User:Doom

Greetings,

My name is Jeff and I am the President of the Georgia Southern University OWASP chapter.

I'm here to learn more about Web Application Security and and become a better leader.

Origins of Passion

My life began as the Eternal September began, a cherished coincidence. https://en.wikipedia.org/wiki/Eternal_September

I acquired my passion for security when I began to hack MMOS at the ripe old age of 12 using Cheat Engine, WinSock Packet Editor Pro and various other programs such as Apache HTTPD. I used Apache to conduct a man in the middle attack against the update server for these games security clients. The result was a security client that would attempt to check for updates from the Corporate server but would instead be directed to my htdocs folder which contained a very outdated Security Client. In this way exploits from the past that had been patched became possible again. This success was magical and guides my career choice to this day.

Also, because of this I learned very early about the hacker (skilled user) vs hacker (security professional) dynamic. This dynamic is responsible for an increasing potentiality of legal ramifications for hacking games owned by Corporations I.E.(South Korea). Skilled users who hack online games will soon (already) be risking fines and jail time for these actions. I consider this to be an anti-consumer abomination and an injury to online freedom. I watched as "Nexon Corporation" set the precedent for legal ramification in South Korea for altering the game.

Additionally, this company has learned to exploit normal users on the basis of this dynamic which is troubling. By playing this game you submit to Big Brother esk data collection policy on the basis that this data will "never be used" unless you violate the terms of service by hacking. However, this data is collected on every game launch (normal players) and archived on their servers for retroactive prosecution and profit. Below is the specific policy which you may find shocking.

http://nxcache.nexon.net/nx/global/legal_info/terms.html

2.4 	Hardware and Software Access. You hereby acknowledge that: 2.4.1 	The Company has the right to obtain, without notification to you, certain information about your computer or software, including, but not limited to, your operating system, identification of your hard drives, central processing unit, IP address, and Internet browser for purposes of identification. 2.4.2 	The Company has the right to obtain, without notification to you, non-personal information from your connection to the Service or Site for demographic purposes. 2.4.3 	The Company has the right to obtain, without notification to you, information from your computer, software, and parts or portions thereof, including, without limitation, your computer's random access memory, video card, central processing unit, hard drive(s) and any other storage devices to assist our efforts in policing users who may develop and/or use "hacks" and/or "cheats" to gain advantage over other users. The information obtained in this Section will only be used for the purpose of identifying persons or entities not in compliance or believed by the Company to not be in compliance with this Agreement and any and all other Company rules, policies, notices and/or agreements.