( 5 reviews )
-
( 2 of 4 found this review helpful ) Posted: Feb 10 2005
John Chirillo has made a career of hacking. As a hacking consultant to Fortune 1000 companies part of his job is to break in to corporate networks to expose their holes and help his clients secure their networks. In Hack Attacks Revealed, he shares his knowledge of how hackers gain the information necessary to break into your systems. The book begins with a basic history and understanding of computer and networking technology. Mr. Chirillo covers the the protocols used and the purpose of the various ports used. The book also provides information on the scanning and network discovery tools used by hackers. (...)
-
( 9 of 9 found this review helpful ) Posted: Sep 23 2004
This book has done nothing to dispell my theory that the information content of a book is often inversely proportional to the number of pages in the book. I'm 200 pages into it and that's as far as I'm going to get. I expected some basic filler/theory in the first few pages, but plowed on in the hopes that the author understood the theory he was presenting and would use it later to explain security exploits. However, I lost all confidence in the book when I reached page 167, where the author demonstrates that he doesn't understand ping and/or DNS. I don't bring this up to nitpick. I bring it up because I think that anybody with pretensions to being a security expert had better know the basics of how the Internet works. How is anybody to make sense of, say, DNS spoofing, without knowing how DNS works? In case it's not obvious, the author confuses and muddles together the actions of resolving a DNS domain name to an IP address, and then using that IP address to send an ICMP echo request to the destination. This may seem like a minor thing, but its not just a typo (he makes the same mistake in three different places on page 167), and security is a confusing enough business without muddled descriptions like these. On a more minor note, I do not see the point in filling page after page with pretty pictures of the GUIs that hackers use at their end. The publishers probably know better than I do what sells today, but I don't understand why they and/or the authors apparently feel that the thicker a book is, the better.
-
( 3 of 3 found this review helpful ) Posted: Jul 21 2004
I was relieved to read that this isn't considered a very useful reference on How to Hack. Certainly Ch. seems at his most enthusiastic, frothiest, even foamiest, in talking about the wonderful world of hacking. Yeah, he repeatedly trots out the line about having to know how to attack to know how to defend, time after time, but ya' gotta' wonder where his heart lies (Okay, even Milton had this problem.) And that certainly is irksome if you, like me, are one of the growing number of people who have reluctantly become 'security amateurs,' and find ourselves reading 900+ page books, due to invasion of our privacy by amateur criminals. Whatever its merits for security professionals, this is probably not the book for you. It assumes too much technical background and doesn't provide sufficient detail on implementing various solutions. True, this may be covered in more detail in his other book, but including that we're talking 1800 pages... Editing would have helped, certainly. The 75 basic hack attacks are a useful overview on just how paranoid you should be, but the basic information about some of them is repeated up to 4 times, sometimes as boilerplate. I have seen a few books more suitable for amateurs, but the truth is that they aren't detailed enough to be helpful. I think that the only real solution to the security problem in the IT industry is to wake up to the fact that caveat emptor, 'professional ethics,' and self-regulation isn't working any better there than in health and safety, restaurant sanitation, the stock market or...well, you work it out. As long as it is only sort of illegal to break into someone's house as long as you use a computer, most geeks will do it. The ISPs aren't taking this seriously because they know people aren't much more likely to stop using e-mail than to stop using the phone, and most companiues were only kidding when they said they were interested in your problems. Once there are some laws with real teeth and real fines and real jail time, those who aspire to the appearance of respectability will go back to their regularly scheduled activities including tale bearing, beating the old lady, bothering the women (men) at work just enough to stay on the right side of the law, bitching about how the old lady (old man) doesn't want to screw, kicking the dog, pulling the wings off flies, and complaining how much better everything was in the good old days.
