Nicht lieferbar
Exploiting Online Games
Cheating Massively Distributed Systems
Versandkostenfrei!
Nicht lieferbar
The online gaming world is huge and continues to grow (analysts estimate the market reached $12 billion in 2006). And all computer games are made of software. By manipulating, changing, tweaking, and otherwise exploiting the software that makes up a computer game, malicious gamers can cheat. Cheating goes beyond getting a high score. In today's world of online poker, Second Life, and massive multiplayer online role playing games (MMORPGs) currency is a factor, whether it's winning a big jack pot or selling a "vorpal sword of heinousity" on e-Bay. With money involved this spells out big headaches for game makers and players alike. Exploiting Online Games frankly describes controversial security issues surrounding (MMORPGs) such as World of Warcraft. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks, and exposes the inner workings of online game security for all to see. This book discusses and describes security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today. Product Description
Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis
This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!
--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL
If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.
From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of WarcraftT and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.
This book covers
Why online games are a harbinger of software security issues to come
How millions of gamers have created billion-dollar virtual economies
How game companies invade personal privacy
Why some gamers cheat
Techniques for breaking online game security
How to build a bot to play a game for you
Methods for total conversion and advanced mods
Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
Backcover
Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis
This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!
--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL
If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.
From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of WarcraftT and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.
This book covers
Why online games are a harbinger of software security issues to come
How millions of gamers have created billion-dollar virtual economies
How game companies invade personal privacy
Why some gamers cheat
Techniques for breaking online game security
How to build a bot to play a game for you
Methods for total conversion and advanced mods
Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
Foreword xvii
Preface xxiWhy Are We Doing This? xxii
Where Do We Draw the Line? xxiii
What's in the Book? xxiv
The Software Security Series xxvi
Contacting the Authors xxviiAcknowledgments xxixGreg's Acknowledgments xxix
Gary's Acknowledgments xxixAbout the Authors xxxiiiChapter 1: Why Games? 3Online Games Worldwide 5
The Lure of Cheating in MMORPGs 7
Games Are Software, Too 9
Hacking Games 12
The Big Lesson: Software as Achilles' Heel 17Chapter 2: Game Hacking 101 19Defeating Piracy by Going Online 20
Or Not . . . 20
Tricks and Techniques for Cheating 21
The Bot Parade 31
Lurking (Data Siphoning) 36
Tooling Up 39
Countermeasures 46Chapter 3: Money 65How Game Companies Make Money 65
Virtual Worlds: Game Economics and Economies 67
Criminal Activity 73Chapter 4: Enter the Lawyers 75Legality 75
Fair Use and Copyright Law 77
The Digital Millennium Copyright Act 78
The End User License Agreement 79
The Terms of Use 88
Stealing Software versus Game Hacking 89Chapter 5: Infested with Bugs 93Time and State Bugs in Games 95
Pathing Bugs in Games 104
Altering the User Interface 107
Modifying Client-Side Game Data 108
Monitoring Drops and Respawns 109
Just Show Up 111
And in Conclusion 111Chapter 6: Hacking Game Clients 113Malicious Software Testing (Enter the Attacker) 113
Countermeasures against Reverse Engineering 122
Data, Data, Everywhere 126
Getting All Around the Game 132
Going Over the Game: Controlling the User Interface 132
Getting In the Game: Manipulating Game Objects 139
Getting Under the Game: Manipulating Rendering Information 164
Standing Way Outside the Game: Manipulating Network Packets 179
The Ultimate in Stealth: Taking Client Manipulation to the Kernel 180
Clients Make Great Targets 183Chapter 7: Building a Bot 185Bot Design Fundamentals 186
Bot as Debugger 208
The Wowzer Botting Engine 224
Advanced Bot Topics 228
Bots for Everyone 244Chapter 8: Reversing 247Taking Games Apart 248
Code Patterns in Assembly 264
Self-Modifying Code and Packing 290
Reversing Concluded 291Chapter 9: Advanced Game Hacking Fu 293Conversions and Modding 293
Media File Formats 314
Emulation Servers (Private Servers) 315
Legal Tangles 319Chapter 10: Software Security Über Alles 321Building Security In for Game Developers 322
Security for Everyday Gamers 327
Exploiting Online Games 328Index 331
Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis
This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!
--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL
If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.
From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of WarcraftT and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.
This book covers
Why online games are a harbinger of software security issues to come
How millions of gamers have created billion-dollar virtual economies
How game companies invade personal privacy
Why some gamers cheat
Techniques for breaking online game security
How to build a bot to play a game for you
Methods for total conversion and advanced mods
Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
Backcover
Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis
This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!
--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL
If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.
From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of WarcraftT and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.
This book covers
Why online games are a harbinger of software security issues to come
How millions of gamers have created billion-dollar virtual economies
How game companies invade personal privacy
Why some gamers cheat
Techniques for breaking online game security
How to build a bot to play a game for you
Methods for total conversion and advanced mods
Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
Foreword xvii
Preface xxiWhy Are We Doing This? xxii
Where Do We Draw the Line? xxiii
What's in the Book? xxiv
The Software Security Series xxvi
Contacting the Authors xxviiAcknowledgments xxixGreg's Acknowledgments xxix
Gary's Acknowledgments xxixAbout the Authors xxxiiiChapter 1: Why Games? 3Online Games Worldwide 5
The Lure of Cheating in MMORPGs 7
Games Are Software, Too 9
Hacking Games 12
The Big Lesson: Software as Achilles' Heel 17Chapter 2: Game Hacking 101 19Defeating Piracy by Going Online 20
Or Not . . . 20
Tricks and Techniques for Cheating 21
The Bot Parade 31
Lurking (Data Siphoning) 36
Tooling Up 39
Countermeasures 46Chapter 3: Money 65How Game Companies Make Money 65
Virtual Worlds: Game Economics and Economies 67
Criminal Activity 73Chapter 4: Enter the Lawyers 75Legality 75
Fair Use and Copyright Law 77
The Digital Millennium Copyright Act 78
The End User License Agreement 79
The Terms of Use 88
Stealing Software versus Game Hacking 89Chapter 5: Infested with Bugs 93Time and State Bugs in Games 95
Pathing Bugs in Games 104
Altering the User Interface 107
Modifying Client-Side Game Data 108
Monitoring Drops and Respawns 109
Just Show Up 111
And in Conclusion 111Chapter 6: Hacking Game Clients 113Malicious Software Testing (Enter the Attacker) 113
Countermeasures against Reverse Engineering 122
Data, Data, Everywhere 126
Getting All Around the Game 132
Going Over the Game: Controlling the User Interface 132
Getting In the Game: Manipulating Game Objects 139
Getting Under the Game: Manipulating Rendering Information 164
Standing Way Outside the Game: Manipulating Network Packets 179
The Ultimate in Stealth: Taking Client Manipulation to the Kernel 180
Clients Make Great Targets 183Chapter 7: Building a Bot 185Bot Design Fundamentals 186
Bot as Debugger 208
The Wowzer Botting Engine 224
Advanced Bot Topics 228
Bots for Everyone 244Chapter 8: Reversing 247Taking Games Apart 248
Code Patterns in Assembly 264
Self-Modifying Code and Packing 290
Reversing Concluded 291Chapter 9: Advanced Game Hacking Fu 293Conversions and Modding 293
Media File Formats 314
Emulation Servers (Private Servers) 315
Legal Tangles 319Chapter 10: Software Security Über Alles 321Building Security In for Game Developers 322
Security for Everyday Gamers 327
Exploiting Online Games 328Index 331
Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify SoftwareB
The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.
--Cade Metz
Senior Editor
PC Magazine
If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.
--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force
Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University
If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify SoftwareB