LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Review: Hacking: The Art of Exploitation, Second Edition Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Book Reviews If you've ever wondered what a "buffer overflow" was, or how a "denial of service" attack works beyond just a basic understanding, then there is no better book that will help you to delve into the nitty-gritty than Hacking: The Art of Exploitation, Second Edition, by Jon Erickson.

Title: Review: Hacking: The Art of Exploitation
Author: Jon Erickson
ISBN: ISBN-10: 1-59327-144-1
ISBN-13: 978-1-59327-144-2
Reviewer: Dave Wreski <dwreski@guardiandigital.com>
Review Score: 4.8 of 5 Penguins
Publisher: No Starch Press
Sample Chapter: (Exploitation)

Hacking provides the understanding necessary to avoid programming mistakes that may lead to serious security compromise of your online applications. It describes the common methods, design, testing, and experience that should be used to start out developing your applications securely.

Erickson has done an incredible job in this book, providing all the information necessary to get started, including a full CD-ROM with a bootable Linux distribution that can be used to get hacking immediately.

Not only does this book show the security-conscious developer how to prevent his own applications from being compromised in real business situations, but it also will make organizations accountable for compromises that are avoidable as a result of information provided by Erickson.

Erickson has compiled a timeless reference that uses all of today's latest tools, including common GNU programming applications like nm, gdb and gcc, as well as leading open source applications like nmap, iptables, and dsniff.

There is always someone more knowledgeable than you, and utilizing the tools and techniques described by Erickson is critical to verifying the integrity of your network as best as possible, using the same tools and techniques the blackhats use against you.

It's not a beginner's book, but at the same time, Erickson provides a great deal of background information to enable the fast-learner and experienced sysadmin to get started immediately. If you remember your C and assembly programming from college, or have a foundation in common application and network programming, then this book should appeal to you.

The earliest recollection I have with security exploits is from the online article entitled, Smashing the Stack for Fun and Profit by Aleph1, a noted hacker that outlined methods for disrupting the functions of a program and gaining unprivileged access in Phrack Magazine in 1999 by writing past the end of an array.

Hacking: The Art of Exploitation describes real exploits from a programming perspective, not just a cursory description. It starts with more than a hundred pages describing the fundamental characteristics necessary to understand the exploits, such as format strings, pointers, and file streams.

It then moves on to real exploits, showing exactly how to overflow function pointers to gain root access, using simple techniques to gain escalated privileges by simply having a shell account on a server, and a full web server implementation provided in source that is used as an example for security exploit testing.

The networking chapter contains nearly a hundred pages of sample attacks, described in a format that's easy to understand and follow, and provides background on some of the historical vulnerabilities such as the SYN flood and Ping of Death, long ago addressed with TCP/IP networking updates by all vendors, but still a great way to learn about how it all works.

A solid understanding of port scanning, "spoofing", and TCP/IP hijacking is outlined in very low-level detail by the end of Chapter 0x400, and also includes stepping through an attack using gdb, the GNU debugger. Assembly language detail, and using gdb to determine exactly where the best point on a stack would be to overwrite the return address, is shown through every step and is very easy to follow. Understanding this information is not only critical for a programmer and administrator, but also absolutely necessary for anyone that has a network in a production environment.

It's clear from the chapter on cryptography that Erickson is an experienced cryptologist. Chapter Seven outlines the common encryption methods, such as one-time pads, quantum key, and of course symmetric and asymmetric encryption, including the DES, blowfish, and AES block ciphers.

A great discussion of RSA public key encryption is outlined, and a description of the "man-in-the-middle" attack is explained, and how it can be used to exploit a secure shell (SSH) channel using the mitm-ssh package available on the CD-ROM included with the book. Erickson unwraps the attack for the reader in meticulous detail -- starting with the simple SSH connections between the two hosts, all the way through understanding the individual fingerprints that each host creates, and how to use the ffp program to generate spoof fingerprints.

Password cracking is also a necessary process in maintaining the security of a network. Hacking provides a great basis for using john, the password cracking program developed by Solar Designer more than ten years ago, and used worldwide to stress-test the passwords of users on Windows and Unix machines. Erickson describes a brute-force password attack, a password vulnerability matrix, and sample code that uses a password probability matrix to generate the cracked passwords for every possible four-character password!

If you have a desire to improve the security of your network, have heard of Schneier's "Applied Cryptography" but are too intimidated by it all to get involved, or you are an avid Linux network programmer and need a reference on learning how to program securely, then there is currently no better source to get started. I would really like to see more information on different architecture, such as specific x86_64 info and how that affects these vulnerabilities, as well as some of the stack and network mechanisms that are designed to specifically thwart such attacks such as buffer overflows and using iptables to block distributed denial of service attacks as best as possible. New technologies, such as SELinux and ExecShield, should also be included, as security is always measured in layers, and preventing access to memory that is both executable and writable at the same time is a good way to do that.

Kudos to Jon Erickson for detailing just how involved and complex of a topic network security is in a method that greatly lowers the barrier to getting started.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.