Hacking: The Art of Exploitation, 2nd Edition
Ed Schaefer reviews the newest edition of Hacking: The Art of Exploitation.
Members of the Hacking world are known by the color of their hat – white for good, black for bad, and gray for those who aren't too sure. By writing Hacking: The Art of Exploitation, Jon Erickson proves his hat color is "mother of pearl." Don't let the title mislead you: Erickson isn't exploiting or vandalizing – he's instructing.
In 2004, I reviewed the book's first edition. In my reviews, I typically like to compare the differences between editions. Erickson beat me to it. At the publisher's web site, you can compare the first and second editions of the book; view excerpts from the Exploitation, Networking, and Countermeasures chapters; and download the book's source. Erickson also bundles the source in a CD included with the book, but more on that later.
Expanded Concepts Introduction
In my first review, I recommended this book for the programming chapter alone. I can no longer do that because the programming chapter is now an "Expanded introduction to fundamental programming concepts for beginners." But it's like no introduction I've ever seen. In one chapter, Erickson takes us from basic Control Structures to Function Pointers. Think of it as Kernighan and Ritchie in 100 pages.
Erickson covers other introductory topics in a hurry, such as his network sockets description in the Networking section (Chapter 4), and his "Crash Course in Signals" in the Countermeasures section (Chapter 6).
It's not that I don't like the author's introductions – I do. I just want to warn you that the introductions might be above the true beginner's head. This book is code intensive and if you don't have a programming background – preferably in Linux "C" – then this book may be of limited value. If you aren't into hacking Linux, or at least wanting to learn, then this book just might gather dust on your book shelf.
Should You Buy the Book?
Because the programming chapter is now an introduction, I now recommend this book for the Exploitations chapter alone. This chapter covers buffer and function overflows and the format string vulnerability. Buy the book and discover why strings should be formated like this:
and never like this:
What's on the CD?
For readers with no access to a Linux box, Erickson bundles his source with a bootable Ubuntu Linux Live CD. The Live CD requires "an x86-based PC with at least 64MB of system memory and a BIOS that is configured to boot from a CD-ROM." I successfully booted the Live CD with both an IBM T43 laptop and a HP dv9000t laptop.
Paperback, 488 pages
No Starch Press, January, 2008
RE: CDThe publisher has an active torrent over at Mininova: http://www.mininova.org/tor/2533556 We also replace CDs with proof of purchase. Sorry for the late reply!
live CDI want its CD and I dont have any access to it because of my location,
where ca I download it's CD?
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm