ABSTRACT

This talk (based on a book of the same title co-authored by Greg Hoglund) frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred approach is fully loaded with code examples, debuggers, bots, and hacks. If you are a gamer, a game developer, a software security person or an interested bystander, this book exposes the inner workings of online game security for all to see. In the talk, I will cover: Why online games are a harbinger of software security issues to come? How millions of gamers have created billion dollar virtual economies? How game companies invade your privacy? Why some gamers cheat? Techniques for breaking online game security. How to build a bot to play a game for you? Methods for total conversion and advanced mods.Ultimately, this talk is mostly about security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software yet to come. The kinds of attack and defense techniques I describe are tomorrow's security techniques on display today. Biography: Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Software Security: Building Security In was released in 2006, with Exploiting Online Games slated for release this year. His other titles include Java Security, Building Secure Software, and Exploiting Software; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine. Company www.cigital.com; Podcast www.cigital.com/silverbullet; Blog www.cigital.com/justiceleague; Book www.swsec.com; Personal www.cigital.com/~gem Refreshments 4:30 p.m. in Lounge Other Recent and Upcoming Colloquia