Hacktag is a promising new asymmetric co-op stealth/infiltration game in that plays like a blend of Mission Impossible and Keep Talking and Nobody Explodes, in which one player controls a Stealth Agent and another controls a Hacker as they attempt to infiltrate and take down corporations
Set in a parallel version of 2029, populated by anthropomorphic animals, players control mercenaries who carry out corporate espionage for competing corporations. Hacktag can be played online or with local split-screen multiplayer and requires co-operation and good communication for success in its diverse procedurally generated levels.
During missions one player controls the Stealth Agent and another controls the Hacker. The Stealth Agent must sneak through the isometric game world, using distractions and avoiding or taking out guards while making their way to the goal. The Hacker on the other hand hacks their way through a holographic blueprint of the level, interacting with cameras, doors, phones and other equipment to open the way up for the Agent and divert the attention of the guards.
Hacktag features three possible corporations to pledge your allegiance to, three different styles of missions, comprehensive character customisation options, online challenges, an intriguing narrative for each character, online leaderboards and unlockable skills. It’s an impressive game with a great concept and Hacktag has already quite a lot of praise and awards from the indie scene thanks to it’s intelligent asymmetric co-op gameplay. Sign up now to hack your way into the Beta!
Hacktag is a 2-player co-op stealth-game with an asymmetric gameplay. Play as the stealth Agent in the field or as the Hacker, virtually infiltrating and cooperating to fulfill industrial espionage missions to take down corporations.In 2029, in a parallel world inhabited by anthropomorphic animals, you are a mercenary who secretly accomplishes. Changing your MAC address. While this is somewhat trivial, I would still like to mention it. Primarily because not many people are used to the new Linux ip utility. You might need sudo for all of the commands. Using ifconfig (Older Linux distros and Mac OS X) ifconfig # to list all interfaces ifconfig interface ether 00:00:00:00:DD.
Nginx and Secure SSL ConfigurationIt turns out that it is kind of tricky to get a perfect high security SSL configuration. I will give you configuration options and I will explain the reasons for which they are chosen.
SSL Versions
SSLv2 is insecure and you also need to disable SSLv3, as TLS 1.0 suffers a downgrade attack, allowing an attacker to force a connection to use SSLv3 and therefore disable forward secrecy. SSLv3 also allows exploiting the POODLE attack which is another reason to disable it.
The cipher suites that provide the best Forward Secrecy are the ones that use an ephemeral form of the Diffie-Hellman key exchange. The main disadvantage is their overhead which is improved by using their elliptic curve variants.
The following options are recommended by the Mozilla Foundation. If you are not looking for backwards compatibility the following is the recommended modern configuration that is compatible with: Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7.
For services that don't need compatibility with legacy clients (WinXP), but need to support a wide range of clients, the following less recommended configuration is compatible with: Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.
And finally if for some crazy reason you would really like to support legacy systems like Windows XP and Internet Explorer 6, this is the NOT RECOMMENDED ciphersuite which will work with all clients back to Windows XP/IE6. It should only be used as a last resort.
Forward Secrecy and DHE Parameters Hashtag For MacForward Secrecy is a property of a secure communication that guarantees that even if an attacker gets a hold of the server's private key he would not be able to decrypt any past recorded communications. This is done by performing a Diffie-Hellman key exchange, which guarantees that the symmetric key of a communication (session key) is never transmitted over the connection and cannot be acquired from a third party. Because this key is only used for a limited amount of time it is called Ephemeral. The server's private key is then used to sign the negotiated session key and thus protecting from a MITM attack, which a standard Diffie-Hellman key exchange is vulnerable to. Nginx relies on an input parameters from OpenSSL for the Ephemeral Diffie-Hellman (DHE), but the OpenSSL defaults only provide a 1024-bit key for the key-exchange. Since often you will be using a 2048-bit certificate (or higher), DHE clients will use a weaker key-exchange than non-ephemeral DH clients. To set a stronger DHE parameter we generate an 4096-bit key and supply it to Nginx:
SSLv2 is insecure and you also need to disable SSLv3, as TLS 1.0 suffers a downgrade attack, allowing an attacker to force a connection to use SSLv3 and therefore disable forward secrecy. SSLv3 also allows exploiting the POODLE attack which is another reason to disable it.
The cipher suites that provide the best Forward Secrecy are the ones that use an ephemeral form of the Diffie-Hellman key exchange. The main disadvantage is their overhead which is improved by using their elliptic curve variants.
The following options are recommended by the Mozilla Foundation. If you are not looking for backwards compatibility the following is the recommended modern configuration that is compatible with: Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7.
For services that don't need compatibility with legacy clients (WinXP), but need to support a wide range of clients, the following less recommended configuration is compatible with: Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.
And finally if for some crazy reason you would really like to support legacy systems like Windows XP and Internet Explorer 6, this is the NOT RECOMMENDED ciphersuite which will work with all clients back to Windows XP/IE6. It should only be used as a last resort.
Forward Secrecy and DHE Parameters Hashtag For MacForward Secrecy is a property of a secure communication that guarantees that even if an attacker gets a hold of the server's private key he would not be able to decrypt any past recorded communications. This is done by performing a Diffie-Hellman key exchange, which guarantees that the symmetric key of a communication (session key) is never transmitted over the connection and cannot be acquired from a third party. Because this key is only used for a limited amount of time it is called Ephemeral. The server's private key is then used to sign the negotiated session key and thus protecting from a MITM attack, which a standard Diffie-Hellman key exchange is vulnerable to. Nginx relies on an input parameters from OpenSSL for the Ephemeral Diffie-Hellman (DHE), but the OpenSSL defaults only provide a 1024-bit key for the key-exchange. Since often you will be using a 2048-bit certificate (or higher), DHE clients will use a weaker key-exchange than non-ephemeral DH clients. To set a stronger DHE parameter we generate an 4096-bit key and supply it to Nginx:
And then in your Nginx configuration:
Additional OptionsWhen choosing a cipher during an SSL or TLS handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.
SSL operations consume a lot of CPU resources. They can be optimised in the following way:
- On a multiprocessor system there should be several workers and no less than the number of available CPUs. This can easily be solved with:
- The most CPU intensive operation is the SSL handshake. To minimise the number of these operations you could enable keepalive connections so multiple request can be send over the same connection and to reuse SSL session parameters and avoid SSL handshakes for subsequent connections.
An extra level of security can be achieved by enabling HTTP Strict Transport Security (HSTS). This is done by appending an extra header to each response signalling the browser that content from this domain should always be loaded via HTTPS.
Testing your SSL configuration Hashtag For MacThe SSL Labs have an excellent tool for testing you server configuration. I would highly recommend doing that after you've set up your server. If you get an A, then you are good to go!
