Reviewed by Major Keary
The author of Hacking: The Art of Exploitation
, Jon Erickson, goes to some trouble in defining the term 'hacker'. The four-page introduction stands by itself as a document worth reading by anyone concerned by the current authoritarian climate in which it is "illegal to discuss or provide technology that might be used to bypass industry consumer controls".
Erickson places the origin of 'hacking' in the late 1950s at MIT: "the MIT model railroad club was given a donation of parts, mostly old telephone equipment ... [which was] ... used to ... rig up a complex system that allowed multiple operators to control different parts of the track ... [and they] ... called this new and inventive use of telephone equipment 'hacking'". That account is supported in Byte of May 1983, which says, "Hacker seems to have originated at MIT ... [and] ... now generally connotes someone obsessed with programming and computers but possessing a fair degree of skill and competence".
The first computer-related use of 'hacker' in literature (according to the Oxford English Dictionary) was in 1976: [J. Weizenbaum: Computer and Human Reason] "The compulsive programmer, or hacker as he calls himself, is a superb technician".
The pejoration of 'hacker' was brought about by the press. Why am I not surprised? Leading the way was the (UK) Daily Telegraph of 3 October 1983, which described 'hacker' as "computer jargon for an electronic eavesdropper who by-passes computer security systems".
Some publishers, particularly O'Reilly and No Starch Press, have been proactive in the rehabilitation of 'hack', 'hacking', and 'hacker', terms that often appear in titles such as Hacking: The Art of Exploitation, the second edition of which has just been released.
The art of exploitation requires an understanding of programming, which is addressed in a chapter that provides a concise and remarkably lucid overview-cum-tutorial. It is followed by a chapter on exploitation of flaws and security holes in code; a later chapter, which focuses on shell code, returns to that subject. A chapter on networking introduces the OSI model and discusses network sniffing, denial of service, tcp/ip hijacking, and port scanning. To write protective code one needs to understand the art of exploitation. Having demonstrated that art—exploitation—the author then turns to counter measures. A final chapter covers cryptology.
Extensive use is made of didactic code—including complete programs—with annotations. A companion CD contains a remastered version of Ubuntu configured for programming, debugging, manipulating network traffic, and cracking encryption.
Hacking: The Art of Exploitation is not a guide for novices; readers need to be reasonably familiar with C, assembly language, and shell scripting. It is probably the most detailed, thorough, and lucid coverage of "the fundamental techniques of serious hacking". As a review of the first edition commented, it is a "book that does not just show hoe to use the exploits, but how to develop them".
The live companion CD is Ubuntu-based and contains all the source code and applications used in the book; it has been "preconfigured for programming, debugging, manipulating network traffic, and cracking encryption". The CD is not designed for those who expect an intuitive, user-friendly interface; however, for anyone who wants to create a development environment using Ubuntu it is a veritable Swiss army knife.
Jon Erickson: Hacking: The Art of Exploitation 2/e
ISBN 978-1-59327-144-2
Published by No Starch Press, 472 pp.+ CD, RRP AU$79.95 incl. GST