Slashdot Mirror
Linux Most Attacked Server?
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
I must say I am thoroughly disappointed with this book. The book's description, as well as other readers' comments led me to believe that this book would have been more than just a compilation of information that could be freely obtained at the dozens of security related web sites. Sadly, this was not the case.
The bulk of the book merely describes (mostly outdated) common
attacks/vulnerabilities, without getting into much detail why they exist and the underlying explanations on how they are exploited. As such the book reads like "For Vulnerability X, Install patch Y" without getting into more detail. Heck, even Microsoft's Security Bulletins give more info that this!
Many of the "75 Top Hack Attacks" that the book promises can be freely found online (check CERT's site).
The general impression I get from reading this book is that the author tried his best to fill up space in order to deliver an impressively thick book. Was it a requirement that he include SCREENSHOTS of various hacking tools/trojans, including step-by-step INSTALL SCREENSHOTS for the included TigerSuite software? (If you don't know how to install software then you need to develop more skills before learning about hacking!). Did he HAVE to include the useless 10 year old 'how to build a modem filter' BBS textfile (which by the way doesn't filter noise on modern modems)? Did the publisher mandate that he include 9 PAGES of Decimal-to-Hex conversion tables when you could use, say, Windows Calculator to do any needed conversions?
Another thing I disliked was that Windows XP as well as Wireless networks (802.11/WEP were glossed over) were not really covered in the sort of detail that I desired.
And, although I appreciate that a basic understanding of the x86 instruction set is required for better understanding low level security issues, I really don't see the point to Chapter 13's discussion on programming "How to Draw Circles in DOS mode" using the VESA bios interface. This is, in my opinion, not relevant considering the book's topic, so why include it? (A better choice would be explaining how the stack is used in high level languages (C, C++) and how buffer overrun hacks work). If you want to learn C, Assembly, or graphics programming buy a book dedicated to these topics. I think it's safe to say that the average reader will NOT become a programmer after reading the "Crash course in C" - it's an unreaslistic expectation.
And to top it all off, the final insult to readers is the interruption of the author's hacking experience "Intuitive Intermission" with the phrase "... to be continued in: Hack Attacks Denied, 2nd Edition". I guess both the author and publisher want you to buy both books!
My chief complaint with the book is that it doesn't seem to know who the reader is. In some areas the author gets down-and-dirty technical (x86 assembly/C programming) while in others he doesn't really explain details or just mentions things in passing (case in point: nowhere does he explain workings of a typical buffer overrun exploit, etc). Also, the author really does not give advice on how to secure or harden systems, aside from "install the update patch". For a book whose focus is security/hacking that's a pretty fatal flaw.
Like I said earlier, this book really seems to me like the author just threw any material that he could find that was remotely related to hacking and presto, one hacking book ready to ship!
If you are new to either the computer or security-related fields then perhaps this book may be of some value to you. If you are not an absolute beginner and know how to search the web, then I'd say that you probably don't need this book. Even if you do buy this book, it, like
A programmer is a machine for converting coffee into code.
hi
But since we all know that *BSD is dying, we soon will all get 0wN3d!
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
...make it Shanghai Noon!
'On-line servers' would tend to skew away from windows.
What has this to do with anything? And are you the author of the review posted here?
One should mention, when he posted that it said "a story at the BBC."
I live in a giant bucket.
thanks for the support. the mods are trying to kill that post off, so I will retreat back into lurking around in anonymous mode to preserve my excellent karma.
The story on the frontpage started out with "Anonymous guy who can't remember his login sent in a story from the BBC that says..." then after clicking the Read More link it read "Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says..."
The polls are acting weird too.
Somethings up with the caching at planet slash methinks.
Word Up!
I must say this is one of the most insightful comments I've ever seen on /.
Wish I had mod points.
The possessive form of "it" is "its", not "it's".
MODS: MOD THIS DOWN, contains offensive text (Score:-1)
i can't hear you!
Re:MODS: MOD THI... (Score:-1, Offtopic) Damn, you son of a bitch, now they can't hear ME!