Slashdot Mirror
Hack Attacks Revealed, Second Edition
The first edition instigated quite a bit of controversy with some glaring errata and misconstrued statements, and the author claims to have alleviated them as well as accommodating critiques:
The primary difference between this second edition and the original Hack Attacks Revealed, aside from some rectified errata, is approximately 300 pages of over 170 new exploits, advanced discovery techniques, malicious code coverage of Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II and more, current vulnerabilities, advisories, and hacking labs with additional illustrations, and techniques for routers, operating systems (including Windows 2000/Pro and XP, Solaris, LINUX), and server software daemons. You'll also find a special chapter dedicated to the Top 75 Hack Attacks.This book promises quite a bit in a new edition; let's see what's really in here ...
To accommodate the new material, most of the extraneous information, lists, and most source code was moved from the book to the CD-ROM. In addition to the new material, you'll find a special single license release of the internetworking security toolkit, TigerSuite Pro 3.5. This kit contains modules to discover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and more, plus a special 60-page usage and user guide.'
Okay, there are 914 pages (only about 15 or so with source code this time) and the chapter layout is completely different as the book starts with a Technology section, followed by Discovery, then Penetration, Vulnerabilities, and finally the Toolbox.
The technology section is nicely abridged to about 87 pages. The Discovery part differs greatly in that the source code has been moved to the CD and the author has added more coverage and examples, plus some stealthier techniques and more recent
SNMP, file sharing, DNS, NetBIOS, and CGI stuff. The ports and services sections are still there but I found them to be pretty handy references at any rate. Also, the Penetration section now contains updated material; it's nice to see IDS stuff added in here too.
In addition, the Vulnerabilities section is promising. There's an excellent
chapter in which Chirillo identifies what he considers the top 75 exploits -- examples that have certainly proven to be persistent examples of security weaknesses -- and the newer material especially makes this chapter significant. It contains thorough coverage as well as countermeasures for the listed exploits.
The CD contains some of the same plus full licensed software, an updated repository and all of the source code moved from the original text.
All things considered, Wiley should have waited and released this first; this book pans out to be more of an original than a second edition and well worth the read.
You can purchase Hack Attacks Revealed, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
I'm going to buy this book, so that I can look at the practices and methods being employed, and counter them, in order to keep my clients networks safe, as well as my home network.
To mix a quote from both School House Rock and GI Joe: It's good to learn, cause knowledge is power, and knowing is half the battle.
Doc
We should take care not to make the intellect our god; it has, of course, powerful muscles, but no personality.
If I want a content summary I'll read the blurb on the back or inside cover, usually when I read a review I'm looking for an informed opinion of someone who's actually read the thing.
Security through obscurity might not be good in principle, but in practice it's well-tested and the only way to go
Really? When MIT-students back in the 60-70ies stopped playing with modeltrains and started looking into the new emerging telephone networks, I thought we learned that obscurity is no match for devoted geeks.
last time i checked, those facilities were secure from you and me, but those pesky Russians were quite capable of getting the info they needed.
so your theory is wrong, obscurity is time tested, but fails completely when going against an ENEMY.
because those enemies are willing to spend the time and money.
Why is it that operating systems are always setup "wide open by default" with all kind of crap running. If you ask me it should be the opposite -- there should be NO open ports unless you specifically enable something (and you get a warning message that someone could use it to access your machine).
One time I had a hacker get into one of the FreeBSD servers where I worked. It wasn't a "crack" though -- he just guessed the password on an account and logged in (at which point I kicked him out and disabled the account). The hacker was some guy from IRC who I was arguing with.
How did you recover?
A friend of mine had his little desktop server "pwned" by some kiddie.
Scenario: W2k + SP3 (and Windows update) box running IIS default install (IIS had only been installed to serve UT maps at a lan gathering behind a firewall on CABLE, then promptly forgotten about). When done, he stuck his box on a DSL line to act as a GamveVoice server & within 3 weeks it had been ursurped. explorer.exe had been swapped for a custom bloated version (that didn't run so well), their "root kit" contained serv-u ftp and an irc client (mirc i think it was), config information, and 4 complete albums of crappy "rap" zipped up & ready to go.
First clue something was wrong: GV was unuseable i'm guessing due to all the crappy rap zips being served.
Second clue: Norton scanned & found infected files (the kit files).
3rd clue (for the zealots): MS Windows
I discovered the above while performing an autopsy. I checked the HTTP log & there were several attempts to access "../cmd.exe" entries where either the script or person tried to access parent dir's of the virtual's to get at cmd. I grabbed a couple file names out of the kit directory they made (something like c:\winnt\system32\test3\") and googled for information & found a Chinese article that i couldn't read but it came complete with images showing the exact same setup.
To recover, the machine was wiped clean and many services disabled, including IIS of course (with the default virtual dir's removed).
Since he is new to computers and wants to work in the field, it was a great learning lesson for him. Unfortunately, everytime something crashes now, he automatically thinks he's been pwned again and I get a phone call. I don't mind his paranoia but it's the phone call that irks me ;) Slowly but surely, he is being weaned on to google and reliable sources of information.
To RIAA members: your shitty music has been deleted a-la SHIFT-DEL, FDISK, format & overwrite.
You, Sir, is a brave man. Many of the people here would not admit it. Your case is an interesting example for not to install everything by default, and an [bad] example in system design that assumes/requires the user need to know it all to have a decent secured system.
Anyhow, Thank you. Thank you for your brave and honesty. We all can learn from hacks like this.
Be wary of positive reviews of these "Hack Attacks" books. Those who rate them highly seem to be:
technically clueless
or
cronies/clones of the author
The first edition of HAR supposed solicited 269 Amazon.com reviews! In contrast, the best-selling "hacking" book of all time is Hacking Exposed, with 51 reviews. Something doesn't add up if you peruse these reviews.
I certainly hope the second edition is better than the first. That would be good for the security community, which is all that matters in the long run.
Helevius