Exploiting Online Games: Cheating Massively Distributed Systems 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Frequently bought together
From the Back Cover
"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."
"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."
Chief, Information Protection Directorate
United States Air Force
"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."
--Brian Chess, Ph.D.
Founder/Chief Scientist, For
About the Author
Greg Hoglund has been involved with software security for many years, specializing in Windows rootkits and vulnerability exploitation. He founded the websitewww.rootkit.com, and has coauthored several books on software security (Exploiting Software: How to Break Code andRootkits: Subverting the Windows Kernel, both from Addison-Wesley). Greg is a long-time game hacker and spends much of his free time reverse engineering and tooling exploits for new games. Professionally, Greg offers in-depth training on rootkit development and software exploits. He is currently CEO of HBGary, Inc. (www.hbgary.com), building a world-class product for software reverse engineering and digital forensics.
Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of six best-selling books on this topic. The latest, Software Security: Building Security In, was released in 2006. His other titles includeJava Security (Wiley), Building Secure Software (Addison-Wesley), andExploiting Software (Addison-Wesley). He is the editor of the Addison-Wesley Software Security Series. Dr. McGraw has also written more than 90 peer-reviewed scientific publications, writes a monthly security column fordarkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the advisory boards of Fortify Software and Raven White. His dual Ph.D. is in cognitive science and computer science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.
- Publisher : Addison-Wesley Professional; 1st edition (July 9, 2007)
- Language : English
- Paperback : 380 pages
- ISBN-10 : 0132271915
- ISBN-13 : 978-0132271912
- Item Weight : 1.63 pounds
- Dimensions : 7 x 0.86 x 9.1 inches
- Best Sellers Rank: #1,326,216 in Books (See Top 100 in Books)
- Customer Reviews:
About the authors
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
Even if you're a security expert, this will teach you things. For example, the requirements of games (responsiveness, good use of network bandwidth, etc.) force them to design their systems with risk, and that risk can be exploited. The only alternative is to run the entire game on their servers and have the client programs be merely display stations, and that just won't work. It makes for a very good read.
Even Hoglund's political rants are fun to read, even as they ring hollow. It's okay for him to hack the system by any means necessary, because he's a hacker and that's what hackers do. But it's not okay for the people who run these games to hack him back because that's an invasion of privacy. How dare they! It strikes me that the real offense is that he was out-hacked, and yeah, it's annoying to lose.
I rate it only three stars because I expect it will not age well. If you're reading this review in 2007, buy the book, it's great. Buy it, you'll love it. If you're reading it in 2008, 2009, or beyond, recognize that the principles he shows are liable to be true for a long time, but the details have a shelf-life.
The text features numerous sidebars: gray-background side topics tangentially related to the main text. However, on the Kindle for iPhone, the majority of these sidebars are truncated.
That is, their ends are chopped off.
For such an expensive ebook, I'd expect to get the complete text. Not so here.
Not a horrible book, but not great either. I preferred Hoglund's Rootkit book since it had more generic approaches to subverting win32 processes.
If you work on an MMO, you should probably pick this one up.
On-line games, particularly the newer, massively networked ones, are obviously ripe for attackers to dupe. Even though they're intended to "just" be games, real attacks can take place that have serious consequences to the communities that play these games.
More importantly, though, by demonstrating problems in these for-fun pieces of software, Gary and Greg have done a great service to everyone who works in software. The mistakes made in on-line games are, without a doubt, rooted in software issues that are found in "real world" software as well.
This is a great opportunity to explore the sorts of software security problems that plague far too many of our systems, from games to mission critical enterprise applications, today.