Or, something like that. This seems to be the statement that the authors of Exploiting Online Games: Cheating Massively Distributed Systems are trying to make. While the philosophy of publicizing exploitable issues in order to bring about more secure software is worthy of its own book(s), Exploiting Online Games: Cheating Massively Distributed Systems does provide some useful knowledge and interesting insight, regardless of the color of your current hat.
So, who does it take to write a book like Exploiting Online Games: Cheating Massively Distributed Systems? Well, first, you have Greg Hoglund, self-taught hacker whose interest in security has led him to start several Security companies, hack World of Warcraft, Asheron's Call, EVE Online and Vanguard and write books and operate a website on Rootkits. It also has led him to obtain and execute multi-million dollar security contracts with the U.S. government. This guy must have an interesting hat collection, in quite a multitude of shades. Secondly, you have Gary McGraw, CTO of Cigital, Inc., a software security and quality consulting firm that has "provided services to some of the world's best-known companies for a decade." Gary is highly involved with the security scene, but seems to be more white-hat than his cohort and co-author, Greg.
Exploiting Online Games: Cheating Massively Distributed Systems provides an interesting look at the security built into MMO games, from concept to practical knowledge, and this book explains how data can be manipulated and used, why the data is ever at risk in the first place and details some of the escalation in the MMO hacking wars that have gone on, with mods and anti-mod measures and anti-anti-mod measures, etc.
First, Exploiting Online Games: Cheating Massively Distributed Systems looks at the basics of MMO security and an analysis of exactly what is considered cheating. It's interesting to see how the lines between black and white can be muddied when games' license agreements disallow things such as using keyboard macros and even simply using the game without connecting to the developer's game server.
One of the above-mentioned anti-hacking measures is, quite frankly, frightening and is an excellent example of how the "good guys" can be doing wrong. This particular anti-cheating measure is, in fact, one of their reasons behind the creation of Exploiting Online Games: Cheating Massively Distributed Systems. I am speaking of "The Warden," an anti-cheating measure that is shipped with World of Warcraft and was discovered and "outed", if you will, by one of the authors - Greg Hoglund. In response, Greg created a program called, "The Governor," that allows WoW players to watch what "the Warden" is up to; the source for this program is included in the book. The problem with the Warden is that it doesn't only snoop on files related to World of Warcraft; it snoops through your whole system, capturing data that could be confidential in nature.
Exploiting Online Games: Cheating Massively Distributed Systems discusses bugs in games that are exploitable, giving generic types of exploitable issues and following up with concrete examples from current MMO games. Beyond this, the book goes into more technical activities, such as using a software debugger (a common programmer's tool) to modify an MMO game's client code, as well as ways that current MMO games attempt to thwart this type of meddling... and how to get around these attempts. This is interesting stuff, but not for the faint of heart... or anyone not technically-inclined; there is a pretty good amount of code in this book.
If you're looking for a primer on the current state of MMO security, Exploiting Online Games: Cheating Massively Distributed Systems is not a bad place to start. There is a decent amount of detail on a lot of topics here, from creating bots to DLL injection. If you're looking for a book that will tell you everything you could ever want to know about a single one of these topics, you may be disappointed. Exploiting Online Games: Cheating Massively Distributed Systems goes more in-depth than a simple overview, however, and is bound to have useful information for anyone interested enough in MMO security to read this far.
