About the Authors

Greg Hoglund

Greg Hoglund

Greg Hoglund is a largely self-taught computer hacker who, like many others of his generation, stepped into the industry at the right time and place to make a career out of it. Because a decade ago computer security was so new, there was no formal curriculum for teaching software exploit. In fact, direct, deeply technical discussion of attacks remains rare to this day. Hoglund found he had a special skill in structuring and explaining complex information about attacks and attack patterns so that other people can understand it. Success in this area led naturally to training and writing.

An entrepreneurial spirit combined with a strong self-motivation to "do his own thing" led Greg to found a number of security companies, including Cenzic and BugScan. He is currently involved in his third start-up, HBGary, Inc., a company that specializes in using software to catch bad guys using covert monitoring and forensics. HBGary services primarily U.S. Department of Defense organizations. Greg's primary interests in computer security center on exploiting bugs and reverse engineering low-level software. After many years of applying his knowledge to low-level operating systems code, Greg's interest in hacking was rekindled when he came across the concept of hacking online games. He has applied his skills to game hacking for the last few years, with a primary focus on Blizzard Entertainment's World of Warcraft game (as is evident from this book and his other published material on the Net). He has also spent time hacking Asheron's Call II, EVE Online, and Vanguard.

Hoglund has coauthored two deeply technical bestselling books, Rootkits: Subverting the Windows Kernel with Jamie Butler (Addison-Wesley, 2005) and Exploiting Software with Gary McGraw (Addison-Wesley, 2004). He also operates the popular Web site rootkit.com. In his day-to-day work, Greg obtains and executes multimillion-dollar security contracts with the U.S. government. He also teaches advanced classes on rootkit development several times a year. Greg aspires to develop a new game someday, and he wants to become more involved in game security issues. He is married to Penny Hoglund and has an eleven-year-old daughter and three dogs. When not flying around the country working, Greg likes to be in Carmel, California, at his beach house. He also strangely enjoys being frustrated about something or another going wrong with his sailboat.

Gary McGraw

Gary McGraw

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm that has provided services to some of the world's best-known companies for a decade. Dr. McGraw is a globally recognized authority on software security and is featured frequently as a keynote speaker at events coast-to-coast as well as internationally. His strategic advice counsels business executives and top management, technology developers, and IT and operations staff in industries such as finance, hospitality and gaming, and e-commerce. He sits on the Board of Directors of Cigital, chairs Fortify Software's Technical Advisory Board, and serves as an advisor to Raven White. Gary also speaks at academic conferences and participates in academia by advising the Computer Science departments of the University of Virginia and the University of California, Davis. He is a member of the Dean's Advisory Council of the School of Informatics at Indiana University. Among his federal government credentials is serving as a prime contributor on the National Cyber Security Summit Alliance study Security Across the Software Development Lifecyclein 2005.

Dr. McGraw has, quite literally, written the book on software security, with six of them bestselling in their field. He coauthored the groundbreaking Building Secure Software with John Viega (Addison-Wesley, 2001), introducing ideas that were expanded and made actionable in Sofware Security: Building Security In(Addison-Wesley, 2006). His other titles include Java Security (Wiley, 1996), Securing Java (Wiley, 1999), Software Fault Injection (Wiley, 1998), and Exploiting Software (Addison-Wesley, 2004); he is also editor of the Addison-Wesley Software Security series. He has authored over ninety peer-reviewed scientific publications, writes a monthly security column for darkreading.com, and is often quoted in the press. He holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from the University of Virginia. He serves as a member of the IEEE Security and Privacy Task Force and the IEEE Computer Society Board of Governors. He also produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

When not performing as a technologist, scientist, author, and speaker, Gary is an active musician, playing the violin since the age of three. He has been doing improvisation since college; his other instruments include mandolin and guitar. He plays occasional gigs and records original music with the band Where's Aubrey, the band's repertoire ranging from old-time folk music to modern jazz. Gary and his wife, Amy Barley, live with their two sons and an assorted menagerie on a farm on the banks of the Shenandoah River with vistas of the Blue Ridge Mountains.