Hackers Beware
by Eric Cole
New Riders 2002. ISBN 0-7357-1009-0. 778 pages.
$45.00. Index, appendix (references)
Reviewed by Robert Bruen November 11, 2002
As the world of security continues to move forward with improvements in exploits, both in types and implementation, pushing the defenders to improve in lock-step, the need for new books rises along the same wave. However, the new books must have something to offer, such as new material and better presentation. Rehashes of the same old stuff is no longer good enough. Security is an ever broadening, ever deepening discipline which is still seeking more theoretical work and a more organizational work for known information. There are a fair number of books available which deal with defending against hackers and crackers, so new books have to demonstrate quality to distinguish themselves.along with new features.
Hackers Beware is a quality book, shown mainly in the depth of treatment of the topics, although most exploits are described only. The amount of code is quite limited, but the description of something like Knark (Linux Kernel rootkit from last year) gives you enough information to use on a search engine to find more details or even the code. Since many exploits are described one can make intelligent decisions about what approach might be the most appropriate for particular goals. At the same time, defenders will learn about the myriad approaches which can (and will) be taken to attack systems. The better hacker/anti-hacker books provide enough background details as to why attacks work. Gaining an understanding of the how, why and what of exploits is critical, if the various operating systems and applications are to be hardened enough to withstand the relentless assaults. It is not unlike people shoring up dams and levies against a rising river in real time. If the dam was built to handle high enough flood levels in the first place, there would be no need to scramble. Unlike rivers that eventually recede to normal levels, exploits and attacks will only get worse.
Trying to keep up is an ongoing problem for systems people. At least some of those who are good at this game are trying to communicate what they know in a way that is useful. Cole covers operating system specific problems with Unix and Windows, as well as looking at the broader network problems and web site weakness, as well common problems such as buffer overflows. The Windows information is confined to NT, but since NT underlies 2000 and XP, this is not so bad.
The amount of exploit software is overwhelming, so it helps to have a number of resources for names and documentation for them. This book is one of the resources. I recommend this book because of its quality and it contains newer information than the last few I have read. Naturally, the next one I read will contain even newer information, but for now, this is worth the read.