Hack Attacks Revealed, Second Edition

Reader Bill Camarda reviewed Wiley & Sons' Hack Attacks Revealed in June, 2001. Now Tom Brays has examined the book's second edition, and concludes that it's well worth the read. Read on below for his review of the second edition (and the the linked review of the first edition) to get an idea of how the new version stacks up.

Hack Attacks Revealed: A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit, Second Edition
author	John Chirillo
pages	960
publisher	John Wiley & Sons
rating	9/10
reviewer	Tom Brays
ISBN	0471232823
summary	All things considered, Wiley should have waited and released this first; this book pans out to be more of an original than a second edition and well worth the read.

The first edition instigated quite a bit of controversy with some glaring errata and misconstrued statements, and the author claims to have alleviated them as well as accommodating critiques:

The primary difference between this second edition and the original Hack Attacks Revealed, aside from some rectified errata, is approximately 300 pages of over 170 new exploits, advanced discovery techniques, malicious code coverage of Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II and more, current vulnerabilities, advisories, and hacking labs with additional illustrations, and techniques for routers, operating systems (including Windows 2000/Pro and XP, Solaris, LINUX), and server software daemons. You'll also find a special chapter dedicated to the Top 75 Hack Attacks.

To accommodate the new material, most of the extraneous information, lists, and most source code was moved from the book to the CD-ROM. In addition to the new material, you'll find a special single license release of the internetworking security toolkit, TigerSuite Pro 3.5. This kit contains modules to discover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and more, plus a special 60-page usage and user guide.'

This book promises quite a bit in a new edition; let's see what's really in here ...

Okay, there are 914 pages (only about 15 or so with source code this time) and the chapter layout is completely different as the book starts with a Technology section, followed by Discovery, then Penetration, Vulnerabilities, and finally the Toolbox.

The technology section is nicely abridged to about 87 pages. The Discovery part differs greatly in that the source code has been moved to the CD and the author has added more coverage and examples, plus some stealthier techniques and more recent SNMP, file sharing, DNS, NetBIOS, and CGI stuff. The ports and services sections are still there but I found them to be pretty handy references at any rate. Also, the Penetration section now contains updated material; it's nice to see IDS stuff added in here too.

In addition, the Vulnerabilities section is promising. There's an excellent chapter in which Chirillo identifies what he considers the top 75 exploits -- examples that have certainly proven to be persistent examples of security weaknesses -- and the newer material especially makes this chapter significant. It contains thorough coverage as well as countermeasures for the listed exploits.

The CD contains some of the same plus full licensed software, an updated repository and all of the source code moved from the original text.

All things considered, Wiley should have waited and released this first; this book pans out to be more of an original than a second edition and well worth the read.

---

You can purchase Hack Attacks Revealed, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hacking is terrorism

[(1337) God]

And we need to do everything we can to prevent system information from being released.

Security through obscurity might not be good in principle, but in practice it's well-tested and the only way to go. Just look at the CIA, FBI, NSA, etc. It works for them.

Re:Hacking is terrorism

[drblunt]

...I'm not quite sure if you are being facetious or not. On the chance that you are not...
I'm going to buy this book, so that I can look at the practices and methods being employed, and counter them, in order to keep my clients networks safe, as well as my home network.

To mix a quote from both School House Rock and GI Joe: It's good to learn, cause knowledge is power, and knowing is half the battle.

Doc

Re:Hacking is terrorism

[MnO-Raphael]

Security through obscurity might not be good in principle, but in practice it's well-tested and the only way to go

Really? When MIT-students back in the 60-70ies stopped playing with modeltrains and started looking into the new emerging telephone networks, I thought we learned that obscurity is no match for devoted geeks.

Re:Hacking is terrorism

[Anonymous Coward]

You make it sound as though through sheer brainpower these MIT geeks were able to find out info about the phone network.
Please.
I know university is a cult and that it's a knee-jerk reaction to think that MIT students are nearly god-like, but please.
It's mostly through dumpster diving and social engineering that the phone networks got hacked. And fortuitous occurences, like that billing machine tape on the cover of that magazine.
See? YOU try to find out on your own what the hell I'm talking about. Not possible. You have to ask someone.
Please, enough with the MIT students are god bullshit. Have you LOOKED at what these monkeys consider work over there?

Re:Hacking is terrorism

[MnO-Raphael]

let me help [mit.edu] you control your anger.

The point is not who and how, but merely that obscurity is a useless principle in security. I could mention certain modern software companies here, but since names makes you tick....

Re:Hacking is terrorism

[Anonymous Coward]

last time i checked, those facilities were secure from you and me, but those pesky Russians were quite capable of getting the info they needed.

so your theory is wrong, obscurity is time tested, but fails completely when going against an ENEMY.
because those enemies are willing to spend the time and money.

isn't this a dupe?

[cherrypi]

isn't this a dupe?

Nope

[(1337) God]

The first edition was reviewed before [slashdot.org], but this article is about the second edition.

Now, time to see how much has actually changed between the two releases :-]

Does he provide

[Gortbusters.org]

the source code for all those fun little worms? :0

Discovery, then Penetration ....

[burgburgburg]

Discovery, then Penetration, Vulnerabilities, and finally the Toolbox

Okay, I can think of five separate double-entendre jokes built on this framework. I'll leave you to your own devices (Does that make six?).

Re:Discovery, then Penetration ....

[ChaoticLimbs]

Hilarious. But I got nothing.

best hack attack

[Anonymous Coward]

The best I've seen was a worm that propogated using a vulnerability in Red Hat Linux 5 systems. When it arrived it opened up a mail relay and started forwarding spam, as well as spawning new copies of itself.

This was a few years ago, before most of the Outhouse Exposed mail worms arrived, so the idea of worms sending spams was new and, uhmm, exciting.

How many of the folks out there have been hacked

[ACK!!]

I found the review to be interesting but a bit short in terms of details. The top 75 exploits almost seem worth the price of admission on this book though.

However, this brings up a really good question.

How many of the folks out there in ./ land have really been hacked?

How did you recover?

Re:How many of the folks out there have been hacke

[$$$$$exyGal]

One of my previous companies had been hacked several times. Each of those times, we discovered the remnants of a script kiddie "root kit", and an irc server. At the time, what I did was search the net for the root kit (which was quite easy to find) and learned as much about the kit as I could. Once I did that, it was much easier to shield against further attacks. It was also fun to "bug" the irc server and watch what the idiots were doing ;-).

Re:How many of the folks out there have been hacke

[sporty]

A friend of mine has DSL, using an obsd firewall. He has a bunch of servers behind it. He opened up his firewall to a particular port to some software he installed. They ran an IRC bot that masq's as sshd.

He did a make world to replace the binaries last I heard. I'd've tar'd up the drive to an image, and restore a backup/reinstall.

Re:How many of the folks out there have been hacke

[leviramsey]

It's always your "friend" who gets hax0red, and not you... I see.

Re:How many of the folks out there have been hacke

[bwhaley]

When I was brand new to Linux (Mid '97), I was 0wned by a script kiddie. Here's what happened:

I had a Red Hat 6.0 box running 2.2.12. I was running Apache, Sendmail, wu-ftpd (2.6?) and bind, as well as all the default services that were running on a stock Red Hat box (all the RPC stuff, portmap and such). I was poking around on my system one day and I saw a user that I didn't create. The name was interesting (can't remember exactly what it was) so I decided to check it out. I first shutdown the gateway interface so the user was disconnected (this wasn't a big deal at the very small business that I worked for at the time). I went into his home directory and didn't see anything obvious - at first. After giving it a second glance I saw two directories with the title ... I tried to change to .. and, of course, was changed to the parent directory. After I changed back I did a long directory listing and saw that the directory was actually ".. ". After puzzling over how to get into the directory, rather than up to the parent, I realized I could put quotes around it and I cd'd into it. The contents were very interesting.

The contents were very interesting. There were two items of interest - an eggdrop IRC bot and the code for a wu-ftpd exploit. I knew I had been 0wned and called up a friend who was familiar with Unix. He showed me how to check what services were running. The eggdrop had spawned about 8 processes that were connecting to various IRC networks and were advertising warez/pr0n ftp sites! It was interesting logging into an IRC channel and seeing a bot running off of MY hardware :) I of course killed the bots and removed the eggdrop software. Then I checked out the ftp exploit. This was obviously how the user had gotten into the system. I'm not sure why he uploaded the exploit code to my box. Perhaps so he could 0wn other systems from our server? Probably. In any case, the code was written by a guy known as "wile coyote" (I just googled and couldn't find the exploit). I don't know the details of how the code worked; I think it exploited a SITE EXEC vulnerability. In any case, I saw that the code was written for the version of Wu-FTP that I was running. I e-mailed "wile" and he replied telling me that the code only worked for wu's that were "poorly configured =p". Hehe. I knew I wasn't any good so I just laughed :).

I thought I had cleaned up the mess after I'd removed the user, the exploit, and patched wu. I was wrong. I had been foolish and hadn't run a port scan. After a week or so I saw another user on my system that I wasn't aware of! Same deal as before; running eggdrop code, this time no exploit. I killed the user and asked some local guru's about what to do. One of them introduced me to nmap. After running it (and seeing many, many unessential services wide open), there was a very interesting one: a bash shell exposed to some high port (~50000). I telnetted to the port and I was r00t, just like that. No password authentication or anything (who knows the command to do this?). The guru helped me find where the exploit was. The guy had left a backdoor for himself in /etc/inetd.conf. I had no idea! At this point I decided I couldn't know what else he had done. I decided to redo the system (with a focus on security this time). I learned my lesson and now I know a great deal more about securing a network. I don't run wu-ftp anymore :)

Ben

Re:How many of the folks out there have been hacke

[bwhaley]

For example, kernel 2.2.12 has been released in August 1999. You are saying you ran it in mid '97.

You're right, my mistake. Got the dates confused. It was '99 after all... somehow it seemed further back. I should've taken the time to verify it.

Ben

Re:How many of the folks out there have been hacke

[GigsVT]

No password authentication or anything (who knows the command to do this?)

Put /bin/bash into inetd.

Re:How many of the folks out there have been hacke

[Anonymous Coward]

Why is it that operating systems are always setup "wide open by default" with all kind of crap running. If you ask me it should be the opposite -- there should be NO open ports unless you specifically enable something (and you get a warning message that someone could use it to access your machine).

Re:How many of the folks out there have been hacke

[srvivn21]

Just a quick question...

If you have access to the box, wouldn't running "netstat -lp" be quicker than "nmap"? Unless, of course, the "cracker" has replaced the netstat executable... It would be a place to start though.

Re:How many of the folks out there have been hacke

[bwhaley]

netstat -lp does the job just as well. However, nmap is exponentially more useful in that I can use it to scan other machines on the network as well :)

Re:How many of the folks out there have been hacke

[Annamite]

You, Sir, is a brave man. Many of the people here would not admit it. Your case is an interesting example for not to install everything by default, and an [bad] example in system design that assumes/requires the user need to know it all to have a decent secured system.

Anyhow, Thank you. Thank you for your brave and honesty. We all can learn from hacks like this.

Re:How many of the folks out there have been hacke

[bwhaley]

:) Thanks for your compliments. I am not afraid to admit when I'm wrong, and in this case I was clearly in err. More importantly, I have learned my lesson and I dare say that I will not be taken advantage of so easily in the future.

Re:How many of the folks out there have been hacke

[dr_dank]

I got egg on my face when I took my laptop with shiny new wireless nic to H2K2 [hope.net] last summer. They had a NOC with both wired and 802.11b networks where I met up with some PSU alums.

Within a matter of minutes, my laptops caps/num lock lights flashed and the machine shut down. Turns out that sendmail (which I left on like a dumbass) was overflowed to a root console, where the leet script kiddy typed halt to shut off my laptop.

Wasn't an all-out attack, but a lesson learned. Now I'm much more consciencious about keeping rpms up to date and keeping unnecessary services from running.

Re:How many of the folks out there have been hacke

[dr_canak]

I worked for a small academic department within a large teaching hospital. We had been running Solaris using NFS for file sharing between Win 3.1 clients (With PCNFS client software). At the time, we were migrating to Win95 and it didn't have built in NFS support, and I couldnt get that iteration of Samba to work on our solaris box. I wanted to save money from buying client software for the new Win95 boxes.

Long story short, I had two 486's running RedHat (5.0 I think) with the Solaris NFS shares exported to the RedHat boxes, then those shares exported as SMB shares to the Win boxes. This was my first experience with Redhat, and I had no real background in IS. Our boxes sat behind the hospital firewall, and I didnt think there was a problem with internal hacking. So i basically had the box wide open to internal threats.

I was leaving my job and we were in the process of hiring a new part time IS person for the department. Posted an ad through a local linux users group, and interviewed a potential, qualified candidate. Unfortunately, the candidate was from Canada and not a US citizen. This posed a problem cause my job was funded through the UAW (United AutoWorkers union) and the position had to go to a US citizen. We told this to the candidate and he was not hired.

About 3 weeks later, the hospital was hit with a substatial DOS attack necessitating the entire hospital network being shutdown. When it was traced, it was coming from inside the hospital, and yes, from one of my RedHat boxes. It turned out the hospital IS dept. had left some backdoors in through the firewall. The hacker had used that hole to get access to the hospital network, then finally once in, my unprotected Redhat boxes were prime pickings.

We certainly never could prove anything, but I certainly had my suspicions about the culprit. Fortunately, at a team meeting of dept. heads and and IS people, as they tried to blame our dept, it came out that these backdoors had been purposefully left in the firewall, and IS had held shared responsibility.

It was not pleasant as there were substantial numbers of staff (doctors included) trying to access the hospital network from home who couldn't get in for an entire weekend as the hospital network had to be taken offline.

Re:How many of the folks out there have been hacke

[Anonymous Coward]

One time I had a hacker get into one of the FreeBSD servers where I worked. It wasn't a "crack" though -- he just guessed the password on an account and logged in (at which point I kicked him out and disabled the account). The hacker was some guy from IRC who I was arguing with.

Re:How many of the folks out there have been hacke

[Anonymous Coward]

How many of the folks out there in ./ land have really been hacked?
How did you recover?

A friend of mine had his little desktop server "pwned" by some kiddie.

Scenario: W2k + SP3 (and Windows update) box running IIS default install (IIS had only been installed to serve UT maps at a lan gathering behind a firewall on CABLE, then promptly forgotten about). When done, he stuck his box on a DSL line to act as a GamveVoice server & within 3 weeks it had been ursurped. explorer.exe had been swapped for a custom bloated version (that didn't run so well), their "root kit" contained serv-u ftp and an irc client (mirc i think it was), config information, and 4 complete albums of crappy "rap" zipped up & ready to go.

First clue something was wrong: GV was unuseable i'm guessing due to all the crappy rap zips being served.
Second clue: Norton scanned & found infected files (the kit files).
3rd clue (for the zealots): MS Windows

I discovered the above while performing an autopsy. I checked the HTTP log & there were several attempts to access "../cmd.exe" entries where either the script or person tried to access parent dir's of the virtual's to get at cmd. I grabbed a couple file names out of the kit directory they made (something like c:\winnt\system32\test3\") and googled for information & found a Chinese article that i couldn't read but it came complete with images showing the exact same setup.

To recover, the machine was wiped clean and many services disabled, including IIS of course (with the default virtual dir's removed).

Since he is new to computers and wants to work in the field, it was a great learning lesson for him. Unfortunately, everytime something crashes now, he automatically thinks he's been pwned again and I get a phone call. I don't mind his paranoia but it's the phone call that irks me ;) Slowly but surely, he is being weaned on to google and reliable sources of information.

To RIAA members: your shitty music has been deleted a-la SHIFT-DEL, FDISK, format & overwrite.

Re:How many of the folks out there have been hacke

[shiroi_kami]

I wasn't really hacked but I did accidentally execute a RAT when testing a system. So much for precautions-it took me 3 days to clean up...

Not Much of a Review

[Audity]

If I want a content summary I'll read the blurb on the back or inside cover, usually when I read a review I'm looking for an informed opinion of someone who's actually read the thing.

At least this review isn't fake

[Dragon Dinosaur]

The first editions of all the Chrillo books were absolute crap. I submitted reviews to Amazon saying how bad they were. They went up, and then several days later they dissapeared. I asked Amazon why the y went away and they said because they critisized the author. So I rewrote without those parts, and they went up. Again they dissapeared. This time they told me they received a complaint that my posts were copyrighted and should be removed. Well, since I know for a fact that I wrot ethem myself, I know they were legit. Each time I worte a review, new glorious reviews were spammed in, often cutting and pasting text from other glorious reviews. My negative reviewswere constantly being removed, even when they fit every rule Amazon has.

Clearly Chrillo is keeeping bad reviews out of amazon and probably the other online bookstores, and spamming with hundreds of fake ones. I will never buy his books again, and I'm ashamed of Wiley for publishing second editions. I brought this up to them and they promised to investigate, and I never heard another thing.

I did look at hack attacks rev #2 in the store, and it's still pretty crappy. I can understand the media folks not taking a fine toothed comb to the books, so while I can be sure Carmadara's review was legit, it's still pretty innacurate.

That's a bunch of bullshit

[(1337) God]

Did you actually even read the supposed leaked email?

Let me give you some advice.

Firstly, The Register, as a work of literature, is about on par with supermarket tabloids that write about Madonna consulting with alien lifeforms and Elvis' 400th citing outside a Taco Bell in Modesta, California. It's generally 50% drivel and 50% wrong.

Secondly, if you actually read the supposed leaked NSA email, you'll see things such as European style dates (28-02-2003 instead of the America way of putting the month then date then year). Also, British spellings of works like "recognised" and "organised" just simply aren't used here in America. We use the letter "z" instead of "s" in most cases.

I mean, I realize you're trolling hoping to stir up controversy, but I get a little sick of 24/7/365 anti-American bullshit that I read on every liberal-slanted "news" show, magazine, and website.

Re:That's a bunch of bullshit

[aminorex]

The Observer edited the content to conform to their
British editorial standards.

"Anti-American" is a slur. There are plenty of
conservatives who oppose wars of aggression too.

Re:That's a bunch of bullshit

[(1337) God]

The Observer edited the content to conform to their British editorial standards.

Yeah, you've got that right buddy. You may want to mention that by "edited" you mean "created".

Oh, and since you seem like the kind of guy who wants to know everything, I'll let you in on a little secret: the NSA doesn't even use email. They don't use hard disks. They don't use printers. In fact, you can't even get a radio signal, microwave frequency signal, or anything else to even get through the walls of their offices.

So I sure as hell can guarantee that no emails are getting "mistakenly" sent to British tabloid newspapers.

Get a fucking clue and stop spreading FUD. I hope the CIA takes you out in your sleep.

Re:That's a bunch of bullshit

[bryanthompson]

the NSA doesn't even use email. They don't use hard disks. They don't use printers. In fact, you can't even get a radio signal, microwave frequency signal, or anything else to even get through the walls of their offices.

What do they use then, telepathy?

Re:That's a bunch of bullshit

[Angry White Guy]

If you can think of a better way to exchange long protein chains, I'd like to hear it.

Re:That's a bunch of bullshit

[eyeye]

heh, he poked holes in your silly argument and now you are slapping him with your handbag.

Karma be damned I can't help it.

Re:That's a bunch of bullshit

[alizard]

Firstly, The Register, as a work of literature, is about on par with supermarket tabloids that write about Madonna consulting with alien lifeforms and Elvis' 400th citing outside a Taco Bell in Modesta, California. It's generally 50% drivel and 50% wrong.

And which of your dollies did The Reg step on? Offhand, my guess is that it was deserved.

I prefer them to various US news media outlets that still finds Bill Gates a figure of reverence. ZDnet.

This was a *review*?

[(1337) God]

I'm not sure how a few two-sentence factual paragraphs is considered a book review, but I'll have to let my English teacher know that the the definition of "review" may have changed.

Anyway, that flamebait aside, I'd like to offer up an actual book review that will help you decide whether to buy the book at all. I mean, that's the *point* of a review, isn't it?

Computer security made simpler......, October 15, 2002
Reviewer: Kelly Larsen from Augusta Georgia

I have been teaching Windows 2000 and Unix security for the U.S. Army for 3 years. I am constantly searching for a book that will provide true insight into the hacker mindset and methods. Most books dawdle in the routine and well known hacks and still leave you wanting. "Hack Attacks Revealed, 2nd edition", takes you to the next level. It is the single best security reference book that I've seen.

You rarely find a book that provides indepth coverage of Windows, Unix, and Linux security. Hack Attacks Revealed's information, tutorials, and tools provide you with everything you would need to test and secure a computer system or network. As a bonus, the fully licensed TigerSuite Professional (version 3.5) is included on the accompanying CD. This is an amazing grouping of tools to analyze and test the security of a computer network. In class, I routinely use TigerSuite to demonstrate security shortfalls. My students are so impressed that they immediately ask me where I got it and how can they get it.

"Hack Attacks Revealed" has something for every skill level, whether it is teaching you how to subnet, compile a security tool or walking you through a buffer overflow. The First edition was great and John Chirillo found a way to go it one better.

Re:This was a *review*?

[RedWolves2]

You are so right that review makes the book sound great and quite possibly a worthwhile read.

I think Slashdot is having a slow period with book reviews (they only had two last week.)

great...

[adamruck]

To accommodate the new material, most of the extraneous information, lists, and most source code was moved from the book to the CD-ROM. In addition to the new material, you'll find a special single license release of the internetworking security toolkit, TigerSuite Pro 3.5. This kit contains modules to discover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and more, plus a special 60-page usage and user guide.'

in other news... script kiddies on the rise....

Awesome, I've always wanted to be a script kiddie

[asscroft]

but didn't know how.

annoying title

[carpe_noctem]

If there's two words in the English language that should never follow each other, they would be "Information Superhighway" and "Hack Attack".

Re:annoying title

[MarvinMouse]

Umm...

Information Superhighway and Hack Attack are not 2 words. They are two idioms(IANAEnglishMajor).

But I agree with you fully.

This looks like it should be a Fox Special...

[Anonymous Coward]

When Hackers attack! Brought to you by Tom Arnold, or William Shatner..

Blech.

How is this book not a violation of the DMCA?

[fatwreckfan]

...techniques for routers, operating systems (including Windows 2000/Pro and XP, Solaris, LINUX)...

I'm suprised that this (and other books like it) haven't been beaten down by the DMCA. I would have thought that giving specific information on hacking a Microsoft O/S would piss MS off, and I'm sure that there is at least one example in the book where the hacking involves decryption of some sort. Isn't that bypassing a security measure, and therefore against the DMCA, or does the DMCA only matter when the point of the attack is to duplicate a copyrighted work?

Re:How is this book not a violation of the DMCA?

[adaknight]

The latter. It's the Digital Millenium Copyright Act!!!

The Internet might be fast enought

[spaic]

aside from some rectified errata, is approximately 300 pages of over 170 new exploits

And when the book left the printer that's 300 pages of over 170 old exploits.

http://www.securityfocus.com

Re:The Internet might be fast enought

[L-Train8]

Code Red is an old exploit, and it's still a big problem. Just because the script kiddies have known about it for a long time doesn't mean some newbie sysadmin doesn't need to learn about it too.

Good books you could use instead.

[Hackit Crackit]

I purchased all of the Hack Attacks books when they were in the first edition, and was extreemly dissapointed. The second edition promised to be better and fix all the errors and dependencies on pages of code listings, so I got Hack Attacks Revealed only. This time HAR promised all the Windows and Unix hacks you could shake a stick at.

Well, the windows stuff is pretty lame. It has lots of pages dedicated to it, but mostly describes things that were old before they started compiling (not writing) the book.

The linux part is laughable. Lists of cracks that are worthless on any machine that was installed in the last five years. Does anyone run WU-FTPD from before 1995 now? I don't think so. Why waste the space? Besides, we want to understand how to hack/crack systems, not how to run an outdated exploit. If he took time to teach how an exploit worked, that'd be one thing, but as is this book is really really lame on the unix side. THe windows readers probably don't care, since they'd best be able to be script kiddies anyway.

My recomendations are as follows:

Hacking Linux Exposed [hackinglinuxexposed.com] second edition for all thing Linux/Unix. Can't be beat.

Hacking Windows 2000 Exposed [hackingexposed.com]. Do not get Hacking exposed, it tries to cover everything, and does them all poorly. The Windows 2000 edition is the only one you should get if you need windows information. (Applies to older and XP also in many cases.)

Hack Proofing your Network, edited by Blue Boar. Covers many of the same topics of the two books above, but by different experts. Multiple voices is good...

Any of the SANS books put out by NewRiders [newriders.com], most of which are written in part by Steven Northcutt. Lots of IDS and security titles by that publisher.

And you can't go wrong with Building Internet Firewalls, now out in a second edition.

I'd recommend any of the books above - they are accurate, informaaive, and either up to date or timeless. Any of these is worth 500 copies of Hack Attacks Revealed.

What a load of poopoo!

[Idimmu Xul]

This book is utter pants! I guess if you are having trouble with MS Word you might learn something from it.. but essentially it is just a listing of ports, services, some old outdated exploits and various viruses and trojans, padded out with loads of source code.

The communication protocols section is basic at best, just enough to explain to the layman what is going on

There is no content that couldnt be easily found when googling for 'warez hax0ring viri' or viewing some online university networking notes

Serious waste of money factor here folks, and I really wouldnt post any more of this guys reviews to the front page! He must have clearly got more than just a free copy of this book for his troubles!

For WRITING programs, see http://www.dwheeler.com

[dwheeler]

If you're writing programs that are supposed to be secure, take a peek at my freely-available book: Secure Programming for Linux and Unix HOWTO [dwheeler.com].

Um..

[RedWolves2]

So what is in the source code on the CD? Is there non-compiled code that when complied acts as a trojan horse or something?

This review assumes that we have all read the first book and knew what was on it. This review does nothing to get me excited about possibly purchasing the book. Maybe next time we can get the audience of the book review up to speed as if we never knew that there where previous editions.

Aside from the review though how can a book really be written about how Hacks are done? By the time the book had gotten to press wouldn't the hacks be outdated and new hacks would be out in the wild?

Re:bookpool

[Black Perl]

bookpool $12 cheaper then that b&n link :

Or you could buy it here [amazon.com], with free shipping you break about even with bookpool, and I get 15%! Whaddadeal!

Re:bookpool

[RedWolves2]

Or you can get it here [mediagab.com] and then look around my site MediaGab (Slashdot for Entertainment News). And I get support for continuing my site! Whaddadeal!

I remember the first edition..

[ahrenritter]

I bought it when I was new to Linux and trying to learn a bit about security.

I was looking at the source CD when my virus scanner on my NT box went off. Turns out one of the password cracking utilities he had on the CD was a trojan. ::Shrug:: I threw away the CD and got better books to read.

Re:I remember the first edition..

[ahrenritter]

I can fully appreciate the idea that it might have been a false alarm. With things as shady as rootkits and password crackers though, I would expect the author to only distribute source on his CD. This was just an EXE with no reason for me to trust it.

I didn't throw away the CD because of that one virus alert. It was discarded because it held nothing worthwhile for me.

bottom line: I might very well be an idiot, for more reasons that you list. Thanks. :)

A good reference for newbies and some advanced

[shiroi_kami]

I ordered the book from bookpool to save a few needed pennies. I own all the "Hacking Exposed" books and found this book to offer something as well. I didn't read the first edition but this one contains a great collection of technology briefings, good guides to footprinting and enumeration, good coverage of techniques, respectable coverage of penetration (valiant effort there), thorough coverage of exploits and of course some scripting for the kiddies. Also, yes, the CD by far contains the best collection I've seen of tools and proggies, and most of the source I've tried seems to compile without problem. The book is well edited and I particularly found the "crash course in C" right on the mark. The chapter on the latest hack attacks is like having an abridged CERT, SANS, and SecurityFocus handbook, but the countermeasures could use a bit more detail. Overall the book weighs in at a solid 9ish.

Funny thing...

[skinnydskitzo]

I had this book in my car, sitting on the panel above the backseats near the rear window, when a police officer stopped me. Granted my car was somewhat messy at the time (I was moving so it was full of boxes). The officer stopped me for a brake light, and decided that the book was probable enough cause to search my car. I laughed, said sure and let him go at it (I had nothing to hide). Ignorance, can be quite funny sometimes.

Still using fake reviewers to sell lousy books?

[Helevius]

I wonder if "Bill Camarda" is related to the fictitious "L. Peterson" [amazon.com], who wrote a glowing July 2001 review of the first Hack Attacks Revealed [amazon.com]? (No one named L. Peterson ever worked or does work at the AFCERT.) Excerpts from "L. Peterson's" fake review were published by Wiley in the front cover of Hack Attacks Encyclopedia [amazon.com], much to the Air Force's dismay.

Be wary of positive reviews of these "Hack Attacks" books. Those who rate them highly seem to be:

technically clueless [scmagazine.com]

or

cronies/clones of the author [tigertools.net]

The first edition of HAR supposed solicited 269 Amazon.com reviews [amazon.com]! In contrast, the best-selling "hacking" book of all time is Hacking Exposed [amazon.com], with 51 reviews. Something doesn't add up if you peruse these reviews [amazon.com].

I certainly hope the second edition is better than the first. That would be good for the security community, which is all that matters in the long run.

Helevius

Re:Still using fake reviewers to sell lousy books?

[shiroi_kami]

I didn't see the first edition but I assure you this one is another quality pub from the good folks at Wiley. At least lately most of the Wiley books have been well written.

Re:Still using fake reviewers to sell lousy books?

[Helevius]

Wiley does have some excellent books to their credit:

• Security Engineering [wiley.com]
• Secrets and Lies [wiley.com]
• Building Open Source Network Security Tools: Components and Techniques [wiley.com]
• Troubleshooting Campus Networks: Practical Analysis of Cisco and LAN Protocols [wiley.com]/
• Mastering UNIX Shell Scripting [wiley.com]
• Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network [wiley.com]

I'll believe in the second edition of HAR when I see it.

Helevius

Re:Still using fake reviewers to sell lousy books?

[Saturn O'Reilly]

Like "Dragon Dinasour" above, I had my negative review of Hack Attacks Revealed and Hack Attacks Denied purged from Amazon's lists twice. I suspected something was up, and so I kept track of the reviews for three months. Helevius is right on - someone (and who's the most likely suspect) is spamming Amazon with good reviews and having the bad ones removed. Amazon's goal is to sell books, so they seem to happily remove bad reviews for on reason.

For a bit over two months I tracked the reviews at Amazon (October 3 - Dec 10) and found the following:

• Every time a negative review was posted, three to five 5 star reviews were posted in the next two days. This effectively removed the negative review from the first page of reviews.

• Negative reviews were purged from the list within a week 70% of the time. Another 5% were purged within the following week, and after that messages tended to stay around.

• Positive reviews were also purged, at a rate of 5% the first two weeks, seldom thereafter.

• Any review with 3 or less stars had a purge likelyhood of 95% within the first two weeks.

• On separate occasions there were 5-star reviews that were clearly fake because:
  • The same review was posted on the same day by different names

  • The same review was posted days later by different names

  • Reviews were posted that simply copied the front or back cover text of the book

  • Posts by non-existant people claiming to know Chrillo's computer prowess

• And some that were likely fake but not guarenteed:
  • Posts to HAR and HAD that had the exact same text but changed the book title, even though the two books were very different.

  • Reviewers who gave HAR praise and gave 1 star reviews to multiple HAR competitors using the same text that could have applied to any book, even those not related to security at all.

  • Multiple reviews in one day by different names that all lived in the same city (probably an error in the review-spamming script)

Read that again - 95% of the negative reviews were removed from the Amazon reviews. Can you really trust what's up there now? Do you want to buy a book by an author who astroturfs, rather than taking the time to write something good?

Yes, I have a copy of the Second edition. I read every page. I politely dissagree with anyone in this forum who says some miraculous change has occured. (And I suspect several are Chirllo in disguise.) HAR is still full of errors, repetition, unneeded screen shots, age old hacks, and can't explain what any of these technologies do and how you can use them either as a white or black hat. Go out and buy any other hacking book and you're better off.

And yes, I wrote a well worded review for Amazon, and they took it off the site, no explanation available.

Re:Still using fake reviewers to sell lousy books?

[shiroi_kami]

Sounds like you've gotta give em credit for a "review-spamming script". I've never heard of or seen such a script. I thinks that's rather hilarious (lol). I'd like to see that.

Terrible

[fimbulvetr]

I bought this book saturday, spent $60.
I read it in about 5 hours, and now I think I am dumber.
It uses the first few chapters to remind you of ethernet, OSI, what runs on certain port numbers, etc.
It uses a few middle chapters dedicated to listing older exploits to almost any hardware.
Then it tells you how to use IOS and reset a password on a Cisco router.

I think it mentions one or two things about kevin m, and why most IDS's suck, but it certainly does not fail to mention the included trial of "TigerSoft tookkit".
I swear, by the time you are done with this book, you will want to trash the cd, because it is really the most common phrase in the book.

I learned more from my CCNA from this book, and not one thing about hacking. 1.5 years in the computer field would give you more info than this book.
This is directed towards the mid 40s business owner who cannot afford and IT guy but knows he has to learn something about hacking.