Author: Greg Hoglund and Gary McGraw
Publisher: Addison Wesley, 2007
Aimed at: Web developers
Pros: A thought-provoking book for anyone interested in security
Cons: Some boring sections
Reviewed by: Mike James
This sounds like a book with only minimal appeal to the general reader. If you are a skilled programmer and very much “into” online games then you probably think that Greg Hoglund and Gary McGraw’s book would be relevant –and it is if you are interested in “cheating”. In fact it has a wider appeal and if you are interested in “hacking” or security in general then it contains quite a lot of interest. It does deal with the specifics of World of Warcraft and Second Life but there is a lot of generalisable discussion of how to attack distributed web-based systems. Of course most of the attacks described are well known and you aren’t going to get very far if you simply attempt to use them. Their real value is as a guide to how you have to think to create new attacks. The point is that knowing how such a distributed system might be attacked gives you a clearer idea of what you have to do to protect it. Systems like these distributed gaming applications are also the way of the future. Software has to become increasingly distributed and parallel because we are at the end of the era where the power of a single processor increases without limit to one where the number of processors increases. The attacks that are currently being made on gaming systems probably represent the sort of security risks that general future systems are going to be subject to. As long as you know enough to read C then you can’t help but find something novel.
<Reviewed in VSJ>