Monday, March 3, 2008

Hacking: The Art of Exploitation

Hacking: The Art of ExploitationWhat is hacking? According to Fox News or USA Today it's bad people doing bad things with computers. Ask a hacktivist and he'd tell you hackers are just free spirits exploring the Internet. According to security expert and author Jon Erickson, hacking consists of creative program solving, used for better or for worse by programmers and criminals. Regardless of how you feel about the phenomenon, it exists. You can either stick your head in the sand or learn and adapt.

If your inclination leans toward the latter, check out Hacking: The Art of Exploitation, written by Erickson and published by No Starch. If you're interested in philosophical debates, however, steer clear -- the book is too busy dishing out practical info.

The meat of the book consists of exploits, those nasty little vulnerabilities that can turn your desktop into a Viagra-hawking zombie. Buffer overflow? Got it. Busting non-executable stacks? Yo. Spoofin' packets? Aw yeah. This portion of the book is a security professional's paradise, burrowing down to the code level of dozens of different loopholes and explaining the underlying logic behind the attacks. The book comes with a CD-Rom with a bootable Linux hacking environment so you can tinker all you want without affecting your system's normal OS.

Not a programmer? Don't feel like you could get absolutely nothing from this book. The first two chapters focus on theoretical stuff that are common among all programming languages, like If-Then-Else constructs and For loops. Probably this chapter will be skipped over by more experienced readers, but I see it as being very helpful to absolute noobs who just want to learn more about hacking. Although, unless you are a sophisticated programmer, sooner or later you'll reach the limit of your abilities and you'll have to close the book. Despite the accessibility of these initial topics, Hacking is not really a beginner's resource.

So what is the value of this book? Some people equate hacking purely with criminal activity. Others take a blind eye to ne'er-do-wells and think of this sort of knowledge as pure and innocent. The reality may lay in the middle; a double-edged sword that may help criminals but also aids the efforts of security professionals and private citizens. Books like Hacking might help the bad guys but they definitely help the good.

No comments: