DOCSLIB.ORG

Discovering Browser Extensions Via Web Accessible Resources

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Discovering Browser Extensions Via Web Accessible Resources Discovering Browser Extensions via Web Accessible Resources Alexander Sjösten Steven Van Acker Andrei Sabelfeld Chalmers University of Chalmers University of Chalmers University of Technology Technology Technology Gothenburg, Sweden Gothenburg, Sweden Gothenburg, Sweden [email protected] [email protected] [email protected] ABSTRACT The first and second scenarios present an exclusive point Browser extensions provide a powerful platform to enrich of view of websites, concerned with malicious extensions. browsing experience. At the same time, they raise impor- The third scenario presents an exclusive view of extensions, tant security questions. From the point of view of a website, concerned with malicious websites. The fourth scenario illus- some browser extensions are invasive, removing intended fea- trates legitimate synergies between websites and extensions. tures and adding unintended ones, e.g. extensions that hi- Finally, the fifth scenario illustrates the security goals of jack Facebook likes. Conversely, from the point of view of websites and extensions at outright clash. extensions, some websites are invasive, e.g. websites that by- Bank scenario Bank webpages manipulate sensitive in- pass ad blockers. Motivated by security goals at clash, this formation whose unauthorized access may lead to financial paper explores browser extension discovery, through a non- losses. It is desirable to detect potentially insecure and vul- behavioral technique, based on detecting extensions' web ac- nerable extensions and prevent extensions from injecting cessible resources. We report on an empirical study with third-party scripts into the bank's webpages. The latter tech- free Chrome and Firefox extensions, being able to detect nique is in fact a common practice for many extensions [28, over 50% of the top 1,000 free Chrome extensions, including 31]. This scenario motivates the goal of discovering browser popular security- and privacy-critical extensions such as Ad- extensions, as the knowledge of what extensions run on the Block, LastPass, Avast Online Security, and Ghostery. We webpage can be used for tuning the defense. Facebook scenario With over a billion daily users [15], also conduct an empirical study of non-behavioral extension Facebook is a popular target for attacks. Since the Facebook detection on the Alexa top 100,000 websites. We present the application itself is relatively well protected from attacks like dual measures of making extension detection easier in the cross-site scripting, attackers look for attacks elsewhere. A interest of websites and making extension detection more prevalent threat to user integrity and confidentiality is the difficult in the interest of extensions. Finally, we discuss a use of browser extensions to inject scripts into the Facebook browser architecture that allows a user to take control in application to gain full access to the user's account [12]. arbitrating the conflicting security goals. Jagpal et al. [31] identify Facebook as the number one target for malicious extensions, reporting on the proliferation of Keywords attacks such as fake content (ad or otherwise) injection and Web security; Browser extensions; Large-scale study information stealing. This scenario motivates the need for recognizing browser 1. INTRODUCTION extensions by webpages. Having an extension detection tech- Browser extensions provide a powerful platform to enrich nique available, the webpage can adapt its behavior to the browsing experience. The Chrome web store currently con- extensions installed. Research by Facebook's anti-abuse team tains around 43,000 free extensions, with many of these ex- confirms that this is a realistic scenario [12]. tensions, such as AdBlock, Adobe Acrobat, and Skype, hav- LastPass scenario LastPass [34] is a password manager ing more than 10,000,000 users. that permits users to only remember one master password From the security point of view, browser extensions are while automatically generating, storing, and filling in pass- deployed as a \man in the browser" [27], implying that ex- words for the individual services. The LastPass Chrome ex- tensions have privileges to arbitrarily alter the behavior of tension has currently over 4,000,000 users. Being a sensitive webpages. Naturally, the power of browser extensions cre- extension, LastPass has been subject to attacks. For exam- ates tension between the security goals of the webpages and ple, LostPass [35] is a \pixel-perfect phishing" attack that those of the extensions themselves. Let us consider some rep- exploits the fact that LastPass displays its notification in resentative scenarios to illustrate the challenges in balancing the browser viewport. LostPass fakes a message of an ex- these goals. pired session and redirects users to a fake login page where it harvests the master password. (LastPass subsequently re- sponded by interface measures and asking for email confir- Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed mation for all logins from new IPs [33].) for profit or commercial advantage and that copies bear this notice and the full citation This scenario motivates the need to protect sensitive ex- on the first page. Copyrights for components of this work owned by others than ACM tensions. Being able to detect LastPass is a trigger for phish- must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a ing attacks via a malicious webpage, as in the case of Lost- fee. Request permissions from [email protected]. Pass. It is in the interest of LastPass to stay undetected. CODASPY’17, March 22-24, 2017, Scottsdale, AZ, USA Similar scenarios arise with extensions such as Avast Online c 2017 ACM. ISBN 978-1-4503-4523-1/17/03. $15.00 Security and Ghostery, popular security- and privacy-critical DOI: http://dx.doi.org/10.1145/3029806.3029820 extensions that can be targeted by malicious websites. Google Cast scenario Google Cast [26] is a popular ex- tension ids, implying that we never report an extension that tension to play content on a Chromecast device from Chrome. is not present. Upon detecting the Google Cast extension, websites like Contributions To the best of our knowledge, this work Twitch.tv adjust their functionality and offer richer features. is the first comprehensive effort on non-behavioral exten- This scenario highlights the benefit of browser extension sion detection, putting the spotlight on a largely unexplored detection, as motivated by enriching functionality rather area and systematically studying the technique and its ap- than by security considerations. plicability at large scale. To this end, the paper offers the AdBlock scenario With over 40,000,000 users, AdBlock following contributions: is currently the most popular Chrome extension [10]. It is in Precise non-behavioral extension discovery We inves- the very nature of ad blocking to modify webpages, looking tigate a non-behavioral extension detection technique, for ads and blocking them. These goals are clearly at odds based on web accessible resources (Section 3). Based with the webpages' goals. Consequently, some webpages try on unique extension ids, our detection is precise, in to detect ad blockers. the sense of no false positives, and robust, as long as This scenario motivates both the need for extension de- extensions require web accessible resources. tection from the point of view of webpages and the need for Empirical studies of Chrome and Firefox extensions evading discovery from the ad blockers' point of view. As we We report on a empirical study with Chrome's free ex- detail in Section 2, the state of the art for this scenario is tensions where we detect over 50% of the top 1,000 much of a cat-and-mouse game. free Chrome extensions, including popular security- Security goals at clash The above scenarios demonstrate and privacy-critical extensions such as AdBlock, Last- that the different stakeholders (websites vs. browser exten- Pass, Avast Online Security, and Ghostery, and 28% of sions) have different interests, resulting in the clash of the the Chrome extensions in the study overall (Section 4). respective security goals. Motivated by these security goals, We report on a similar study with Firefox's free ex- this paper focuses on discovering browser extensions and tensions (Section 4). Due to Firefox's lax architecture, pursues the following research questions: (i) How to dis- extensions are not prevented from direct modifications cover browser extensions from within a webpage, i.e, without to the UI of the browser. This explains the lesser need modifying the browser? and (ii) How can extensions evade for web accessible resources in Firefox extensions and, detection? therefore, lower discovery rates. We emphasize that this paper does not assume the inter- Demo webpage for Chrome and Firefox We provide a est of webpages over the interest of extensions or vice versa. demo webpage [55] to demonstrate discovery of Chrome Instead, we recognize that these different interests are legiti- and Firefox extensions in practice. This proof-of-concept mate, even if conflicting. We seek to better understand these webpage lists detected extensions once a user visits the interests, conceptually and empirically, and suggest steps to page with Chrome or Firefox. This page serves as a improve the state of the art on both sides. starting point, providing a core that can be further Non-behavioral extension discovery We refer as behav- developed either as a standalone service or a library ioral to extension discovery techniques that require analyz- for inclusion into other webpages. In fact, our code is ing the behavior of browser extensions. Behavioral detection already used by INRIA's Browser Extension Experi- is sometimes desirable, when a particular behavior needs ment [30]. to be detected, regardless of what extension triggers it. On Empirical studies of the Alexa top 100,000 websites the other hand, non-behavioral discovery detects extensions We conduct an empirical study of non-behavioral ex- without having to analyze their behavior.
Load more

Recommended publications
  • Financing Transactions 12
    MOBILE SMART FUNDAMENTALS MMA MEMBERS EDITION AUGUST 2012 messaging . advertising . apps . mcommerce www.mmaglobal.com NEW YORK • LONDON • SINGAPORE • SÃO PAULO MOBILE MARKETING ASSOCIATION AUGUST 2012 REPORT MMA Launches MXS Study Concludes that Optimal Spend on Mobile Should be 7% of Budget COMMITTED TO ARMING YOU WITH Last week the Mobile Marketing Association unveiled its new initiative, “MXS” which challenges marketers and agencies to look deeper at how they are allocating billions of ad THE INSIGHTS AND OPPORTUNITIES dollars in their marketing mix in light of the radically changing mobile centric consumer media landscape. MXS—which stands for Mobile’s X% Solution—is believed to be the first YOU NEED TO BUILD YOUR BUSINESS. empirically based study that gives guidance to marketers on how they can rebalance their marketing mix to achieve a higher return on their marketing dollars. MXS bypasses the equation used by some that share of time (should) equal share of budget and instead looks at an ROI analysis of mobile based on actual market cost, and current mobile effectiveness impact, as well as U.S. smartphone penetration and phone usage data (reach and frequency). The most important takeaways are as follows: • The study concludes that the optimized level of spend on mobile advertising for U.S. marketers in 2012 should be seven percent, on average, vs. the current budget allocation of less than one percent. Adjustments should be considered based on marketing goal and industry category. • Further, the analysis indicates that over the next 4 years, mobile’s share of the media mix is calculated to increase to at least 10 percent on average based on increased adoption of smartphones alone.
    [Show full text]
  • Chrome Extension Page Change Notification
    Chrome Extension Page Change Notification trapansIs Salmon his Jehovistic tirrivees infiltrating when Tod impecuniously, witness unmusically? but shelliest Peirce Chauncey remains subcorticalnever clinks after so vortically. Batholomew mobilising slangily or outmans any troilism. Lazlo Tab title now shows a countdown timer and status. Receive a notification whenever the browser is being used and you however not tracking time. If disabled click this affiliate link happy buy a product or service, we may is paid first fee rule that merchant. Winternals Defragmentation, Recovery, and Administration Field Guide foster the technical editor for Rootkits for Dummies. It will even explode if your keyboard and mouse go untouched for two minutes or more. Or just mail it into yourself to read whenever. Save money remove the hassle. Reload your Chrome extension. Safari using our extension! Here became the latest Insider stories. Configure the refrigerator of enterprise login URLs where password protection service can capture fingerprint of password. Failed to load latest commit information. TODO: we should top the class names and whatnot in post here. Here is day you did remove notifications in Google Chrome completely and effectively. User or password incorrect! Specificity needed here that override widget CSS defaults. The best renderings in is world! Ability to update settings of respective job. In life case, our extension will also have a configuration page, so moving will have use nuclear option. Showing the prompt to load on sat site or visit you just annoying, though. Why my multiple nations decide to launch Mars projects at exactly she same time? Vox Media has affiliate partnerships.
    [Show full text]
  • 13 Cool Things You Can Do with Google Chromecast Chromecast
    13 Cool Things You Can Do With Google Chromecast We bet you don't even know half of these Google Chromecast is a popular streaming dongle that makes for an easy and affordable way of throwing content from your smartphone, tablet, or computer to your television wirelessly. There’s so much you can do with it than just streaming Netflix, Hulu, Spotify, HBO and more from your mobile device and computer, to your TV. Our guide on How Does Google Chromecast Work explains more about what the device can do. The seemingly simple, ultraportable plug and play device has a few tricks up its sleeve that aren’t immediately apparent. Here’s a roundup of some of the hidden Chromecast tips and tricks you may not know that can make casting more magical. Chromecast Tips and Tricks You Didn’t Know 1. Enable Guest Mode 2. Make presentations 3. Play plenty of games 4. Cast videos using your voice 5. Stream live feeds from security cameras on your TV 6. Watch Amazon Prime Video on your TV 7. Create a casting queue 8. Cast Plex 9. Plug in your headphones 10. Share VR headset view with others 11. Cast on the go 12. Power on your TV 13. Get free movies and other perks Enable Guest Mode If you have guests over at your home, whether you’re hosting a family reunion, or have a party, you can let them cast their favorite music or TV shows onto your TV, without giving out your WiFi password. To do this, go to the Chromecast settings and enable Guest Mode.
    [Show full text]
  • RBS-2019-014 Honey Browser Extension Content Script Improper
    RBS-2019-014 Honey Browser Extension Content Script Improper DOM Handling Browser Action UI Spoofing Table of Contents Table of Contents 2 Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details 3 Solution 4 References 4 Timeline 4 About Risk Based Security 5 Company History 5 Solutions 5 2019-07-31 2 of 5 Vendor / Product Information The Honey Browser Extension for ​Chrome, Firefox, Safari, and Edge allows users to instantly find and apply coupon codes at checkout for over 30,000 online shopping sites and, according to the vendor, 10,000,000 members utilize the extension. Vulnerable Program Details Details for tested products and versions: Vendor: Honey Science Corporation ​ Product: Honey Browser Extensions for Chrome, Firefox, Safari, and Edge Versions: Honey Addon for Firefox version 10.8.1 and 11.1.0 ​ Honey Extension for Chrome 10.8.1, 11.0.2, 11.1.0, 11.1.1, 11.1.2, 11.2.1, and 11.2.2 Honey Extension for Edge 11.1.1.0 Honey Extension for Safari 10.9.0 NOTE: Other versions than the one listed above are likely affected. Credits Sven Krewitt, Risk Based Security Twitter: @RiskBased Impact The browser extension’s content script is used to inject and display UI elements in the Document Object Model (DOM) of the current web page. When a user activates the browser action while visiting a specially crafted web site, a context-dependent attacker can spoof UI elements of the browser extension and conduct phishing attacks. Vulnerability Details The Honey browser extensions are activated when a user clicks on the Honey extension logo in the browser toolbar.
    [Show full text]
  • Seamless Offloading of Web App Computations from Mobile Device to Edge Clouds Via HTML5 Web Worker Migration
    Seamless Offloading of Web App Computations From Mobile Device to Edge Clouds via HTML5 Web Worker Migration Hyuk Jin Jeong Seoul National University SoCC 2019 Virtual Machine & Optimization Laboratory Department of Electrical and Computer Engineering Seoul National University Computation Offloading Mobile clients have limited hardware resources Require computation offloading to servers E.g., cloud gaming or cloud ML services for mobile Traditional cloud servers are located far from clients Suffer from high latency 60~70 ms (RTT from our lab to the closest Google Cloud DC) Latency<50 ms is preferred for time-critical games Cloud data center End device [Kjetil Raaen, NIK 2014] 2 Virtual Machine & Optimization Laboratory Edge Cloud Edge servers are located at the edge of the network Provide ultra low (~a few ms) latency Central Clouds Mobile WiFi APs Small cells Edge Device Cloud Clouds What if a user moves? 3 Virtual Machine & Optimization Laboratory A Major Issue: User Mobility How to seamlessly provide a service when a user moves to a different server? Resume the service at the new server What if execution state (e.g., game data) remains on the previous server? This is a challenging problem Edge computing community has struggled to solve it • VM Handoff [Ha et al. SEC’ 17], Container Migration [Lele Ma et al. SEC’ 17], Serverless Edge Computing [Claudio Cicconetti et al. PerCom’ 19] We propose a new approach for web apps based on app migration techniques 4 Virtual Machine & Optimization Laboratory Outline Motivation Proposed system WebAssembly
    [Show full text]
  • Can You Download Google Home on Pc How to Set up Your Google Home
    can you download google home on pc How to Set Up Your Google Home. Google's voice-activated Google Home speaker will set timers, play music, and spell words for your kids' homework. Here's how to set up the new one you just received. Did you just get a Google Home ($99.00 at Target) speaker for the holidays? This stubby little speaker is about to become your best friend. By yelling out "OK Google!" you'll be able to set timers, play music, have it control a Chromecast connected to a TV, or tell you the phone number of the nearest Walgreens. Here's how to set it up. 1. Plug in your Google Home Your Google Home plugs into the wall and, after a few minutes, will light up and start looking for your phone. There's no on/off button. It's always on when it's plugged in. Stay nearby with your phone. 2. Download the Google Home app from your phone's app store and open the app Download from Google Play or the App Store. Accept the terms of service, and agree to turn on location permissions. Yes, Google's spying on you. By having the Google Home, you're all in. Might as well let it know where you are. Make sure you are connected to your home Wi-Fi network, as your phone will pass that information to the Google Home. 3. Sign in with a Google account You'll need a Google account to use Google Home; preferably one with a gmail.com address.
    [Show full text]
  • Rich Internet Applications for the Enterprise
    Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE 2007-12-07 Linköping University Department of Computer and Information Science Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE Supervisors: Valérie Viale Amadeus Philippe Larosa Amadeus Examiner: Kristian Sandahl Department of Computer and Information Science Linköping University Abstract Web applications initially became popular much thanks to low deployment costs and programming simplicity. However, as business requirements grow more complex, limitations in the web programming model might become evident. With the advent of techniques such as AJAX, the bar has been raised for what users have come to expect from web applications. To successfully implement a large-scale web application, software developers need to have knowledge of a big set of complementary technologies. This thesis highlights some of the current problems with the web programming model and discusses how using desktop technologies can improve the user experience. The foundation of the thesis is an implementation of a prototype of a central hotel property management system using web technologies. These technologies have then been compared to an alternative set of technologies, which were used for implementing a second prototype; a stand-alone desktop client distributed using Java Web Start. Keywords: web development, Rich Internet Applications, WebWork, Java Web Start, Property Management System, hospitality software Acknowledgements First I would like to thank Amadeus for giving me the opportunity to do an internship at their development site in Sophia Antipolis.
    [Show full text]
  • Qumu HTML5 Multicast Extension Deliver Video Across the Enterprise—With No Plugins Required
    DATASHEET Qumu HTML5 Multicast Extension Deliver video across the enterprise—with no plugins required What is it? The Qumu HTML5 Multicast Extension is a revolutionary solution to the problem introduced by modern browsers— delivering Multicast video behind the firewall, to users who no longer have browsers that support Microsoft Silverlight. The HTML5 Multicast Extension from Qumu provides a seamless way to play a Multicast live broadcast natively in newer versions of Google Chrome, Internet Explorer, Microsoft Edge and Firefox. How does it work? Deployed with Qumu’s on premise solution, enterprises simply install the extension on each desktop to allow employees to experience live streaming with Multicast on the browser of their choice. By working together with the Qumu VideoNet Edge that originates multicast throughout the corporate network, the HTML5 Multicast Extension provides a complete solution for delivering and rendering multicast video in corporate environment. What are the benefits? Organizations can leverage current infrastructure on the Network and WAN to support multicast in modern browsers The extension supports HTML5 with no additional requirements for Windows Media, Flash, or Silverlight The Qumu HTML5 Multicast Extension delivers high-quality video to the entire organization with minimal network impact Qumu on premise platform customers can expand their video delivery footprint to thousands of users—quickly and cost effectively The extension can be deployed and managed via a software- only solution, 100% behind the firewall. Playlist failover from RTP Multicast to RTSP Unicast is supported, and so are in-band slides and events What are the technical details? Client Support: Formats Supported: · Windows 7, 8.1 and 10 · IE11 (Win10) Live – RTP Multicast, RTSP Unicast · Google Chrome · Microsoft Edge · Firefox Want to Know More? Contact Us.
    [Show full text]
  • Chromebooks + Chromecast in the Classroom
    CHROMEBOOKS + CHROMECAST IN THE CLASSROOM As more Chromebook™ models enter the market, it’s becoming harder for schools to choose the best one to meet their needs. Which one has the power to run the latest online educational content such as Kno™ online textbooks and BioDigital Human™? Which one offers the best visual experience when using Chromecast™ in the classroom? Each model delivers a different experience for teachers teaching and students learning in the classroom. Here in the Principled Technologies labs, we put on our teacher hats and looked at an Intel® Core™ i3 processor-powered Chromebook and an ARM® processor-based Chromebook. We performed tasks a science teacher might include while giving a lesson in the classroom, such as using a Kno online textbook and looking at different 3D anatomy models in BioDigital Human. We measured aspects of user experience that would matter to students and teachers—time to complete tasks and frame rate. Which Chromebook is the better choice for teaching in the classroom? We found that the Intel Core i3 processor-powered Chromebook outperformed the ARM processor-based Chromebook across the board, delivering up to 250.0 percent more frames per second than the ARM processor-based Chromebook when using BioDigital Human with Chromecast. The Intel Core i3 processor-powered Chromebook also took just over half the time to complete a series of tasks, including opening BioDigital Human over 22 seconds faster than the ARM processor-based Chromebook. OCTOBER 2014 A PRINCIPLED TECHNOLOGIES TEST REPORT Commissioned by Intel Corp. WHICH PROCESSOR IS IN YOUR CHROMEBOOK? There are many different Chromebooks on the market.
    [Show full text]
  • Security Analysis of Firefox Webextensions
    6.857: Computer and Network Security Due: May 16, 2018 Security Analysis of Firefox WebExtensions Srilaya Bhavaraju, Tara Smith, Benny Zhang srilayab, tsmith12, felicity Abstract With the deprecation of Legacy addons, Mozilla recently introduced the WebExtensions API for the development of Firefox browser extensions. WebExtensions was designed for cross-browser compatibility and in response to several issues in the legacy addon model. We performed a security analysis of the new WebExtensions model. The goal of this paper is to analyze how well WebExtensions responds to threats in the previous legacy model as well as identify any potential vulnerabilities in the new model. 1 Introduction Firefox release 57, otherwise known as Firefox Quantum, brings a large overhaul to the open-source web browser. Major changes with this release include the deprecation of its initial XUL/XPCOM/XBL extensions API to shift to its own WebExtensions API. This WebExtensions API is currently in use by both Google Chrome and Opera, but Firefox distinguishes itself with further restrictions and additional functionalities. Mozilla’s goals with the new extension API is to support cross-browser extension development, as well as offer greater security than the XPCOM API. Our goal in this paper is to analyze how well the WebExtensions model responds to the vulnerabilities present in legacy addons and discuss any potential vulnerabilities in the new model. We present the old security model of Firefox extensions and examine the new model by looking at the structure, permissions model, and extension review process. We then identify various threats and attacks that may occur or have occurred before moving onto recommendations.
    [Show full text]
  • HTML5 Indexeddb
    HHTTMMLL55 -- IINNDDEEXXEEDDDDBB http://www.tutorialspoint.com/html5/html5_indexeddb.htm Copyright © tutorialspoint.com The indexeddb is a new HTML5 concept to store the data inside user's browser. indexeddb is more power than local storage and useful for applications that requires to store large amount of the data. These applications can run more efficiency and load faster. Why to use indexeddb? The W3C has announced that the Web SQL database is a deprecated local storage specification so web developer should not use this technology any more. indexeddb is an alternative for web SQL data base and more effective than older technologies. Features it stores key-pair values it is not a relational database IndexedDB API is mostly asynchronous it is not a structured query language it has supported to access the data from same domain IndexedDB Before enter into an indexeddb, we need to add some prefixes of implementation as shown below window.indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; window.IDBTransaction = window.IDBTransaction || window.webkitIDBTransaction || window.msIDBTransaction; window.IDBKeyRange = window.IDBKeyRange || window.webkitIDBKeyRange || window.msIDBKeyRange if (!window.indexedDB) { window.alert("Your browser doesn't support a stable version of IndexedDB.") } Open an IndexedDB database Before creating a database, we have to prepare some data for the data base.let's start with company employee details. const employeeData = [ { id: "01", name: "Gopal K Varma", age: 35,
    [Show full text]
  • Coding Your First HTML5 Game
    Coding Your First HTML5 Game Randy Hoyt @randyhoyt randyhoyt.com/launchgame @randyhoyt Overview • Code • HTML5 • Games @randyhoyt Overview • Games • HTML5 • Code @randyhoyt Games Games • Games are fun I love games! @randyhoyt A Theory of Fun (2004), by Ralph Koster Games • Games are fun • Games are everywhere I love games! @randyhoyt Homo Ludens (1938), by Johan Huizinga Games • Games are fun • Games are everywhere • Games exercise the brain I love games! @randyhoyt Play engages the prefrontal cortex, responsible for your highest-level cognitive functions – including self- knowledge, memory, mental imagery, and incentive and reward processing. Brain Workout, Life Optimizer, http://trhou.se/WHkaR7 Brain Workout, Life Optimizer, http://trhou.se/WHkaR7 Games • Games are fun • Games are everywhere • Games exercise the brain • Games are practice for the real world I love games! @randyhoyt 7 TED Talks on Gaming, http://trhou.se/gamesTED Games And Me @randyhoyt HTML5 Buzzword Alert! HTML5 and Related Technologies • Canvas @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL • WebSocket http://trhou.se/introwebsockets @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL • WebSocket http://trhou.se/introwebsockets • SVG @randyhoyt HTML5 Games It’s official: with HTML5 today the browser has become a full- fledged gaming platform. HTML5 Gaming, http://html5rocks.com/gaming Behind the Scenes, http://www.cuttherope.ie/dev/
    [Show full text]