Hacking: The Art of Exploitation, 2nd Edition
Ed Schaefer reviews the newest edition of Hacking: The Art of Exploitation.
Members of the Hacking world are known by the color of their hat – white for good, black for bad, and gray for those who aren't too sure. By writing Hacking: The Art of Exploitation, Jon Erickson proves his hat color is "mother of pearl." Don't let the title mislead you: Erickson isn't exploiting or vandalizing – he's instructing.
In 2004, I reviewed the book's first edition. In my reviews, I typically like to compare the differences between editions. Erickson beat me to it. At the publisher's web site, you can compare the first and second editions of the book; view excerpts from the Exploitation, Networking, and Countermeasures chapters; and download the book's source. Erickson also bundles the source in a CD included with the book, but more on that later.
Expanded Concepts Introduction
In my first review, I recommended this book for the programming chapter alone. I can no longer do that because the programming chapter is now an "Expanded introduction to fundamental programming concepts for beginners." But it's like no introduction I've ever seen. In one chapter, Erickson takes us from basic Control Structures to Function Pointers. Think of it as Kernighan and Ritchie in 100 pages.
Erickson covers other introductory topics in a hurry, such as his network sockets description in the Networking section (Chapter 4), and his "Crash Course in Signals" in the Countermeasures section (Chapter 6).
It's not that I don't like the author's introductions – I do. I just want to warn you that the introductions might be above the true beginner's head. This book is code intensive and if you don't have a programming background – preferably in Linux "C" – then this book may be of limited value. If you aren't into hacking Linux, or at least wanting to learn, then this book just might gather dust on your book shelf.
Should You Buy the Book?
Because the programming chapter is now an introduction, I now recommend this book for the Exploitations chapter alone. This chapter covers buffer and function overflows and the format string vulnerability. Buy the book and discover why strings should be formated like this:
and never like this:
What's on the CD?
For readers with no access to a Linux box, Erickson bundles his source with a bootable Ubuntu Linux Live CD. The Live CD requires "an x86-based PC with at least 64MB of system memory and a BIOS that is configured to boot from a CD-ROM." I successfully booted the Live CD with both an IBM T43 laptop and a HP dv9000t laptop.
Paperback, 488 pages
No Starch Press, January, 2008
RE: CDThe publisher has an active torrent over at Mininova: http://www.mininova.org/tor/2533556 We also replace CDs with proof of purchase. Sorry for the late reply!
live CDI want its CD and I dont have any access to it because of my location,
where ca I download it's CD?
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.
Popular desktop environment continues the Gnome 2 legacy – with new support for the Gnome 3 toolkit.
The Obama White House has issued a memorandum telling all US government agencies they must use HTTPS for all websites and web communication.
New program will dial up security for the Firefox browser.
Red Hat's community distro embraces the cloud.
New partnership will bring more and better CS training to US schools
Criminals offer online help over Tor network
Sophisticated malware is still present on Joomla and WordPress sites around the world.
Future versions of Ubuntu's code service will support the popular Git version control system used with Linux and other open source projects.