Greg Hoglund and Gary McGraw Exploiting Online Games: Cheating Massively Distributed Systems (with a foreword by Ed Felten) http://exploitingonlinegames.com, http://www.cigital.com/silverbullet/ provides some background on the book. Gary McGraw wrote: The most interesting thing to me about EOG is that I believe the kinds of time and state errors found in MMORPGs [massively multiplayer online role-playing games] like World of Warcraft are indicators of what we can expect over the next decade as SOA actually catches on. You see, moving around state between gazillions of clients and a central server in real time is a huge security challenge. Most software people screw it up. Darkreading wrote a little story about this: http://www.darkreading.com/document.asp?doc_id=128961&WT.svl=news1_1 The book is packed with real code, hard-core examples, and things you can try yourself. Give it a spin! For multiplayer game developers, the book is a goldmine on virtual-world security -- particularly what needs to be learned from the RISKS Experience. For RISKS readers not really interested in games per se, there is still much grist for the mill in this book. The subtitle of the book is perhaps the real hook, exploring what developers of large complex distributed systems need to learn and mistakes not to make. A quote from Avi Rubin is pithy: "Every White Hat should read it. It's their only hope of staying only one step behind the bad guys." PGN ------------------------------