Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security

Submission + - Hacking: The Art of Exploitation 1

David Martinjak writes: "Hacking: The Art of Exploitation is authored by Jon Erickson, published by No Starch Press, and is an anticipated second edition of Erickson's earlier publication with the same title. I can't think of a way to summarize it without being over-dramatic, so it will just be said: I really liked this book.

The book, which will be referred to as simply Hacking, starts by introducing the author's description of hacking. Erickson takes a great approach by admitting that the common perception of hacking is rather negative, and unfortunately accurate in some cases. However, he smoothly counters this antagonistic misunderstanding by presenting a simple arithmetic problem. A bit of creativity is needed to arrive at the correct solution, but creativity and problem-solving are two integral aspects of hacking, at least to Erickson. The introduction chapter sets an acceptable tone and proper frame of mind for proceeding with the technical material.

Chapter 2 enters the subject of programming. The first few sections in the chapter may feel a bit slow to readers who have been coding for any legitimate length of time. Erickson explains some fundamental, yet essential, concepts of programming before finally moving into some actual code. Some readers may choose to skip these few pages, but they are necessary for brave new adventurers in the dark realm of development. The remainder of the chapter certainly compensates for any perceived slow-start. Each of the remaining sections presents a sufficient quantity of technical information, accompanied by descriptive, yet straightforward explanations.

I don't mean to disrupt the chronological progression of the book review, but it is important to highlight the excellence of the explanations provided in Hacking. Throughout the book, the writing provides adequate details and the content is to the point. Many sources on exploit techniques supply sparse information, or are too wordy and often miss the relevant and important concepts. Erickson does a phenomenal job in Hacking of explaining each subject in just the right manner.

The third chapter is the staple of the book. This chapter covers buffer overflows in both the stack and the heap, demonstrates a few different ways that bash can aid in successfully exploiting a process, and provides an essentially all-encompassing elaboration of format string vulnerabilities and exploits. As I said, this is the main portion of the book so I don't want to give away too much material here. Undoubtedly, though, this chapter has the best explanation of format string attacks that I have ever read. The explanations in Chapter 3, like the rest of the book, are of substantial value.

Chapter 4 focuses on a range of network-related subjects. At first I wondered why the chapter starts with rather basic concepts like the OSI model, sockets, etc. Then I realized it was consistent with the earlier chapters. Hacking presents some core concepts, then moves on to utilizing them in exploits. In this case, these specific concepts and techniques just hadn't been covered yet. The exploit toward the end of this chapter includes some of the concepts in the previous chapter, which also helps to cement the reader's understanding.

I will mention two main shortcomings. First, the material in the "Denial of Service" section of the Networking chapter was unnecessary for this book. Attacks like the Ping of Death, and smurfing were interesting developments when they were first discovered, and effective on a large scale. Now in 2008, almost all of the items in the "Denial of Service" section are either outdated or have been covered to an excessive extent. Rather than denial of service, I would have preferred to see a section on integer attacks. This would have fit perfectly with the book's theme as there are several issues surrounding numeric types in C of which many programmers are unaware. Considering the fact that the book is about hacking and much of the code is in C; integer attacks seem like a natural component to include. The second pitfall in this review is through a fault of my own. I cannot compare this second edition of Hacking with its original, first edition release as I unfortunately do not own the first edition.

Hacking finishes out the second half of the book with chapters on shellcode, countermeasures, and cryptology. The chapter on cryptology is especially interesting as it contains a good mix of information without being too hardcore on the mathematics involved. There are plenty of gems in the shellcode and countermeasures chapters, as well. Specifically, Erickson does a stellar job of explaining return-(in)to-libc attacks, and dealing with the address space layout randomization in Linux. He covers the exploit technique for linux-gate.so in a randomized memory space before it was fixed in 2.6.18, then proceeds to demonstrate a different technique for successful exploitation on kernels at 2.6.18 and later.

Undeniably, Hacking: The Art of Exploitation is one of the quintessential books for its subject. A book this good is a rare find, and certainly worth the read for any individual interested in security.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com."
Television

Submission + - Why Americans don't buy DVD players that record. (news.com) 1

Ant writes: "CNET News.com reports that recording DVD players have been popular in Europe and Asia, but have fallen flat in the United States (U.S.). Most companies don't even bother to put much effort into marketing them in this country... ... Cable television (TV) penetration is far higher in the States than Asia or Europe. With cable, the same show can appear on a channel several times. In Europe and Japan, viewers need to grab it when you can. "The non-recording DVD player is quite popular in this country (the U.S.), but they are not popular in Japan at all... Here, you use them for the rentals. In Japan, they use it for recording." TiVo also took off more rapidly in the States and elsewhere. TiVo, he added, is also one of the reasons selling TVs with embedded hard drives in the States remains a challenge. Selling these on the other two continents is far easier. Consumers interested in digital video recorders (a) already own one or (b) have more options on how to put one in their living room. Of course, the recording debate doesn't apply to video cameras. Americans are shifting from tape to disc and hard drive camcorders..."
The Courts

Submission + - Type host -l, pay $50,000+ and perhaps go to jail (spamsuite.com) 1

Joe Wagner writes: "In a written judgment that has only become public today, anti-spammer David Ritz has lost the SLAPP lawsuit filed by Jerry Reynolds filed for running "unauthorized" DNS lookups on their servers. Knowing "commands are not commonly known to the average computer user" can get you into serious peril in some judges' court rooms.

I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.

Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.

Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:

Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.
The port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay — i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.

Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act.

There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand."

Microsoft

Submission + - Has Microsoft Learned Anything from Vista Failure? (osweekly.com)

abudd writes: "With Windows 7 on its way, has Microsoft learned anything from its mishaps with Vista? According to this article, "I'm a former Windows user and despite me being appalled at Vista being called "ready for prime time," I believe that considering the painfully obvious lessons on compatibility Microsoft had to learn with Vista, it's quite possible that Windows 7 may indeed be a solid OS release. If indeed, Microsoft does decide to start over completely (MinWin anyone?) and this time, make sure that both hardware and software compatibility are running well out of the box, there is no question that MS can save face with a well thought out Windows 7 release."
Music

Submission + - Vista's changes rob Creative of PC audio crown 4

Dr. Damage writes: Creative has ruled PC sound almost since the beginning, but Vista's new audio layer changes the game by essentially killing off 3D positional audio acceleration. The Tech Report has reviewed a pair of post-Vista sound cards, with surprising results. Motherboard maker Asus saw the opening and created perhaps the best consumer-level sound card yet, the Xonar D2X, with quality components, an EMI shield, color-illuminated ports, the best objective measurements and subjective listening test scores we've ever seen, and (finally!) a PCI Express x1 connector. Could the Sound Blaster era finally be over?
Google

Submission + - Google bans Incredimail from using AdSense 3

An anonymous reader writes: Web search giant google has decided to stop giving adsense services to software company Incredimail. This has resulted in Incredimail's shares going down more than 45 percent. For those who don't know, Incredimail is a company which based it's revenue on a rich mail client which allows it's users to embed messages with animations. More info can be read here
Windows

Submission + - InfoWorld's Save Windows XP campaign is under way (infoworld.com)

tsamsoniw writes: "Microsoft plans to end most sales of Windows XP on June 30, despite a deep reluctance by many business and individuals about moving to Vista. InfoWorld believes such an expensive, time-consuming, wasteful shift — with questionable benefits — should not be forced on Windows users. Thus IW editors have launched a Save Windows XP campaign in the hopes of rallying XP users to demand that the OS be kept available."
Windows

Journal Journal: First Details of Windows 7 Emerge 615

Some small but significant details of the next major release of Windows have emerged via a presentation at the University of Illinois by Microsoft engineer Eric Traut. His presentation focuses on an internal project called "MinWin"; designed to optimise the Windows kernel to a minimum footprint, and for which will be the basis for the Windows 7 kernel.
Censorship

Submission + - Law firm claims copyright on viewing HTML source 2

An anonymous reader writes: A law firm with all sorts of interesting views on copyrights has decided to go the extra mile. As reported on Tech Dirt, they've decided that viewing the HTML source of their site is a violation of copyright. Poorly timed April Fools joke, or just some fancy lawyering?

Slashdot Top Deals

Wernher von Braun settled for a V-2 when he coulda had a V-8.

Working...