep

00:22:45.039 --> 00:22:47.660
those titles available and accessible to players.

00:22:47.799 --> 00:22:50.240
But we have to do it intelligently. We have to

00:22:50.240 --> 00:22:54.900
do it securely. And we bounce our heads off of

00:22:54.900 --> 00:22:57.720
brick walls, like I said, on almost a weekly

00:22:57.720 --> 00:23:01.759
basis to try and create solutions that keep these

00:23:01.759 --> 00:23:04.220
games accessible. And the teams do a fantastic

00:23:04.220 --> 00:23:07.980
job at it, right? They're getting used to fighting

00:23:07.980 --> 00:23:11.240
these kind of wars to keep those games out there.

00:23:12.140 --> 00:23:15.859
That's a really good point out. That's a huge

00:23:15.859 --> 00:23:20.480
issue. My guess is if I take my security hat,

00:23:20.779 --> 00:23:22.640
if there's stuff that's really old that we don't

00:23:22.640 --> 00:23:26.099
trust or stuff that could be potentially dangerous

00:23:26.099 --> 00:23:29.460
or have insecure coding techniques because it

00:23:29.460 --> 00:23:32.140
was written 15, 20 years ago, whatever, we would

00:23:32.140 --> 00:23:34.200
normally run something like that in a highly...

00:23:36.400 --> 00:23:38.720
virtualized or protected environment, some form

00:23:38.720 --> 00:23:40.720
of isolation environment. Essentially, if you

00:23:40.720 --> 00:23:42.839
look at Zero Trust, it's the whole, hey, let's

00:23:42.839 --> 00:23:45.500
just assume this game is going to blow up, so

00:23:45.500 --> 00:23:47.799
let's keep it isolated so at least if it blows

00:23:47.799 --> 00:23:49.980
up, it blows up in its own sandbox and doesn't

00:23:49.980 --> 00:23:52.359
start wrecking everything else around it. Is

00:23:52.359 --> 00:23:55.859
that something that the gaming industry does

00:23:55.859 --> 00:23:59.539
as well? We just tend to assume the worst, so

00:23:59.539 --> 00:24:02.759
isolate the game? I think at this point it's

00:24:02.759 --> 00:24:05.490
dangerous. You know, you've been doing security

00:24:05.490 --> 00:24:07.869
a long time too, right? I think it's dangerous

00:24:07.869 --> 00:24:10.289
to approach these kinds of problem sets without

00:24:10.289 --> 00:24:13.210
assuming something's going to blow up. And so

00:24:13.210 --> 00:24:16.069
while we want to keep games accessible and we

00:24:16.069 --> 00:24:18.430
want as many players as we can, I think you have

00:24:18.430 --> 00:24:21.289
to contain those and you have to limit the collateral

00:24:21.289 --> 00:24:25.369
damage that could occur if something does get

00:24:25.369 --> 00:24:28.809
popped. If a vulnerability is discovered that

00:24:28.809 --> 00:24:32.960
you've known nothing about and it... destroys

00:24:32.960 --> 00:24:37.359
that version of the game we have to have a situation

00:24:37.359 --> 00:24:40.240
where we can roll back to a known good patch

00:24:40.240 --> 00:24:43.160
the system get the game back up and it doesn't

00:24:43.160 --> 00:24:45.299
hurt the players it doesn't impact their privacy

00:24:45.299 --> 00:24:49.200
worst case scenario maybe they have you know

00:24:49.200 --> 00:24:52.000
a few hours of downtime something like that but

00:24:52.000 --> 00:24:56.599
yeah i you have to isolate it right that's that's

00:24:56.599 --> 00:24:59.039
really the only way to do it you've got to limit

00:24:59.039 --> 00:25:03.240
the trust boundaries These are considerations,

00:25:04.000 --> 00:25:06.599
right? And when it gets really challenging, it

00:25:06.599 --> 00:25:09.740
leads to conversations about, well, is this one

00:25:09.740 --> 00:25:12.099
of those rare situations where we should consider

00:25:12.099 --> 00:25:15.740
sunsetting a title? And we try very hard not

00:25:15.740 --> 00:25:19.039
to do that, right? That's not our goal. Our goal

00:25:19.039 --> 00:25:20.900
is to keep as many games out there as we can.

00:25:21.140 --> 00:25:25.680
And so our perspectives... kind of change about

00:25:25.680 --> 00:25:29.140
how we address this security problem. And isolation

00:25:29.140 --> 00:25:32.720
is a big part of that, right? Keep them inside

00:25:32.720 --> 00:25:36.500
a steel box. So if anything happens, you know,

00:25:36.640 --> 00:25:39.920
it's contained. Yeah, really good analogy. And

00:25:39.920 --> 00:25:42.079
then I'll hand over to Sarah. Really good analogy

00:25:42.079 --> 00:25:45.980
is an office, right? So if you open up a document

00:25:45.980 --> 00:25:48.099
that came from the internet, we run that in a

00:25:48.099 --> 00:25:49.799
thing called protected mode, which is an isolated

00:25:49.799 --> 00:25:53.130
boundary. It wasn't referred to as a low integrity

00:25:53.130 --> 00:25:56.869
boundary. Because we assume that the document's

00:25:56.869 --> 00:26:00.930
vulnerable. We assume that there's a bug in Word

00:26:00.930 --> 00:26:03.970
and we assume that the document is going to cause

00:26:03.970 --> 00:26:06.430
that vulnerability to, it may not be a vulnerability

00:26:06.430 --> 00:26:08.670
we don't even know about. But again, you're just

00:26:08.670 --> 00:26:10.430
assuming that bad things are going to happen.

00:26:10.490 --> 00:26:12.730
So run the thing inside of a, as you put it,

00:26:12.769 --> 00:26:15.950
like an iron box. Well, I think iron box is possibly

00:26:15.950 --> 00:26:19.920
stretching things a little bit. Yeah, and a strong

00:26:19.920 --> 00:26:22.720
boundary. So if it blows up, the damage is contained.

00:26:23.019 --> 00:26:26.359
Yeah, 100%. So kind of building on, well, I'm

00:26:26.359 --> 00:26:28.480
going back to my leaderboards and stuff. Russ,

00:26:28.599 --> 00:26:30.900
another thing that, of course, we don't think

00:26:30.900 --> 00:26:35.400
about in enterprise security, cheating. So I

00:26:35.400 --> 00:26:38.900
know that when I was a kid, when I was playing

00:26:38.900 --> 00:26:42.039
games, I used to know, and I'm aging myself,

00:26:42.140 --> 00:26:44.400
of course, like I knew all my cheat codes and

00:26:44.400 --> 00:26:46.819
there were other devices you could use to cheat.

00:26:47.759 --> 00:26:50.740
How does that factor into the work you do in

00:26:50.740 --> 00:26:54.299
Xbox land? Yeah, I would point out that a lot

00:26:54.299 --> 00:26:56.500
of those cheat codes that you were using on the

00:26:56.500 --> 00:26:58.480
controllers and stuff were actually backdoors

00:26:58.480 --> 00:27:03.480
put in by devs. And so I would argue that, yeah,

00:27:03.500 --> 00:27:05.940
okay, that's kind of cheating, but they put those

00:27:05.940 --> 00:27:08.799
God codes in there for us to find and use. So

00:27:08.799 --> 00:27:11.319
it was kind of a more benign situation back then.

00:27:12.559 --> 00:27:16.420
You know, cheating in games, it's... It's more

00:27:16.420 --> 00:27:18.660
or less on two different levels, right? There's

00:27:18.660 --> 00:27:21.359
a service -level cheating, which for me is very

00:27:21.359 --> 00:27:23.980
serious, right? And then there's the client -level

00:27:23.980 --> 00:27:28.940
cheating, where you download a local game to

00:27:28.940 --> 00:27:32.319
your game PC or to your handheld, and it's just

00:27:32.319 --> 00:27:35.059
a single player, right? And I won't name any

00:27:35.059 --> 00:27:38.940
game titles. But the idea being you're just sitting

00:27:38.940 --> 00:27:41.180
there. You're enjoying your game by yourself.

00:27:41.359 --> 00:27:44.779
It's not a multiplayer instance. If you're cheating

00:27:44.779 --> 00:27:48.140
kind of in those situations, I feel like you're

00:27:48.140 --> 00:27:52.259
basically cheating yourself, right? You're losing

00:27:52.259 --> 00:27:55.119
the experience of the game as it was created

00:27:55.119 --> 00:27:57.619
by the developers. Now, that doesn't mean it's

00:27:57.619 --> 00:28:00.599
necessarily bad, right? Maybe you really enjoy

00:28:00.599 --> 00:28:03.779
doing that. I think we see a whole lot fewer

00:28:03.779 --> 00:28:06.359
of those back doors that developers put into

00:28:06.359 --> 00:28:08.859
the games. You know, the up, up, left, right,

00:28:08.900 --> 00:28:13.039
left, right, A, B, A, B, whatever, right? And

00:28:13.039 --> 00:28:16.099
I think nowadays, if people are cheating at games,

00:28:16.519 --> 00:28:20.339
there's a high probability somebody's got, you

00:28:20.339 --> 00:28:24.900
know... IDA Pro or Oli Debug or something like

00:28:24.900 --> 00:28:27.240
that. And they're trying to find the breakpoints

00:28:27.240 --> 00:28:29.440
and the skip points in the running code and memory

00:28:29.440 --> 00:28:32.660
and stuff like that so that they can give themselves

00:28:32.660 --> 00:28:36.059
more resources, better armor, more grenades,

00:28:36.539 --> 00:28:38.859
increase their score, right? Anything that will

00:28:38.859 --> 00:28:41.779
give you a benefit either locally or at the service

00:28:41.779 --> 00:28:45.220
level, right? My concern is if you do this at

00:28:45.220 --> 00:28:48.369
the service level in multiplayer games. you've

00:28:48.369 --> 00:28:50.849
kind of stepped past that gray area because now

00:28:50.849 --> 00:28:52.970
you're impacting other players that are playing

00:28:52.970 --> 00:28:55.869
the game. And that's my concern, right? We've

00:28:55.869 --> 00:28:58.289
stepped outside that point where you're impacting

00:28:58.289 --> 00:29:00.710
just yourself, only yourself, and you're doing

00:29:00.710 --> 00:29:02.789
harm to other people that are trying to enjoy

00:29:02.789 --> 00:29:07.150
the game. And so it does happen. Some people

00:29:07.150 --> 00:29:10.970
cheat to try and gain value for themselves. There

00:29:10.970 --> 00:29:13.470
are trolls on the internet that try to cheat

00:29:13.470 --> 00:29:17.519
just to make other players miserable. That's

00:29:17.519 --> 00:29:20.920
a very sad situation, right? Because maybe they're

00:29:20.920 --> 00:29:23.299
not invested in the gaming community like I am.

00:29:23.380 --> 00:29:27.059
But I just, I feel like that's, you know, that's

00:29:27.059 --> 00:29:30.299
not the path I would follow. But cheating does

00:29:30.299 --> 00:29:34.079
happen. We get reports of it. Luckily, we also

00:29:34.079 --> 00:29:37.539
have a very active gaming community. And so we

00:29:37.539 --> 00:29:41.259
get bug reports on various game titles. And we

00:29:41.259 --> 00:29:44.559
take them seriously. We hear it. We try and replicate

00:29:44.559 --> 00:29:46.890
it. We try and figure out what the cause is.

00:29:46.990 --> 00:29:50.309
There are conversations back and forth between

00:29:50.309 --> 00:29:54.769
the finder and the developers. This is a big

00:29:54.769 --> 00:29:58.329
deal. We want the gaming experience to be enjoyable.

00:29:58.630 --> 00:30:01.769
If it's not enjoyable, why are you gaming? And

00:30:01.769 --> 00:30:04.589
so we try and limit how much third parties can

00:30:04.589 --> 00:30:06.549
impact the players that are playing our games.

00:30:07.170 --> 00:30:09.990
So back in the day, I remember I said that I'd

00:30:09.990 --> 00:30:11.769
done some work on the 360. So one of the stats

00:30:11.769 --> 00:30:16.119
I heard, was that if you have 3 % of the population

00:30:16.119 --> 00:30:19.420
of a game cheating, then people start leaving

00:30:19.420 --> 00:30:22.359
the game. I mean, obviously you need to actively

00:30:22.359 --> 00:30:24.559
pursue, you know, putting protections in place

00:30:24.559 --> 00:30:26.759
and also, you know, banning people if it's obvious

00:30:26.759 --> 00:30:31.339
that they're cheating. But yeah, 3%, just think

00:30:31.339 --> 00:30:33.220
about that. That's a tiny number. That means

00:30:33.220 --> 00:30:37.119
if you're in a 32 person lobby, one person is

00:30:37.119 --> 00:30:39.799
cheating and that's going to ruin your game experience.

00:30:40.660 --> 00:30:43.660
Fun little fact, I may or may not have done a

00:30:43.660 --> 00:30:45.359
bunch of cheating when I was a little kid. The

00:30:45.359 --> 00:30:49.240
reason why I allegedly did it is because I was

00:30:49.240 --> 00:30:53.599
really interested in breaking the game. The same

00:30:53.599 --> 00:30:56.920
applied to copy protection back in the day. 99

00:30:56.920 --> 00:30:58.660
times out of 100, I didn't even play the game.

00:30:58.859 --> 00:31:01.660
Just the intellectual challenge of breaking the

00:31:01.660 --> 00:31:03.559
game and being able to give myself infinite hit

00:31:03.559 --> 00:31:06.440
points or whatever it was. Again, four single

00:31:06.440 --> 00:31:09.799
player games. The risk was too high if I was

00:31:09.799 --> 00:31:13.039
doing it for multiplayer games. Yeah, for example,

00:31:13.099 --> 00:31:14.819
and again, I don't know the policies here, but

00:31:14.819 --> 00:31:19.500
my guess is that back in the day for single player

00:31:19.500 --> 00:31:23.440
Diablo 2, I don't think anyone really cared that

00:31:23.440 --> 00:31:25.180
much, right? You were just making your Necromancer

00:31:25.180 --> 00:31:27.880
or your Paladin better, but you weren't affecting

00:31:27.880 --> 00:31:30.859
anybody else's game. But in Diablo 4, if you're

00:31:30.859 --> 00:31:32.480
cheating and doing multiplayer, then that's a

00:31:32.480 --> 00:31:34.859
whole nother ball of wax, right? Because now

00:31:34.859 --> 00:31:36.299
you're making someone else's game miserable.

00:31:37.609 --> 00:31:40.950
All right. So what else? Oh, yeah. Next big one.

00:31:41.910 --> 00:31:44.130
Distributed denial of service or denial of service

00:31:44.130 --> 00:31:46.970
in general. I mean, that's got to be a huge problem

00:31:46.970 --> 00:31:50.849
for cloud -based gaming platforms. Yeah, that's

00:31:50.849 --> 00:31:53.869
big across most service orgs, right? And most

00:31:53.869 --> 00:31:58.470
gaming nowadays that's not mobile, we could say,

00:31:58.509 --> 00:32:02.390
is going to be service -based, right? So denial

00:32:02.390 --> 00:32:05.430
of service, that's the quickest way to ruin.

00:32:05.900 --> 00:32:09.240
fun for for everybody playing playing the game

00:32:09.240 --> 00:32:12.480
right and that that expands and that's not just

00:32:12.480 --> 00:32:14.660
a problem within microsoft gaming that expands

00:32:14.660 --> 00:32:17.740
to you know all the big game companies that have

00:32:17.740 --> 00:32:21.640
huge titles it's it's just you know it's it's

00:32:21.640 --> 00:32:25.599
a problem um but the i think the thing that's

00:32:25.599 --> 00:32:29.019
probably most useful to point out here is the

00:32:29.019 --> 00:32:33.819
fact that in most cases ddos isn't solved strictly

00:32:33.819 --> 00:32:37.519
by good software development practices right

00:32:37.519 --> 00:32:39.740
now. We're talking about architecture, infrastructure,

00:32:40.279 --> 00:32:43.759
the networking, the protocols, the alerting,

00:32:43.940 --> 00:32:47.039
load balancing, right? There's so much involved

00:32:47.039 --> 00:32:51.220
here to keep game services active and kind of

00:32:51.220 --> 00:32:54.440
respond to that. There are entire companies out

00:32:54.440 --> 00:32:56.140
there on the internet, I'm sure you could name

00:32:56.140 --> 00:32:59.660
a few, that their entire business model is providing

00:32:59.660 --> 00:33:04.470
some level of DDoS protection, whether it's Service

00:33:04.470 --> 00:33:07.829
DDoS, where we're hitting specific ports that

00:33:07.829 --> 00:33:12.509
we know, whether it's DNS, DDoS, right? We're

00:33:12.509 --> 00:33:18.069
creating issues with DNS providers. There's just,

00:33:18.130 --> 00:33:22.670
it's such a big business for people who like

00:33:22.670 --> 00:33:27.130
to do bad things to good games. So DDoS is out

00:33:27.130 --> 00:33:30.000
there. It is something we track. it is responded

00:33:30.000 --> 00:33:32.160
to a little bit different than some of the other

00:33:32.160 --> 00:33:33.859
things that we've already talked about, right?

00:33:33.960 --> 00:33:37.519
Because the approaches to secure those things

00:33:37.519 --> 00:33:40.039
and lock them down are a little bit different.

00:33:41.000 --> 00:33:45.660
So it's a little bit more complex of a problem

00:33:45.660 --> 00:33:48.880
to solve. But it's out there, and it is something

00:33:48.880 --> 00:33:51.319
that we track. We don't hear about that as much

00:33:51.319 --> 00:33:53.500
as some of the other problems we've seen, but

00:33:53.500 --> 00:33:56.380
we definitely do hear about it. Yeah, I think

00:33:56.380 --> 00:33:58.599
at the end of the day, like you say, for at least

00:33:58.599 --> 00:34:01.279
network level denial of service that some of

00:34:01.279 --> 00:34:03.119
you just leave to the platform. I mean, Azure

00:34:03.119 --> 00:34:05.819
has built into it Azure DDoS protection, which

00:34:05.819 --> 00:34:07.980
is great stuff. And what's interesting is that

00:34:07.980 --> 00:34:10.659
service, with that service, I can't remember

00:34:10.659 --> 00:34:13.719
the version of it, you get access to engineers

00:34:13.719 --> 00:34:16.300
who are experts in distributed denial of service

00:34:16.300 --> 00:34:19.559
attacks, which you're probably not. You're a

00:34:19.559 --> 00:34:21.699
game developer. You're probably not that knowledgeable

00:34:21.699 --> 00:34:24.679
about network level distributed denial of service

00:34:24.679 --> 00:34:27.110
vulnerabilities. But that being said, there are

00:34:27.110 --> 00:34:30.050
things that you can do in your code that are

00:34:30.050 --> 00:34:31.889
good programming practices that mitigate certain

00:34:31.889 --> 00:34:34.369
classes of vulnerabilities as well. But again,

00:34:34.449 --> 00:34:36.250
for networking, yeah, absolutely. Leave that

00:34:36.250 --> 00:34:39.489
to the experts. So Russ, I've got another question

00:34:39.489 --> 00:34:41.800
for you about things that... the rest of us might

00:34:41.800 --> 00:34:44.079
not have to worry about and the rest of security.

00:34:44.400 --> 00:34:48.219
But what about obviously a lot of minors, kids,

00:34:48.500 --> 00:34:53.639
people under 18, use gaming platforms. So what

00:34:53.639 --> 00:34:57.820
are the concerns there? Yeah, protecting minors

00:34:57.820 --> 00:35:00.900
is a huge goal, right? That's one of our top

00:35:00.900 --> 00:35:06.500
priorities. There are a lot of youth. right that

00:35:06.500 --> 00:35:10.059
play our games and so we need to protect their

00:35:10.059 --> 00:35:12.760
anonymity we need to protect their experience

00:35:12.760 --> 00:35:16.539
and there's there's a lot of risk here and i

00:35:16.539 --> 00:35:19.860
hate to say it i don't think that we have direct

00:35:19.860 --> 00:35:22.760
control over everything that happens there because

00:35:22.760 --> 00:35:25.980
interactions with unknown human beings somewhere

00:35:25.980 --> 00:35:29.690
else you don't know their their intent right

00:35:29.690 --> 00:35:32.389
you can't judge somebody to be ethical and moral

00:35:32.389 --> 00:35:35.250
um during these these game interactions and we

00:35:35.250 --> 00:35:38.030
have situations and they get reported to us and

00:35:38.030 --> 00:35:41.150
and what we do is we we try to find out where

00:35:41.150 --> 00:35:44.429
we can augment security to protect minors so

00:35:44.429 --> 00:35:48.349
if you consider like a game you know children

00:35:48.349 --> 00:35:51.010
play minecraft minecraft's one of the most popular

00:35:51.010 --> 00:35:54.269
games on the planet um but there are kids there

00:35:54.269 --> 00:35:56.949
but there are also adults that play at the same

00:35:56.949 --> 00:36:01.809
time And it's very easy for these kids to end

00:36:01.809 --> 00:36:04.469
up in conversations with people that want to

00:36:04.469 --> 00:36:06.650
try and take over computers, take over accounts,

00:36:06.869 --> 00:36:10.210
things like that. And like I said, we do what

00:36:10.210 --> 00:36:12.630
we can on our back end to limit the scope of

00:36:12.630 --> 00:36:15.809
any damage that might occur to minors. Parents

00:36:15.809 --> 00:36:19.889
are really responsible in a lot of cases. I've

00:36:19.889 --> 00:36:23.289
seen children that will meet people who pretend

00:36:23.289 --> 00:36:25.530
to be friends will get them logged into Discord

00:36:25.530 --> 00:36:30.039
servers. get them to download plugins for games

00:36:30.039 --> 00:36:34.219
that kind of bypass the, you know, the little

00:36:34.219 --> 00:36:36.519
Windows warning that pops up or the Azure warning

00:36:36.519 --> 00:36:39.199
that says, hey, this plugin's trying to access

00:36:39.199 --> 00:36:41.059
your account information. Are you sure you want

00:36:41.059 --> 00:36:43.360
to do that? Well, I'll tell you, an eight -year

00:36:43.360 --> 00:36:45.360
-old child doesn't know how to answer that question.

00:36:45.900 --> 00:36:48.639
And sadly, I'm not sure a lot of parents do either.

00:36:48.880 --> 00:36:51.719
And so from a Microsoft gaming perspective, we've

00:36:51.719 --> 00:36:54.079
taken it on ourselves to try and make those messages

00:36:54.079 --> 00:36:57.739
clear. where they're required, or just to lock

00:36:57.739 --> 00:37:01.000
down the interactions entirely where they're

00:37:01.000 --> 00:37:05.000
not needed. So protecting kids is huge. You know,

00:37:05.019 --> 00:37:07.119
you want the kids to have a good time. That's

00:37:07.119 --> 00:37:09.300
what this is all about. It's supposed to be a

00:37:09.300 --> 00:37:12.639
safe environment to go explore and to adventure

00:37:12.639 --> 00:37:15.820
and to play with friends that they know and they

00:37:15.820 --> 00:37:18.550
trust. Every once in a while you get one of these

00:37:18.550 --> 00:37:20.929
people that slip through and really put the miners

00:37:20.929 --> 00:37:26.690
at risk. And there's, I can't tell you, the response

00:37:26.690 --> 00:37:29.329
to that is huge because I think most of the people

00:37:29.329 --> 00:37:32.210
that work in Microsoft gaming have children of

00:37:32.210 --> 00:37:35.010
their own or grandkids, right? Like I now have

00:37:35.010 --> 00:37:38.130
grandkids and I have concerns. And so there's

00:37:38.130 --> 00:37:40.510
a huge response when those kinds of things pop

00:37:40.510 --> 00:37:44.829
up. And so I think we probably see our most,

00:37:46.590 --> 00:37:49.929
largest forward momentum when kids are at risk

00:37:49.929 --> 00:37:52.869
right we we see those things we have very difficult

00:37:52.869 --> 00:37:56.869
conversations people get very creative and we

00:37:56.869 --> 00:37:59.010
come up with some great solutions to protect

00:37:59.010 --> 00:38:01.889
the kids that are playing the games it's interesting

00:38:01.889 --> 00:38:03.650
you should bring that up russ i mean what makes

00:38:03.650 --> 00:38:06.849
this interesting this area interesting you know

00:38:06.849 --> 00:38:10.269
policies and legal legal issues aside is that

00:38:10.269 --> 00:38:12.349
there's such a huge social engineering aspect

00:38:12.349 --> 00:38:16.269
to it with a vulnerable class of people So it

00:38:16.269 --> 00:38:20.110
leads to very difficult problems, and I do not

00:38:20.110 --> 00:38:22.329
envy the people that have to work on that on

00:38:22.329 --> 00:38:24.250
the Microsoft gaming platforms, or any platform

00:38:24.250 --> 00:38:27.210
for that matter. Yeah, no, it's challenging,

00:38:27.469 --> 00:38:33.170
but we love the work we're doing. You get into

00:38:33.170 --> 00:38:36.750
gaming because you love gaming. Most of the people

00:38:36.750 --> 00:38:39.050
I know that are in Microsoft gaming didn't just

00:38:39.050 --> 00:38:42.030
land here by accident. Most of them had a very

00:38:42.030 --> 00:38:44.570
dedicated path to get here. So it means something

00:38:44.570 --> 00:38:48.690
to them. And so, you know, I remember being a

00:38:48.690 --> 00:38:51.449
kid. I remember playing Nintendo. I had an Atari

00:38:51.449 --> 00:38:55.369
2600. And, you know, for me, I think of my kids

00:38:55.369 --> 00:38:57.110
and my grandkids playing those games. It's the

00:38:57.110 --> 00:38:59.110
same experience. And I want to protect that for

00:38:59.110 --> 00:39:03.329
them. So, Russ, I think something that we always

00:39:03.329 --> 00:39:07.449
ask our guests is, Two questions, which is what

00:39:07.449 --> 00:39:11.050
is a typical day in your life look like? I know

00:39:11.050 --> 00:39:12.989
that most of the people we ask this question

00:39:12.989 --> 00:39:15.789
to don't really have a typical day, but we'll

00:39:15.789 --> 00:39:19.530
try you anyway. And then also, if you had a final

00:39:19.530 --> 00:39:22.210
thought to leave our listeners with, what would

00:39:22.210 --> 00:39:27.570
it be? So a typical day in the life of Russ Rogers

00:39:27.570 --> 00:39:31.449
at Microsoft Gaming is a lot of phone calls.

00:39:32.230 --> 00:39:35.929
A lot of conference calls, I would say, usually

00:39:35.929 --> 00:39:39.769
about security configurations, software development

00:39:39.769 --> 00:39:44.010
lifecycle. We have conversations about, like

00:39:44.010 --> 00:39:46.750
I said, incidents related to cheating or bugs

00:39:46.750 --> 00:39:51.210
or vulnerabilities, things like that. It's probably

00:39:51.210 --> 00:39:55.130
pretty close to what you would find at any other

00:39:55.130 --> 00:39:58.929
organization where they develop software that

00:39:58.929 --> 00:40:02.280
goes out to a wide population, right? And so

00:40:02.280 --> 00:40:06.480
I don't know that anything other than psychology

00:40:06.480 --> 00:40:09.059
makes it any more interesting to me. The fact

00:40:09.059 --> 00:40:11.900
that these are video games we're talking about,

00:40:12.119 --> 00:40:14.900
right, and that people are there to have a good

00:40:14.900 --> 00:40:17.860
time, and we want them to have a good time, and

00:40:17.860 --> 00:40:19.699
we want to protect them while they're doing it.

00:40:19.780 --> 00:40:25.559
So pretty standard day in the life. I can't say

00:40:25.559 --> 00:40:28.420
it's super exciting, but I love my job. I love

00:40:28.420 --> 00:40:31.800
what I do. The advice I would give to people

00:40:31.800 --> 00:40:36.519
is, you know, this is gaming. Try to enjoy it.

00:40:36.760 --> 00:40:39.480
Try to be good to one another. Try to help other

00:40:39.480 --> 00:40:42.340
people enjoy it. I think one of the things that

00:40:42.340 --> 00:40:44.420
made Minecraft, and I'll go back to Minecraft

00:40:44.420 --> 00:40:47.639
because it's so impactful. One of the things

00:40:47.639 --> 00:40:49.920
that made Minecraft so popular is it was just

00:40:49.920 --> 00:40:53.019
a joyful game. You get on there. It's ridiculous.

00:40:53.840 --> 00:40:57.599
It's fun. It doesn't hurt anybody. People can

00:40:57.599 --> 00:41:00.460
get on there and play together and build just

00:41:00.460 --> 00:41:05.360
fantastic things in the world. The limit is truly

00:41:05.360 --> 00:41:08.639
your imagination. And I don't think it makes

00:41:08.639 --> 00:41:10.679
much sense to get in there and try and ruin it

00:41:10.679 --> 00:41:14.460
for other people. And so that's probably the

00:41:14.460 --> 00:41:16.940
biggest piece of advice I would give people is

00:41:16.940 --> 00:41:20.139
just go out and enjoy the games. And if you're

00:41:20.139 --> 00:41:22.869
interested in gaming, and you're interested in

00:41:22.869 --> 00:41:26.050
security, there obviously is a path for you to

00:41:26.050 --> 00:41:28.769
get to that. I'm proof of that, living proof

00:41:28.769 --> 00:41:32.309
of that, even at my ripe old age at this point.

00:41:32.469 --> 00:41:36.550
So never let your dreams die. Keep pursuing it.

00:41:36.590 --> 00:41:39.809
Give it a shot. There are a lot of really passionate,

00:41:39.949 --> 00:41:42.829
loving, caring people that love gaming, but also

00:41:42.829 --> 00:41:47.369
love security that work in Microsoft. Yeah, I

00:41:47.369 --> 00:41:49.239
want to add to that. And I really don't want

00:41:49.239 --> 00:41:50.980
to add to your final thought because I've never

00:41:50.980 --> 00:41:52.340
done it before, but I'm going to do it anyway.

00:41:53.239 --> 00:41:55.699
It's like when multiplayer games that have chat,

00:41:55.920 --> 00:41:59.519
just respect the people at the other end. Don't

00:41:59.519 --> 00:42:02.820
start cussing them out. Don't start saying stupid

00:42:02.820 --> 00:42:06.860
things. You know, you may get banned. I mean,

00:42:06.940 --> 00:42:09.480
it's not nice. It's not clever. People just get

00:42:09.480 --> 00:42:11.619
really angry with it. It ruins the gaming experience,

00:42:11.739 --> 00:42:14.380
to your point. So just, you know, just be kind

00:42:14.380 --> 00:42:16.519
to the other human beings who are playing the

00:42:16.519 --> 00:42:18.900
game along with you. Even if someone stabs you

00:42:18.900 --> 00:42:20.880
in the back in Battlefield, you know, it's like,

00:42:20.940 --> 00:42:24.219
hey, just, it is what it is. It's part of the

00:42:24.219 --> 00:42:28.719
gaming experience. All right. So with that, let's

00:42:28.719 --> 00:42:31.000
bring this episode to an end. Russ, thank you

00:42:31.000 --> 00:42:33.239
so much for joining us this week. I could easily,

00:42:33.280 --> 00:42:35.579
honestly, have gone on for another hour. I love

00:42:35.579 --> 00:42:38.639
this topic so much. So perhaps we should actually

00:42:38.639 --> 00:42:40.800
get you on at another point in time and let's

00:42:40.800 --> 00:42:43.579
discuss other topics in gaming. All right, so

00:42:43.579 --> 00:42:44.699
that's bringing it to an end, as I mentioned.

00:42:44.920 --> 00:42:46.940
Again, Russ, thank you so much for joining us

00:42:46.940 --> 00:42:49.440
this week. And to all our listeners out there,

00:42:49.480 --> 00:42:51.840
we hope you found this episode interesting. Again,

00:42:51.960 --> 00:42:54.079
it was a little bit different. And if you want

00:42:54.079 --> 00:42:55.559
to see different topics like this, let us know.

00:42:56.079 --> 00:42:57.820
We're more than happy to talk about absolutely

00:42:57.820 --> 00:43:01.539
anything security related. So stay safe and we'll

00:43:01.539 --> 00:43:03.760
see you next time. Thanks for listening to the

00:43:03.760 --> 00:43:06.599
Azure Security Podcast. You can find show notes

00:43:06.599 --> 00:43:10.599
and other resources at our website, azsecuritypodcast

00:43:10.599 --> 00:43:14.389
.net. If you have any questions, please find

00:43:14.389 --> 00:43:17.829
us on Twitter at AzureSecPod. Background music

00:43:17.829 --> 00:43:21.210
is from ccmixter .com and licensed under the

00:43:21.210 --> 00:43:22.309
Creative Commons license.