Exploiting Online Games: Cheating Massively Distributed Systems
"Imagine trying to play defense in football without ever studying offense. You do not know when a run was coming, how to defend pass patterns, nor when the blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say in my class each semester, you will not be the last person to attack your own system – you should be first. "The world is quickly going online. While I caution against online voting, it is clear that online gaming…
PRICE $31.49
Buy Exploiting Online Games: Cheating Massively Distributed Systems at Amazon
Baeddan 8:12 pm on November 13, 2009 Permalink
As someone who does not play games online, I approached this book with more curiosity than a practical need. It is a worthwhile read, although with experience with the language game would certainly have made it easier to understand. Technical readers will want to skip to Chapter 5 and read the second half of the book, which includes many detailed explanations on how to manipulate games to your advantage.
The aim of the book is manipulating the client side of the game, with relatively few vulnerabilities on the server. There is not very much guidance to game developers about how to avoid the problems discussed in the book.
I was pleased that the book covers not only security issues but also related issues such as confidentiality, and ethical issues for both providers of online games and play pirate and to subvert the game.
Many lessons are applicable to any distributed system with thick clients, not including game software, but also enterprise systems. As such, it is useful for developers playing virtually any distributed system, because it will give a fairly accurate picture of the length that the attackers are willing to go to compromise a distributed system, and their capacity to handle the software without designs or source code.
Yumi 10:00 pm on November 13, 2009 Permalink
Although I am not a computer gamer, I am extremely impressed by what is happening in online games – and surprised many people in communities who can enjoy their efforts. What the general public to communicate the lessons of software security?
Online games, especially newer ones massively networked, are obviously ripe for attackers to dupe. Even if they are intended "only" games, real attacks can take place only to have serious consequences for communities who play these games.
More importantly, by showing the problems in these pieces of software for fun, Gary and Greg have done a great service to all those working in the software. Mistakes in online games are undoubtedly rooted in issues of software found in the "real world" software as well.
This is an excellent opportunity to discover the types of problems of security software that hit too many of our systems, games for mission critical enterprise applications today.
Anonymous 10:23 pm on November 13, 2009 Permalink
This is the result of incursions from the Hoglund is cheating in Warcraft. He did a great Black Hat presentation on the same subject in 2006, as well.
Even if you are a security expert, you learn things. For example, requirements for games (responsiveness, efficient use of network bandwidth, etc.) require them to design their systems with the risk, and that this risk can be exploited. The only alternative is to run the entire game on their servers and client programs are simply display stations, and it just will not work. It makes reading very good.
Even Hoglund political rants are enjoyable to read, even if they ring hollow. It's okay for him to hack the system by all means necessary, because he is a hacker and this is what hackers. But this is not right for the people who run these games for the hack back because it's an invasion of privacy. How dare they! It seems that the real offense is that he was out piracy, yeah, it's annoying to lose.
I rate only three stars because I expect it will not age well. If you read this review in 2007, you can buy the book, it's great. Buy it, you'll love it. If you are reading in 2008, 2009 or beyond, to recognize that the principles it illustrates are likely to be true for a long period, but the details have a life.