Rating: 
Summary: really good book
Review: just wanted to say thanks for a really good book. i've learned quite a bit and continue to dig in every chance i get. i'm currently making a tiger box from the specs in the book ;)
Rating: 
Summary: There are better references
Review: Undeniably one of the worst technical books I have ever had the misfortune to read. It is sort of a combination of networking protocalls, coding, server info, and lists of commands. Each of these areas is very separate from each other in reality. The novice user will be unable to use it because he will not understand it; and the pro will not want to read 900 pages of items he mostly already knows. What we're missing here is technique and explanation. I'm not sure what someone would use this book for. I already have reference books for most of these areas, so don't buy this if you are really looking for techniques on how a real hacker does things.
Rating: 
Summary: Hack Attacks Revealed is a big help for me
Review: This book took me some time to get through. I'm not a guru but I'm working my way up, and Hack Attacks Revealed by John Chirillo has been a big help along the way. I really liked the discussion on backdoor Trojans and how they're being transported over the Internet as email attachments and such (Ricky Martin news Trojan-very funny hee hee hee). I also found the port and service exploit details priceless. I've searched the Internet for complete listings with vuln and no luck. Thanx.
Rating:
Summary: Required reading for all in the IT security field !
Review: John starts you off with a basic history of PC security. Then he jumps into the defining the different types of Hacker,crackers, and so on.. I was unaware of the different names they used I just lumped them all in to one Hacker. John then takes you step by step and shows you all the different ports one after another in depth of each one. After reading the first three chapters I went out and bought my entire staff a copy and made it required reading for them. We then broke out the CD that came with Johns book and I was amazed how easy it was to "Crack or Hack into" our own site and into some files that I had passwords. John pulls no punches and puts it all out their. Scary thing is people, All this can be bought at your local book store. Even more scary anyone can get all the tools and then some if they know where to look. John's books will be a help if not a saving grace to alot of people and companys if they read and take heed. Thanks John
Rating:
Summary: you probably do want to buy this book
Review: This book contains 79 pages of networking (from a hacker perspective), 67 pages on ports and services, 30 pages on scanning techniques, 220 pages on hacker's tech handbook, 98 pages on vulnerability penetrations, 70 pages on hacking gateways, routers, and internet servers, 30 pages on hacking operating systems, 36 pages on proxies and firewalls, 36 pages on making your own hacker tiger box, plus appendixes of detrimental ports and services, virii, trojans, crackers, kits, tools, and vendor codes for equipment discovery when sniffing!!!
Rating:
Summary: It's a Script-Kiddie Catalog
Review: This book is great as a catalogue of existing script-kiddie programs out there. If you want a turn-key solution for breaking into systems without having to be burdened with an understanding of how you're really doing it, then this book's for you. On p.517, Chirillo demonstrates a program which exploits a hole in Ascend routers. The screen-grab shows a field for entering an IP address, a button labelled "Send Script", and a text area saying "Penetration Successful!" You aren't bothered with explanations of how the exploit works, other than that it sends a "specially distorted UDP packet to the discard port." If your response to this is "Wow! Cool! Let's get hacking!" then you will *love* this book and rate it 5-stars.On the other hand, if you're asking "Ok, so in what way is it distorted?," then you will be sorely disappointed by this book and rate it 1-star. This book is *not* suitable for competent programmers who are interested in learning the concepts behind how security exploits work, how to discover new holes, and how to write software that takes advantage of them. On p.408, the author gives a step-by-step explanation of how to gain admin access on an NT box by instructing, "Log in as any user on the machine, including the Guest account. Copy the files sechole.exe and admindll.dll [from the CD bundled with the book] onto the hard disk. Execute sechole.exe. Presto! The current nonadmin user belongs to the Windows NT Administrators group." [edited down slightly] There is no discussion of what sechole actually does, just a synopsis saying it works "by exploiting existing Windows NT services" but it doesn't say which services or how. Brief source code listings can be extremely elucidating when combined with a (detailed) discussion of what the code is doing. The book contains lots of long source code listings, but Chorillo doesn't even seem to make an attempt at explaining them. Starting on p.678, he includes 15 pages of source code for an OS/2 exploit. The only commentary is "Synopsis: Defense perimeter tunnel attack through firewall and/or proxy. Hack State: Security perimeter bypass for unauthorized access." One might argue that you can learn a fair amount just by reading through those pages, but simply providing source code for the user to read is a horrible practice that is worse the useless. Not only is it a waste of paper (you can just as easily read the source code off the CD) but it can lead to confusion because source code frequently gets corrupted when typeset in a book, and Hack Attacks is a strong example of that problem. Even if one were willing to sift through uncommented code without benefit of the author's insight, several code listings include unexplained magic numbers and precompiled machine language (in the form of "\xFF" literals). On p.619, one such program does some non-intuitive manipulations of data at a hardcoded address. Then machine language is printed out. The corresponding assembly is not listed, let alone explained. Summary: This book is no different than one that claims to teach you to become a programming guru by instructing you to insert the accompanying CD and typing in `make'. "Presto! You've now written an advanced, highly optimized database!"
Rating:
Summary: Thank you
Review: Thank you for writing a great set of security books. I am finding that through my DSL line my home network is being snooped all the time. With your books I can secure it myself.
Rating:
Summary: Hack Attacks is Excellent!
Review: As a complete tyro to the world of computer security, I was pleased to find a book that could explain everything in detail from start to finish. The Cd-rom included with the book only makes it that much more of a great bargain.
Rating:
Summary: Another satisfied customer
Review: I just want to say thanks to John Chirillo and Wiley & Sons for a great book. Finally a hacking book in plain 'ol long-lived english!
Rating: 
Summary: You probably don't want to buy this book.
Review: The title "Hack Attacks Revealed" suggests a list of real life hacks and with an explanation how they were done. That's not what the book is about. John Chirillo spends 76 pages on networking, 41 pages on vendor codes in MAC addresses, 38 pages on port numbers, 38 pages on DOS commands. You can see how he can fill 944 pages without needing to go deep into the subject. If you don't know anything about networking and security and you would like to learn about it and you think hacking is "cool", well, then this would be an exciting book for you.
|
