| Hacking: The Art Of Exploitation |
Website Links For Hacking |
Information AboutHacking: The Art Of Exploitation |
| CATEGORIES ABOUT HACKING: THE ART OF EXPLOITATION | |
| 2003 books | |
| computer books | |
| no starch press | |
| technical books | |
|
CONTENT The content of ''Hacking'' moves between Programming , Networking , and Cryptography . While well explained, it ''is'' a technical piece; some C Programming experience is essential, although a firm understanding of basic networking and a basic idea of what cryptography is helps as well. While ''Hacking'' is packed with technically accurate, detailed information, it is still a basic introduction to the subject of computer security. ''Hacking'' also does not use any notable measure of real-world examples; discussions rarely bring up specific worms and exploits that had previously existed, such as the PNG library overflows or the Blaster Worm and related RPC service overflow. Thus, an inexperienced reader may not immediately make the connection between the theory and the reality of attack. Programming The Programming portion of ''Hacking'' makes up over half of the book's total content. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic Assembly Programming . The demonstrated attacks range from simple Buffer Overflow s on the Stack to complex techniques involving overwriting the Global Offset Table . While Erickson discusses some countermeasures such as a Non-executable Stack and how to evade them with Return-to-libc Attack s, he does not dive into deeper matters without known guaranteed exploits such as Address Space Layout Randomization . Most protections afforded by the Openwall , GrSecurity , and PaX projects appear to be out of scope for ''Hacking''; as do kernel exploits. It has been suggested that ''Hacking'' be used to teach "basic computer programming fundamentals" in one review included in the opening pages of the book. Although these reviews are placed in the text for Marketing purposes, the programming section of the book is technically accurate and does convey a lot of information not taught in typical introductory computer programming classes. Whether its use as a fundamental teaching tool would lead to more security-conscious and security-competent programmers overall is, however, neither studied nor proven. Networking The Networking segment of ''Hacking'' has control of less than half of the remaining text. It explains the basics of the OSI Model and basic networking concepts; Packet Sniffing ; Connection Hijacking ; Denial Of Service ; and Port Scanning . Although technically accurate, the networking section of ''Hacking'' only serves as a basic introduction to network security. Countermeasures such as complex Firewalls ; Stateful Packet Inspection ; Network Address Translation , the threat of firewalking, and countermeasures thereof; Intrusion Detection and Prevention ; and Virtual Private Network s are not discussed. Cryptology The Cryptology section of ''Hacking'' consumes the rest of the book's pages. This is another bottom-up section, starting off with basic information theory and moving through Symmetric and Asymmetric Encryption . It winds out in cracking WEP utilizing the Fluhrer, Mantin, And Shamir Attack . This section appears to be miscellaneous information for the aspiring cryptology scholar. Besides the basics, including Man-in-the-middle Attack s, Dictionary Attack s, and the use of John The Ripper ; ''Hacking'' discusses Quantum Key Distribution , Lov Grover's Quantum Search Algorithm , and Peter Shor's Quantum Factoring Algorithm for breaking RSA encryption using a very large Quantum Computer . LIBRARY OF CONGRESS CATALOGUING-IN-PUBLICATION DATA :Erickson, Jon (Jon Mark), 1977- :::Hacking : the art of exploitation / Jon Erickson. :::::p. cm. :::ISBN 1-59327-007-0 ::1. Computer security. 2. Computer hackers. 3. Computer networks--Security measures. I. Title. ::::QA76.9.A25E72 2003 ::::005.8--dc22 SEE ALSO REFERENCES
|
|
|