Exploiting Online Games: Cheating Massively Distributed Systems (Paperback)

Description

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.

"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."

--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."

--Cade Metz
Senior Editor
PC Magazine

"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."

--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."

--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."

--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."

--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis

"This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!"

--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft^™ and Second Life^®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

• Why online games are a harbinger of software security issues to come
• How millions of gamers have created billion-dollar virtual economies
• How game companies invade personal privacy
• Why some gamers cheat
• Techniques for breaking online game security
• How to build a bot to play a game for you
• Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

 

描述

想像一下在足球比賽中，如果你從未研究進攻，你將無法知道何時會有進攻、如何防守傳球路線，以及何時進行猛烈進攻。在電腦系統中，就像在足球比賽中一樣，防守者必須能夠像攻擊者一樣思考。我每學期都會在課堂上說，你不想成為最後一個攻擊自己系統的人，你應該是第一個。

世界正在迅速上網。雖然我不建議線上投票，但很明顯線上遊戲正在風靡互聯網。在我們這個新時代，虛擬物品具有真實的價值，財富因不存在的物品而贏得和失去，對勇敢的遊戲玩家來說，新的威脅是非常真實的。為了防止這些危險，你必須了解它們，而這本開創性的書是唯一一本全面提供有關如何利用電腦遊戲的資訊來保護自己的白帽子應該閱讀的書籍。這是他們唯一保持在壞人之後一步的希望。

- Aviel D. Rubin博士
電腦科學教授
資訊安全研究所技術總監
約翰霍普金斯大學

每個人都在談論虛擬世界，但沒有人談論虛擬世界的安全性。Greg Hoglund和Gary McGraw是展示這些線上遊戲有多容易受到攻擊的完美組合。

- Cade Metz
高級編輯
PC Magazine

如果我們要改善我們的安全實踐，像這本書中的討論一樣坦率是唯一的出路。或者正如這本書的作者可能會說的那樣，當你面對不安全的可怕惡魔時，你需要有經驗的夥伴，更不用說一把安全知識的Vorpal劍了。

- Edward W. Felten博士
電腦科學和公共事務教授
資訊技術政策中心主任
普林斯頓大學

從歷史上看，遊戲一直被戰士用來開發新的能力和磨練現有技能，尤其是在空軍中。作者將這個簡單的概念反過來，將遊戲本身作為“駭客遊戲”的主題和目標，並在此過程中創造了一本對遊戲玩家和嚴肅的安全系統專業人員都有意義的卓越出版物。

- Daniel McGarvey
資訊保護總監
美國空軍

就像很多孩子一樣，Gary和我通過遊戲來到計算機（後來是計算機安全）。起初，我們對在我們的Apple ][上玩遊戲感到著迷，但後來對我們負擔得起的遊戲感到厭倦。我們試圖複製彼此的遊戲，但遇到了防拷保護方案。所以我們開始了解這些方案以及如何繞過它們。很快，我們意識到相對於玩遊戲來說，解析和繞過遊戲的保護措施更有趣。

在今天的線上遊戲繁榮的經濟中，人們不僅有經典駭客的動機去了解和繞過遊戲的安全性，還有冷酷無情的金錢犯罪動機。這是一個很難阻止的結合。這本書所採取的第一步是揭示當今正在使用的技術。

- Greg Morrisett博士
Allen