Hacking: The Art of Exploitation

What is hacking? According to Fox News or USA Today it's bad people doing bad things with computers. Ask a hacktivist and he'd tell you hackers are just free spirits exploring the Internet. According to security expert and author Jon Erickson, hacking consists of creative program solving, used for better or for worse by programmers and criminals. Regardless of how you feel about the phenomenon, it exists. You can either stick your head in the sand or learn and adapt.

If your inclination leans toward the latter, check out Hacking: The Art of Exploitation, written by Erickson and published by No Starch. If you're interested in philosophical debates, however, steer clear -- the book is too busy dishing out practical info.

The meat of the book consists of exploits, those nasty little vulnerabilities that can turn your desktop into a Viagra-hawking zombie. Buffer overflow? Got it. Busting non-executable stacks? Yo. Spoofin' packets? Aw yeah. This portion of the book is a security professional's paradise, burrowing down to the code level of dozens of different loopholes and explaining the underlying logic behind the attacks. The book comes with a CD-Rom with a bootable Linux hacking environment so you can tinker all you want without affecting your system's normal OS.

Not a programmer? Don't feel like you could get absolutely nothing from this book. The first two chapters focus on theoretical stuff that are common among all programming languages, like If-Then-Else constructs and For loops. Probably this chapter will be skipped over by more experienced readers, but I see it as being very helpful to absolute noobs who just want to learn more about hacking. Although, unless you are a sophisticated programmer, sooner or later you'll reach the limit of your abilities and you'll have to close the book. Despite the accessibility of these initial topics, Hacking is not really a beginner's resource.

So what is the value of this book? Some people equate hacking purely with criminal activity. Others take a blind eye to ne'er-do-wells and think of this sort of knowledge as pure and innocent. The reality may lay in the middle; a double-edged sword that may help criminals but also aids the efforts of security professionals and private citizens. Books like Hacking might help the bad guys but they definitely help the good.

Review: Hackers & Painters

Paul Graham calls himself a hacker. A programmer with one of the first ecommerce startups, he sold his online store software to Yahoo! for about $50 million in shares. Since then he has focused on a number of projects, including Arc, a new dialect of the programming language Lisp (more on this later) as well as writing for his web site. In Hackers and Painters: Big Ideas from the Computer Age, Graham collected his best essays into one volume.

(Note: This book was published in 2004 so it isn't exactly timely. Is it too soon to file it under the "Blast from the Past" category? Also, the author resolutely uses "hacker" as if it were synonymous with "programmer." Yeah, he's one of those. So if you're looking for a volume on l33t h4x0rz this ain't it.)

Graham scores a home run with his first essay, "Why Nerds are Unpopular." I dunno about you, but when I was in High School it was a total mystery to me why no one liked me. This essay was very illuminating and as mentioned all over the internet, is worth the cost of the book by itself. The rest of the essays cover a variety of topics ranging from managing startups to the division of wealth to what programming language people will be using 100 years from now. He presents a compelling case for

The segment I liked least was the one discussing Graham's deep and abiding love of the programming language Lisp. One of the oldest still-used languages, only Fortran precedes it. Somehow in the last few years, Lisp has experienced a renaissance, with more and more programmers learning it. Graham has a reputation for being an almost quixotic proponent of the language, and even has announced Arc, his own open-source dialect of Lisp. Since the book's publishing, Arc has apparently languished and has yet to be released. Perhaps fascinating for some, for me the Lisp rant was easily the least readable portion of the book.

But don't let that last bit get you down. For the most part Hackers & Painters presents some pretty compelling ideas in an articulate and entertaining voice.