Comments on: Exploiting Online Games: Cheating Massively Distributed Systems

By: Michael Gegick

Michael Gegick — Sat, 23 Jan 2010 03:02:11 +0000

Certainly not another book on the typical buffer overflow, XSS, and SQL injection vulnerabilities — finally! Hoglund and McGraw present numerous exploits in gaming software that allow players to cheat other players and the lucrative investments of the software manufacturer. The reasons why people cheat these games and the outcomes are stunning. Software organizations such as Blizzard Entertainment have installed spyware with their software to mitigate attacks, but have crossed the line by violating the privacy of the user’s computer. Exploiting Online Games brings about a fantastic question for today’s and tomorrow’s software security which is, where do we draw the line between protecting a software system and honoring an end user’s privacy? This book provides fantastic research on how attackers exploit vulnerabilities in gaming software. There is plenty of evidence that software organizations need to reconsider how they should apply their security efforts.

Building secure software using McGraw’s yin and yang theme from “Software Security: Building Security In” is discussed in the book and, if practiced in software shops, may secure the software (the root of the problem) and thus alleviate the need for additional software such as rootkits that can lead to privacy violations. A few really fascinating discussions about the more fascinating design flaws involved with time and state are also included. Anyone who is concerned about software security (which should be everyone) or wants to learn about software security should read Exploiting Online Games!

Rating: 5 / 5

By: L. Johan Sellstrom

L. Johan Sellstrom — Sat, 23 Jan 2010 02:40:56 +0000

I really appreciated the detail the authors went into in order to clarify how to pull off certain exploits. It was obvious that they had really tried them all hands on.
Rating: 4 / 5

By: Peter Knepley

Peter Knepley — Fri, 22 Jan 2010 23:57:28 +0000

I thought the book would contain more about FPS cheating and less about WoW. It’s 90% about WoW. I don’t work on an MMO so I got bored quick.

Not a horrible book, but not fantastic either. I preferred Hoglund’s Rootkit book since it had more generic approaches to subverting win32 processes.

If you work on an MMO, you should probably pick this one up.
Rating: 3 / 5

By: Real Name

Real Name — Fri, 22 Jan 2010 21:22:43 +0000

By the way, you can read more in my book . . .

If you want to know more, buy . . .

Discuss further in my book and every other book printed by my publishing company . . .

This book is a mess of poorly clarified code snippets and self promotion. Also, it focues 90% of its hacking on WoW. If you don’t know anything about World of Warcraft, then you will be completly lost. I have /timeplayed 1000 hours, so I could follow all of the WoW references, but unfamiliar readers will not know large parts of the book.

Half of the work in this book is just cut and pasted from code scattered on the internet. If you don’t know C++, how to exploit the Windows OS, or modifying memory, these walls of code don’t make much sense.

This is the first book I have ever returned. The constant self promoting and bone idle cut and paste code just frustrated the hell out of me.
Rating: 2 / 5

By: U. G.

U. G. — Fri, 22 Jan 2010 19:05:52 +0000

Well, the title says it all. The book talked about some useless topics such as why to cheat and about cheating. It also showed source code from other peoples programs (already open-source), and somewhat clarified what each part of it does, but didn’t go in to details (users like me who don’t know about memory modification didn’t know it at all). Not to mention that all of the programs they use as an example will get you banned because of Warden. They don’t talk about the largest problem with botting which is how quick you will get banned without protection.

I really write bots for World of Warcraft using Innerspace (and ISXWoW). If you really want to bot and don’t know enough to modify memory and reverse engineer large scale programs, look into those instead of this book.
Rating: 2 / 5