• About
• Press
• Contents
• Order
• Events
• Errata
• Contact

Press

Reviews

• Z Trek: "'Tis the season to buy tech books" (December 7, 2007).
• ;login: (December 2007) [PDF]
• Game Vortex (Decmeber 2007)
• Risks by Rob Slade (October 22, 2007)
• Dr. Dobb's: "Three Angles on Security" (October 5, 2007)
• Video Game Generation: "Hack Job." (September 23, 2007)
• GameDev.net (September 13, 2007)
• Seven Days (August 29, 2007)
• Ten Ton Hammer Book Review (July 23, 2007)
• Peter G. Neumann on The Risks Digest (July 15, 2007)
• The Secure Software Zone (July 12, 2007)
• PCN (July 2, 2007)
• The Rabies Blog (July 8, 2007)

Other Press

Podcasts in red.

• April 29, 2008
: What tech book are you reading right now?, Blogus Maximus.
• March 18, 2008: The oldest debate: Cheating, Level 1 Wizard.
• March 12, 2008: Criminals step into virtual world, The Gazette (Canada).
• February 15, 2008: Sadville insecurity invites pickpockets, The Register.
• February 15, 2008: The Second Life Quicktime exploit soon redone?, VintFalken.com.
• February 7, 2008: Exploiting Online Games, HiR Information Report.
• February 6, 2008: Haxx0ring 4tw, The Joshua Tree.
• January 20, 2008: Online Game Security, UW Computer Security Course Blog.
• January 16, 2008: The State of Security in MMORPGs, Slashdot.
• January 12, 2008: Top 10 Tricks to exploit SQL Server Systems, Hacking Truths.
• January 2, 2008: Top IT Conversations Shows for December 2007, Phil Windley's Technometria.
• January 1, 2008: Security researchers warn of dangers in online games, Massively.
• December 26, 2007: Games People Play, Network Sentry.
• December 20, 2007: Real Flaws in Virtual Worlds, SecurityFocus.
• November 30, 2007: Gary McGraw on Exploiting Online Games, informIT.
• November 30, 2007: Online Games Use Fraud Software to Combat Cheats, Wired.
• November 27, 2007: MMO Security: Are Players Getting Played?, TechNewsWorld.
• November 9, 2007: Online Gaming & Enterprise Security: Not Just Kid Stuff Anymore, Tech Forum Live.
• November 7, 2007: Technometria: Exploiting Online Games, ITConversations.
• October 31, 2007: Hugh Thompson interviews Gary McGraw, AT&T Tech Channel. (video)
• October 26, 2007: Exploiting Online Games: Virtual World Security-Greg Hoglund, Second Life Online.
• October 16, 2007: Virtual spoilsports, The Columbus Dispatch.
• October 15, 2007: Online game cheating moving up to new level, The Chicago Tribune
• October 14, 2007: With real money now at stake, crackdowns on video game cheating gain currency, Savannah Morning News.
• October 12, 2007: Experts work on technology to prevent hackers from manipulating online video games, The Albuquerque Tribune.
• October 11, 2007: With real money at stake, cheating is far from fantasy, Evansville Courier & Press.
• October 11, 2007: It's virtually cheating, The London Free Press.
• October 10, 2007: In world of gaming, cheating gets difficult to handle, Augusta Chronicle.
• October 8, 2007: Stakes rise in fight against video-game cheating, Denver Post.
• October 8, 2007: Virtual cheating, real effect, Akron Beacon Journal.
• October 7, 2007: With real money now in play, game makers look to limit cheating, Seattle Post Intelligencer.
• October 7, 2007: Real Money Changes Everything, InsideBayArea.com.
• October 7, 2007: Crackdowns on video game cheating gain currency, canoe.ca.
• October 7, 2007: Crackdown on video cheating, Louisville Courier-Journal.
• October 7, 2007: It's virtuall cheating, Edmonton Sun.
• October 7, 2007: The Battle for Fair Play, The Philadelphia Inquirer.
• October 7, 2007: Stolen Magic: Online gaming takes hard look at problem of cheaters, Winston-Salem Journal.
• October 6, 2007: Online game companies get serious about cheating, Houston Chronicle.
• October 6, 2007: With real money at stake, video game cheating an issue, Bloomington Pantagraph.
• October 6, 2007: Calling Foul on Cheating Gamers, E-Commerce Times, TechNewsWorld.
• October 4, 2007: Companies begin video game cheating crackdown, Bryan College Station Eagle.
• October 4, 2007: Can video game cheating be prevented?, Modesto Bee.
• October 4, 2007: The lucrative world of cheating, Waterloo Record.
• October 4, 2007: Online computer gaming provides anti-scam groups with even more reasons to worry, Pittsburgh Post-Gazette
• October 3, 2007: Citizen of the week: McGraw completes seventh book, Clarke Times-Courier.
• October 3, 2007: Crackdown on video game cheaters gaining, Belleville News Democrat.
• October 3, 2007: Makers of online games trying to thwart cheaters, Myrtle Beach Sun News.
• October 3, 2007: Hacking expands with online games, NewsOK.com.
• October 2, 2007: Can Video Game Cheating Be Prevented?, The Great Geek Manual News.
• October 2, 2007: Can Cheating At Warcraft Be Stopped?, Video Games.
• Octboer 2, 2007: Can Cheating At Warcraft Be Stopped?, VH1 Game Break.
• October 2, 2007: MMORPGs: CNN takes a closer look at the cost of cheating, MMORPG blog.
• October 1, 2007: Can Video Game Cheating Be Prevented?, Associated Press.
• October 1, 2007: Can cheating in online games be prevented?, Gaming Briefs.
• October 1, 2007: Video-game cheaters get $erious, Deseret News.
• October 1, 2007: Trying to Stop the Cheating, Inland Valley Daily Bulletin.
• October 1, 2007: Virtual war declared on cheating gamers, Miami Herald.
• October 1, 2007: Crackdowns on video game cheating gain speed, Maryville Daily Times.
• October 1, 2007: Beating cheaters at own game, HeraldNet.
• October 1, 2007: Cracking down on cheating, News-Leader.com, The State.
• October 1, 2007: Trailing real cheaters in virtual worlds, TheNewsTribune.com.
• October 1, 2007: As currency of online games gets real, cheating can turn into fraud, Sarasota Herald-Tribune.
• October 1, 2007: In Today's Complex Online Games, Cheaters Keep Virtual Cops Busy, The Ledger.
• October 1, 2007: With real money now at stake, crackdowns on video game cheating gain currency, AZ Central, Tuscaloosa News, North County Times, Houston Chronicle, Pittsburgh Tribune-Review, PR-Inside.com, CBC.ca, Canada East, The Canadian Press, Salt Lake Tribune, KTRE, Bradenton Herald, The Journal News, Jackson Clarion Ledger, Urbana Daily Citizen, Gamez.
• October 1, 2007: Video games crack down on cheating, CNN.
• October 1, 2007: Can Video Game Cheating Be Prevented?, ABC News, MSNBC, Washington Post, Sun-Sentinel.com, Chicago Tribune, Daily Press, Baltimore Sun, LA Times, Press of Atlantic City, Denver Post, Twin Falls Times-News, nwi.com, MyFox DC, MyFox Kansas City, MyFox Colorado, PhysOrg.com, Video Gaming Blog.
• September 29, 2007: Will the cheaters always ruin the game?, DailyBreeze.com.
• September 17, 2007: Will Users Ever Smarten Up About Phishing?, PC World.
• September 11, 2007: What's Jim Reading? Hacking WoW, RiskBloggers.com.
• September 10, 2007: Online Games, Political Campaigns Provide Opportunities for Electronic Criminals, press release.
• September 3, 2007: Hey, gamers, cheating is a science, The Grand Press.
• August 29, 2007: Another good book - Exploiting Online Games: Cheating Massively Distributed Systems, The Vanguard forum.
• August 25, 2007: Software Engineering Podcast
• August 21, 2007: Claims that ArenaNet supports gold farmers and dupers surface, WarCry's Razorwire.
• August 14, 2007: The Ultimate Insider, an article by Gary McGraw on Dark Reading.
• August 13, 2007: Interview:Author Gary McGraw of Exploiting Online Games, Gamernode.
• August 10, 2007: Book Excerpt: Exploiting Online Games, Gamasutra.
• August 10, 2007: Up, Up, Down, Down, Left, Right, B, A, Slate.
• July 27, 2007: How cheaters are winning at online games like World of Warcraft, Network World.
• July 26, 2007: Second Life Goes Legit, Forbes.
• July 23, 2007: All's Fair In Love And Warcraft, Forbes.
• July 18, 2007: Security and games: exploiting online games, ebiquity group blog.
• July 16, 2007: Virtual Worlds, Real Cheaters, Information Week (also, iTnews.
• July 13, 2007: Would you like to play a game?, 1 Raindrop.
• July 13, 2007: Exploiting Online Games (foreword), Freedom to Tinker.
• July 13, 2007: Security and Online Games, Geeky Mom.
• July 13, 2007: Online Games to Cause Software Security Issues, Dark Reading.
• July 12, 2007: Online Gaming's Seamy Underside, darkreading.com
• July 12, 2007: Exploiting online games for fun and profit, Security Bytes.
• July 12, 2007: Preface from Exploiting Online Games, onlinesecurityblog.com.
• July 11, 2007: Amazon.com suggests hacking Second Life, int2e blog.
• July 3, 2007: Online Gaming and Criminality with Gary McGraw (video podcast, iTunes link; also: iTunes audio-only or online audio), OnSecurity.
• June 25, 2007: Newsmaker podcast: Gary McGraw, Security Bytes.
• June 21, 2007: Hacking WoW and the pursuit of knowledge, The Register.
• June 20, 2007: James' USENIX 2007 notes: Exploiting Online Games, l33tskillz.org.
• April 14, 2007: Feeding the Game: Online Game Security Issues, ITConversations.
• March 14, 2007: Online game exploits threaten IT security, SearchSecurity.com.
• August 17, 2006: Is Blizzard Spying?, Game Industry News.
• August 7, 2006: The Next Research Frontier: Game Cheating, eWeek.

Advanced Praise

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system—you should be the first.

"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."

Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."

Cade Metz
Senior Editor
PC Magazine

"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."

Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills—especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."

Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."

Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."

Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis

"This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-super-mega-blow-em-up games can deliver. w00t!"

Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL