Jon Erickson has completed the second edition of his seminal work, Hacking: The Art of Exploitation, adding a significant amount of text to the original work. In doing so, he has created a work that will quickly become a "go-to" guide for anyone wanting to learn hacking, or who wants to understand the hacking mindset.
Erickson starts off with an explanation of terms, differentiating between the idea of "hacking" and the idea of "cracking," and showing how misuse has confused things greatly. I really think that it's important for people to understand the purpose behind hacking; there is a mindset among hackers, a thirst for knowledge, but also a desire to see code written as cleanly as possible. By exploiting sloppily-written code, they point out to programmers how they can make things simpler and more secure at the same time.
Erickson assumes very little prior knowledge in this book. He starts at the beginning, even discussing pseudocode that programmers use to "sketch out" their programming ideas, and progresses quickly to basic C code. It's important to understand how programming works if you're going to try to exploit another programmer's carelessness, after all. Erickson then introduces a simple program, with potential for exploitation. He points out the various exploits that can be used against the program, including buffer overflows, complete with code examples. More importantly, he shows why each exploit works.
That's the real benefit in this book. Other "hacking" books show what to do in a given situation, but Erickson explains what you're trying to accomplish, and shows why the exploits he shows work. This way, readers can develop their own exploits based on situations they encounter, without having to find an existing code to simply copy and paste. This is a learning process – since hacking really starts as a quest for information and knowledge, it's an attractive feature of the book.
Of course, Erickson covers cryptology and countermeasures. Understanding how the hackers are getting in is, after all, designed to help you keep them out.
Hacking includes one thing that really sets it apart from others in the field – the CD-ROM. Erickson doesn't just include hacking tools; he includes a complete hacking environment on a bootable CD, including every bit of code in the book. I actually learned quicker this way – the hands-on examples make more sense if you can play with the code yourself. I could even boot to it on my ancient P-1 laptop.
I'm no hacker, unless you're talking golf. I've known hackers, and have always been impressed with what they can do with technology. After reading this book, I'm still no hacker, but I understand a bit more what fuels them, and how they do some of it. It's almost like reading a book on magic and then watching an illusionist on TV: you may never be able to duplicate their tricks, but you can at least understand a little bit of how they do it. That's what this Hacking did for me, and what it can do for anyone who reads it.Powered by Sidelines