The New York Times has introduced the next title coming to its Games catalog following Wordle’s continued success — and it’s all about math. Digits has players adding, subtracting, multiplying, and dividing numbers. You can play its beta for free online right now. 
In Digits, players are presented with a target number that they need to match. Players are given six numbers and have the ability to add, subtract, multiply, or divide them to get as close to the target as they can. Not every number needs to be used, though, so this game should put your math skills to the test as you combine numbers and try to make the right equations to get as close to the target number as possible.

Players will get a five-star rating if they match the target number exactly, a three-star rating if they get within 10 of the target, and a one-star rating if they can get within 25 of the target number. Currently, players are also able to access five different puzzles with increasingly larger numbers as well.  I solved today’s puzzle and found it to be an enjoyable number-based game that should appeal to inquisitive minds that like puzzle games such as Threes or other The New York Times titles like Wordle and Spelling Bee.
In an article unveiling Digits and detailing The New York Time Games team’s process to game development, The Times says the team will use this free beta to fix bugs and assess if it’s worth moving into a more active development phase “where the game is coded and the designs are finalized.” So play Digits while you can, as The New York Times may move on from the project if it doesn’t get the response it is hoping for. 
Digits’ beta is available to play for free now on The New York Times Games’ website

By making use of robust authentication and authorization, web apps can effectively mitigate the all-too-common risks associated with unauthorized intrusions.

Authentication confirms the identity of users accessing the system while authorization further restricts user actions based on their roles, minimizing potential vulnerabilities within the application.

Regularly updating security measures and educating developers about their importance play crucial roles in maintaining a secure environment.

Understanding web security fundamentals

Web application security is critical if your goal is to protect sensitive data and keep the trust of your userbase.

Security measures should evolve over the course of time to counteract the latest threats. Putting in place the latest best practices helps prevent or ameliorate potential breaches that could very well have severe financial and reputational impacts.

Companies often decide to hire penetration testing companies for the express purpose of uncovering vulnerabilities. Conducting these tests on a regular basis — once or twice per year allows businesses to stay in lockstep with emerging threats. Emphasizing security in the development lifecycle ensures that measures are integral rather than an afterthought.

Common web security threats

In many web applications, vulnerabilities like SQL injection and cross-site scripting (XSS) are prevalent —these threats exploit poor input validation, allowing attackers access to vital information. Developers should prioritize input sanitization to prevent such attacks.

Cybersecurity threats evolve rapidly. The rise of complex attacks necessitates ongoing vigilance. Security threats can disrupt services and compromise data integrity. Staying informed about common threats is vital for implementing timely defenses in web app development.

Principles of secure web design

Designing with security in mind involves adhering to key principles. Inputs should be thoroughly validated, and sensitive data encrypted to prevent unauthorized access. Utilizing parameterized queries reduces the risk of SQL injection.

Another principle is the concept of least privilege, where users and applications are granted only the necessary permissions. This minimizes the damage potential if access is compromised. Security frameworks should be integrated into the design process, ensuring a strong foundation for robust web applications.

Authentication and access control measures

Methods such as multi-factor authentication (MFA) enhance protection by requiring users to provide two or more separate verification factors — while this is slightly more time-consuming, the slight hassle does pay off. This makes it more difficult for anyone unauthorized to gain access. Furthermore, integrating authentication based on tokens also adds an extra layer of security, as tokens are unique and time-sensitive, reducing the risk of session hijacking.

Furthermore, regular monitoring of authentication logs can help identify unusual access patterns. Input validation during the login process ensures that data entered by users satisfies predefined criteria, preventing attacks like SQL injection.

Utilizing role-based access control

Role-based access control (RBAC) is a paradigm based on assigning permissions to employees based on what their role within an organization is. This tends to make management simpler — by grouping users with similar responsibilities and assigning specific access rights to these groups. This system ensures that sensitive information and functionalities are only accessible to roles that require them.

By clearly defining roles and permissions, organizations can reduce the risk of data breaches. For effective RBAC implementation, regularly updating role assignments and conducting audits are essential. Automated tools can assist in managing roles and permissions, ensuring smooth operations, and minimizing administrative overhead. Such measures enhance security by ensuring users have access only to necessary resources.

Making use of the principle of least privilege

The principle of least privilege is a vital security measure. It limits user access to the minimum level necessary to perform their job functions, thereby mitigating security risks.

It operates on a simple basis — all users are granted the least amount of access required to do their duties, reducing the potential impact of any one account being compromised.

Regularly reviewing and adjusting user privileges helps maintain effective security. It’s crucial to revoke unnecessary privileges promptly. Implementing controls to monitor user actions assists in maintaining compliance with this principle.

Defending against common web attacks

Web applications face numerous threats that can compromise data integrity and user privacy. Guarding against these threats involves adopting specialized strategies focusing on every type of attack.

Protecting against injection attacks

Injection attacks involve injecting malicious code into a web application to manipulate its database. A prevalent example is SQL injection, which targets database layers by injecting SQL commands.

To defend against these, developers should implement parameterized queries and stored procedures, which limit user input from altering queries in harmful ways.

Regular use of a web application firewall helps to detect and block suspicious activities. Last but not least, the utilization of input validation is yet another crucial measure, ensuring that user inputs adhere to expected formats and content types.

Defending against cross-site scripting (XSS)

Cross-site scripting, or XSS attacks, consist of malicious actors injecting client-side scripts into the web pages that are afterward viewed by other users.

This can lead to unauthorized access to user sessions and the exposal of sensitive information. Utilizing content security policies (CSP) can stop browsers from executing such types of malicious scripts. On top of that, encoding data sent to a web browser ensures that the data is treated as text, not as executable code. Developers can also sanitize inputs by escaping data before processing it or displaying it.

Preventing cross-site request forgery (CSRF)

Cross-site request forgery tricks a user into executing unwanted actions on a web application where they are authenticated. Protecting against CSRF involves the use of anti-forgery tokens, which ensure that requests originate from legitimate users.

Session management and secure cookies are also critical, helping to maintain secure user sessions and reduce vulnerabilities. To bolster security, developers can also leverage mobile security features that ensure consistent protection across devices. Addressing these aspects minimizes the likelihood of CSRF attacks compromising web applications.

Encryption and secure data handling

Ensuring that you fully secure sensitive information by encrypting it and managing it carefully is vital to preventing unauthorized access.

Implementing SSL/TLS for Secure Communication

SSL/TLS protocols play a key role in protecting data exchanges between a server and its users, encrypting interactions to deter interception and manipulation. Websites should adopt HTTPS to maintain data privacy and ensure that information stays intact while in transit.

To implement SSL/TLS, a business must go about acquiring a certificate from a trusted Certificate Authority — this certificate acts as a vote of confidence for the server and assures users that communication is encrypted. Without SSL/TLS, applications are susceptible to risks, such as interception attacks, which could compromise sensitive data.

Data encryption and document access

Data encryption protects sensitive information at rest, whether in a database or during document access. Implementing strong encryption algorithms ensures data security.

For document handling, especially PDFs, digital signatures can be employed to verify authenticity and integrity. Utilization of various software development kits helps seamlessly integrate signing capabilities within applications, ultimately securing your app’s users.

Secure session management

Session management involves securely handling session tokens and IDs to prevent unauthorized access to user accounts. Proper secure session management ensures that tokens are randomly generated and stored securely.

Key practices include:

– Using secure cookies with the HttpOnly and Secure flags,
– Ensuring that session IDs are changed upon user login and logout,
– Limiting session duration with appropriate expiration times.

To prevent session hijacking, it’s recommended that developers use tools and software development kits capable of integrating robust session management features. Proactively managing these sessions ensures ongoing security for users’ data.

Conclusion

Strong authentication methods should be prioritized. Making the use of multi-factor authentication and strong access controls a priority and standard company policy can go a long way in the effort to reduce the risk of such unwanted access.

Regular security updates and patches play a vital role in mitigating vulnerabilities. Implementing these strategies creates a robust defensive perimeter that enhances the overall security posture of a web application. By being proactive and vigilant, organizations can safeguard sensitive data and maintain user trust.

Featured image source

Ticketmaster that it will be the first ticketing company to take advantage of new features that arrived in Apple Wallet with iOS 18. According to a blog post from the business, Ticketmaster tickets viewed in the Apple app can show enhanced information such as venue maps, parking directions, local weather forecasts and recommended listening from Apple Music. Teams and event spaces can also choose to add links to their own apps or websites that customers can access from their Wallet tickets.

The company is first applying the new tech to two sporting events this year, and said it will be rolling out the capabilities to more events in 2025. While Ticketmaster is touting its role as the first adopter of the new Wallet ticket experience, the new features will not only be available to that company. Considering Ticketmaster was in the PR images the new features, it seems likely that the companies had an agreement about how they’d jointly promote the updates.

Apple Wallet boasts several upgrades in the latest operating system release, such as a new feature for faster money transfer. The initial iOS 18 rollout last month had some good stuff, but the marquee debut of Apple Intelligence likely won’t happen until .

 Activision released a report on its anti-toxicity tools for Call of Duty, including the upcoming launch of Call of Duty: Black Ops 6 coming on October 25.

The report is part of the Call of Duty team’s string of reports on multiplayer play aimed at sharing knowledge with the industry on fostering a positive and welcoming community for all players. Part of these ongoing initiatives involve the development and use of technology to help the teams combat disruptive behavior, in accordance with the Call of Duty Code of Conduct.

As one of the biggest games in the world (more than 425 million Call of Duty games sold as of October 2023), it’s important for Call of Duty to set the example of transparency in helping to fight the entire industry’s common foe of toxic player behavior.

In the progress report, Activision’s Disruptive Behavior team shares the latest results and upgrades made to Call of Duty’s anti-toxicity tools, which will reinforce the ongoing work toward deploying anti-toxicity systems for the launch of the new game.

Voice & Text Moderation in Black Ops 6 at launch

Voice and text moderation systems designed to combat toxic behavior already deployed in Call of Duty: Modern Warfare III will launch with Black Ops 6 on day one on October 25. This includes the global availability (excluding Asia) of Call of Duty’s AI-powered voice moderation system in English, Spanish, and Portuguese. Call of Duty will also expand voice moderation support to French and German for Black Ops 6 at launch.

Text-based moderation of in-game text chat and usernames in twenty languages will be deployed for Black Ops 6 on day one.

The Disruptive Behavior team knows that hype and passion is part of Call of Duty’s DNA. Voice and text-based moderation tools in Call of Duty don’t target the competitive spirit – rather, it enforces against behavior identified in the Call of Duty franchise Code of Conduct, targeting harassment and derogatory language.

Similar to Modern Warfare III, the Call of Duty Code of Conduct will be visible during the initial in-game flow when players first launch core multiplayer modes in Black Ops 6, asking players to acknowledge the Code of Conduct pillars.

Over 45 million text messages blocked in 20 languages

Since Modern Warfare (2019), Call of Duty has collaborated with Community Sift to support text-based moderation. In August, the text moderation expanded from 14 to 20 languages.

Call of Duty’s text moderation is available in English, French, Italian, German, Spanish, Portuguese, Russian, Polish, Japanese, Korean, Arabic, Chinese (Traditional and Simplified), Turkish, Dutch, Thai, Vietnamese, Indonesian, Finnish, and Romanian.

Call of Duty has implemented a new analysis system for username reports to enhance efficiency and accuracy, surfacing critical reports to the moderation team for investigation and action.

The Disruptive Behavior team has also been emphasizing proactive measures for text moderation activity, reducing exposure to disruptive behavior for the community. The system also analyzes text chat traffic in near real-time, resulting in the blocking of over 45 million text-based messages in violation of the Call of Duty Code of Conduct since November 2023.

Exposure to voice toxicity dropped 43%

Call of Duty’s proactive voice moderation strategy, powered by Modulate’s ToxMod, has helped reduce exposure to disruptive voice chat for millions of players since its global launch (excluding Asia) last year.

Since rolling out an improved voice chat enforcement in June 2024, Call of Duty has seen a combined 67% reduction in repeat offenders of voice-chat based offenses in Modern Warfare III and Call of Duty: Warzone. In July 2024, 80% of players that were issued a voice chat enforcement since launch did not re-offend. Exposure to disruptive voice chat continues to fall, dropping by 43% since January 2024.

At launch, Black Ops 6 will expand its voice moderation to French and German, in addition to English, Spanish, and Portuguese.

Collaborating to battle disruptive behavior

The Disruptive Behavior team aims to reduce the community’s exposure to disruptive behavior as well as enhancing moderation effectiveness across all types of social interactions in Call of Duty. These improvements include improved messaging to players, Code of Conduct updates, and enhancements to the enforcement strategies.

As part of this work, Call of Duty has been working with the California Institute of Technology (Caltech) since 2022 which has resulted in research paper publication and improvements to the disruptive behavior approach which include reduced time to moderation enforcement as a result of Caltech’s research contribution.

The team has also worked closely with the University of Chicago Booth School of Business and their Product Innovation student cohort. This collaboration began in 2022 and continues to this day, with results of developed research providing the team with insights to better identify and combat disruptive behavior.

Additionally, the team is actively engaged in research surrounding disruptive behavior and prosocial activities in gaming. The knowledge gained from these research initiatives are valuable input to be fed back into the game as part of Call of Duty’s overall strategy to combat disruptive behavior.