James Butler

Greg Hoglund

A guide to rootkits describes what they are, how they work, how to build them, and how to detect them.

Subverting the Windows Kernel

Rootkits

Gary McGraw

Exploiting Software: How To Break Code

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first. "The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys." --Aviel D. Rubin, Ph.D. Professor, Computer Science Technical Director, Information Security Institute Johns Hopkins University "Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be." --Cade Metz Senior Editor PC Magazine "If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge." --Edward W. Felten, Ph.D. Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy Princeton University "Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,'and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional. "Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge." --Daniel McGarvey Chief, Information Protection Directorate United States Air Force "Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it. "With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today." --Greg Morrisett, Ph.D. Allen B. Cutting Professor of Computer Science School of Engineering and Applied Sciences Harvard University "If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk." --Brian Chess, Ph.D. Founder/Chief Scientist, Fortify Software Coauthor ofSecure Programming with Static Analysis "This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!" --Pravir Chandra Principal Consultant, Cigital Coauthor ofNetwork Security with OpenSSL If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see. From the authors of the best-selling Exploiting Software, Exploiting Online Gamestakes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraftand Second Life. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks. This book covers Why online games are a harbinger of software security issues to come How millions of gamers have created billion-dollar virtual economies How game companies invade personal privacy Why some gamers cheat Techniques for breaking online game security How to build a bot to play a game for you Methods for total conversion and advanced mods Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Gamesare tomorrow's security techniques on display today.

Cheating Massively Distributed Systems

Exploiting Online Games

Gary R. McGraw

This is the eBook version of the printed book. This digital Short Cut, delivered in Adobe PDF format for quick and easy access, is an introduction to issues with cheating and anti-cheating countermeasures in the online gaming industry. At present, the online game World of Warcraft has approximately six million subscribers worldwide. At any given time, 500,000 people are logged in and playing. And while many of these players log countless hours engaged in the repetitive tasks required to accumulate points and acquire virtual money and tools–an activity called “grinding”–others would rather find a way to speed game-play along. So they cheat. Some write macros to grind for them while they are doing better things. Others find websites where they can purchase the ill-gotten gains of those macro-writers. Either way, big money is on the line when players cheat. A high rate of cheating upsets the online gaming economy and disrupts game play for everyone. If disgruntled players leave the game, then World of Warcraft’s creator (Blizzard Entertainment) loses real subscribers and real money. With the stakes so high, it’s not surprising that companies like Blizzard Entertainment take active steps to prevent cheating. But you may be surprised and upset to learn exactly what those measures are and how they might affect your PC. This digital Short Cut will discuss the methods gaming companies use to prevent cheating. You will learn how a program designed for World of Warcraft keeps watch of your game-play by scanning your computer for open processes and collecting information about you. We’ll also show you how to run a program called the Governor to keep watch of the watchers and know exactly what Blizzard Entertainment is doing on your computer. After reading this Short Cut, you’ll also have a much better understanding of the ethical and technical issues surrounding cheating and be able to make informed decisions about how much you want to grind and how much you want gaming companies to know about you. Cheating Online Games contains information that will appear in Greg Hoglund and Gary McGraw’s forthcoming book, Exploiting Online Games (ISBN 0132271915), available summer/fall 2007. This Short Cut is fully self-contained and is an excellent place to start learning about technical issues in online gaming. Cheating Online Games (Digital Short Cut) · What This Short Cut Will Cover · A Brief History of Cheating · Defeating Piracy by Going Online · Or Not... · The Lawyers Have Landed Bearing EULAs · The Rise of MMORPGs · The WoW Warden Is Watching · Cheating Is Quick and Easy · Grinding Is Boring and Dull · Farming Makes Things Easy · Virtual-World Economics · Farming Hurts the Virtual Economy · Games as Reality · Cracking Down on Farming · Online Game, Real-World Cheating · Defeating Cheaters and Crossing the Line · The Governor Watches the Watcher

Amber Lin

About

Books

Join the club