Stuart McClure | Joel Scambray | George Kurtz
1 Worst Book Ever
Thank God I DID NOT BUY this book. I took 30 minutes to read this book at a bookstore and if you are interested in learning how to hack, then this book is not for you. This book DOES NOT SHOW YOU HOW TO HACK, it's just another ordinary book which shows you how to PREVENT a hacker from attacking your computer/network. Very disappointing. Even the information in this book that shows you how to prevent a hacker attack can be found online easily. This book is definatly not worth it.
2 Great hacking book.....
The book touches almost every corner of hacking . As a developer i have got great knowledge from this book.. Authors have done superb job in explaining the hacking stuffs...
Morever in my real life ....through this book ... i came to know how to find trust relationships ...in our day to day world. I mean i came to know whom to trust and whom not to .
Special thanks to author for making such a great book..!
3 THE Guide to Hacking Exploits and Defense
George Kurtz, Stuart McClure and Joel Scambray have been a staple of my Information Security library since the first Hacking Exposed book.
Things change quickly in the security world and the authors of Hacking Exposed-4th Edition have done a tremendous job at taking a great thing and making it better by updating it with new attacks and countermeasures.
There are a handful of books that should be "must-reads" for anyone responsible for computer or network security and this is one of them.
Knowing the tools and techniques used to gather information on and infiltrate your network, accompanied by countermeasures that work to thwart those attacks is invaluable information in the fight to protect your network.
Buy this book.
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).
4 Not too shabby.
The author does a really nice job talking about network hacks. He sounds like he still hacks into networks on the side since the book contains so much information. The book is not exhaustive (no book can be about this subject) but covers the most important topics about hacking and security. If you want a good introduction with _some_ depth to it this is the book. It's good book to start with if you haven't read anything else. It's a fun read with some good points. After this, you'll want to buy other security books that go into a specific area with a lot of depth to it. Maybe you could go into the specific Hacking Exposed books on Windows or Linux, etc. Definitely should be part of your library.
5 Hack Attack Primer
Not a hacking how to per se but more like a really good resource for securing your network. Some people object to titles like this one because they naively and mistakenly believe it helps the bad guys. But in reality, without knowing black hat techniques there is no possible way that you can secure your network. Period. The authors do an outstand job of walking the uninformed reader through the process of the hack from initial surveillance up to and including the attack. Highly recommend this book if you have even a slight interest in learning the how's of hacking.
6 Depends on what you want
This book covers a lot of ground. More than most books. But if you think you can learn to hack or do penetration testing with this book, forget it. I also don't like the fact that the book overlaps so much with the other book I have - Win2k hacking exposed. Many sections are verbatum lifted. I won't be buying the fifth edition but recommend it to newbies.
7 Save Your Money
I have plenty of experience with computers and have been hacking since the term Hacker wasn't a dirty word. Anyway, a friend of mine that is very interested in Hacking purchased this book and a few other titles from these authors. He showed me the books and asked me to give him my opinion of them. As I was looking thru these books I started to laugh and told my friend to get his money back. I was shocked to see that all the info in these books can be obtained just by doing a search on SecurityFocus and Google and most of the info in this and the other books where outdated exploits that have been patched already. The IT industry moves at the speed of light and the most important aspect when it comes to securing your networks is having the newest attack and exploit information, which no book can ever provide... including this lousy book that is nothing but a compilation of what can be found for free online. Don't waste your money! I wish I could give this book zero stars.
8 RUBBISH
A lot of twaddle - worst book on the subject - no secrets, out of date solutions - a complete waste of time and money
9 BAD BOOK
This book will not enhance your knowledge of computer security.
10 Fun and educational
I had so much fun hacking my own servers, and exploiting all the lesser known security flaws. I highly recommend this book even for the experienced administrator.
11 what, are you kidding me?
no, i didn't buy this crap, i got a free copy at the blackhat conference in vegas, and left it there in my hotel room. every book like this is a joke, the sad thing is the guys who write this crap are actually getting a lot of money writing. it's an old, tired, subject and the author has no clue, just tries to cram it with useless "hacking" info. my friend had the source code to one of his exploits published in one of these books, it was easy for them to do since they didn't have this real name.. but why do they include exploits in the actual book? they don't explain them, and they are just printed on the pages... anyone who would buy the dumb book sure isn't gonna be able to understand.. what are people supposed to do? type it up in ms word? if you're reading the reviews to this book for any purpose other than to laugh, i pity you.
12 Lots of good, organized information
There are a lot of `hacking' books out there, but none better than Hacking Exposed.
The information is organized and to the point.
Read this and you will be a better systems administrator for it.
13 What more can you say!
Most comprehensive information on Hacking that you can find in a single book.
Newly added chapter on Wireless Lan was extremely informative.
14 Still the best book for vulnerability assessors
It's been nearly two years since I reviewed "Hacking Exposed: 3rd Ed" (HE:3E). Since then I've joined Foundstone and contributed the case study on pages 2-7 in "Hacking Exposed: 4th Ed" (HE:4E), on a non-royalty basis. Since my review could still be seen as being biased, I'll mainly discuss changes between HE:3E and HE:4E.
The most noticeable change is the reorganization of the Windows-specific chapters. HE:3E had one 25 page chapter on 9x/ME/XP and two chapters with 172 pages on NT and 2000. HE:4E offers one 22 page chapter on 9x/ME and one 66 page chapter on the "NT family." The authors wisely direct readers to "Hacking Exposed: Windows 2000" and "Hacking Exposed: Web Applications" for more in-depth discussions of attacking Windows. The material in HE:4E is still sufficient to compromise Windows boxes without having to open HE:W2K or HE:WA. This decision allowed HE:4E to grow by only 2 pages since HE:3E. (I criticized HE:3E with a four star review for including too much material best left in topic-specific HE editions.) Pruning the Windows material allows room for a stand-alone wireless hacking chapter in the nitty-gritty HE style, as well as other improvements.
Another major addition to HE:4E is a completely rewritten enumeration chapter. While HE:3E compartmentalized techniques by operating system (Windows, Novell, UNIX), HE:4E offers port-based techniques. For example, if port 179 is open, try BGP-based queries. If port 524 is open or IPX is in use, try Novell attacks. This approach reflects the methods used by assessors who find listening services, and can't be sure what OS is present. The chapter on network devices (ch 9) offers exceptionally devious hacking tricks, such as performing a T-1 "man-in-the-middle" attack.
HE:3E represents a significant upgrade from HE:3E, with nearly two years between the two books. I wasn't happy with the changes between HE:2E and HE:3E, as both were published in 2001. I would like to see HE:5E add a single chapter on attacking Cisco routers, with discussions of the overflows, tunnels, and remote sniffing pioneered by Phenoelit's FX. A chapter on attacking embedded devices and PDAs would be helpful. I recommend following the lead of frequently-updated hardware books like Scott Mueller's "Upgrading and Repairing PCs": print the latest and greatest, and archive the rest to CD-ROM. I think the chapters on Win 9x/ME and Novell could make way for more exciting discussions in HE:5E. Along with Ed Skoudis' "Counter Hack," HE:4E is one of the books I recommend as absolutely essential reading for all security professionals.
15 Great Book!
I'm not gonna say much about this one - except what they say works. I guarantee it.
16 no more solving dirty work blindly
I have read many books about network security, but none had put it so easy to actually test the knowledge gain from my reading.
I would recommend this book to any tech guy entrusted with the security of any network of any site. get as well hacker challenge
17 Total ... ...
I've owned this book for about 10 minutes now. I can honestly say that everything that they put in versions 1-3 could have been sumerised MUCH better than the [stuff] that they put in here. If you want better info might I suggest that you do a little bit of google searching for vulnerabilities. You'll get more up to date information, and save yourself [$$$]. I am so [mad] that they could have [put] out such a [bad] peice of literature. You're basically buying the video CD, which ... . The SQL section alone is about 8 months old, and any ISO should know this info already. If you're just starting out, I suggest the 3rd edition. More detailed, and less ... . I hate that I had to write such a bad review of such and anticipated book, but I feel I was forced to.
18 As good as the previous HE books
"Hacking Exposed" series grew from a relative unknown to one of the most famous information security books of all times. The interesting part about it is that its reputation is largely deserved.
The fourth edition presents an incremental improvement over the previous ones. Considering that the previous books were great, it is no mean feat! Its is a pity that the book lacks "What's New" section, which would be useful for those familiar with the series.
As usual, the book offers balanced platform coverage (UNIX, Windows, Novell) and follows the same winning paradigm (from scanning to owning the system). The above is obvious since the same author crew from Foundstone is behind the book. The book is somewhat biased towards the attacker side, just as the title promises. Among new sections are wireless security, web hacking and attacking clients (such as web browsers) by malicious servers. The latter section presents some interesting tips on attacking over email, web browser (via ActiveX and other malicious technologies), IRC, etc.
Overall, if you own the 3rd edition, there is some motivation to go grab this one. However, if you haven't read "Hacking Exposed" yet, run to the store to get your copy if you are involved with network or system security in any role. For novices the book will server as a useful introduction to security and hacking, for intermediate readers the book will bring new tools and techniques and will serve as a useful refresher for experts. Companion website hackingexposed.com has the books' table of contents and some other material.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
19 Focussed, practical, clear. Excellent Win2K security book.
The author(s) are well-known in the security world. This book is very focussed on what it wants to do - make the user aware of the holes in Windows 2000, how hackers can/do break-in - including a great overview of different tools readily available on the Internet and techniques - and how to plug those holes.
Some of the stuff mentioned stops becoming relevant the moment you start applying current service packs, but still an eye-opener. If you want to specialize in or learn about hardening the Windows platform, this is a must-read - worth every penny spent in time and money.
Bharat Suneja
MCT
20 Excellent informational reading!
Okay, for all those people who want to learn to become hackers out there, this book is the answer to your prayers. This book was written from a hackers point of view on hacking. It tells you (with severe clarity, supriseingly) what you need to do to successfully hack into another persons CPU.
All those other books out there just simply show you what to do to defend from certain kinds of attacks, but this one show you HOW to actually DO those certain kinds of attacks. This is a must buy if you want to become a hacker, or just want general information on how hackers work their magic.
This book uses extreme clarity in telling you what to do (a sort of extreme version of "The Idiots guide to..." series) and how to successfully pull off an attack on someones system and even how to cover it up. I know this is one book I will keep on my shelf until the fourth edition comes out!
21 Very detailed.
One of the better books on internet security released in the last few years. It even comes with a CD full of usefull tools.
The explanations are detailed and accurate.
Defineately worth getting if you want to know more about network and internet security.
-Kim
22 Excellent
I'm a network engineer with several Cisco certifications under my belt. This book was exactly what I was looking for. It seems intuitive to me that to protect our systems from attack it is necessary to find out what the hackers are using to attack the systems. No need to spend a 1000 hours surfing hacker sites trying to reinvent the wheel - which can be a dangerous exercise. This book hands it to you on a silver platter. Well organized, clearly and concisely written. Highly recommended!
23 Truth revealed!
Recently I heard the Al Zazira website being hacked! Kewl!!! I wonder, was the Firewall system so poor of such a big website? Picking up this one, Hacking Exposed reveals how high profile sites and e commerce sites are penetrated. The book has endless Network security details and provides indepth knowledge of Operating systems, network applications and devices. Though it may motivate to educate Hackers, this book if seen on positive side, helps one to understand the security flaws in general that occur to hinder the website performances. System Administrators and Top Net Executives need to read the books to get 'Security Alert' & safeguard their interest to prevent any vulnerability. Administrative procedures help defeat from hack attacks to systems and counter measures make it ineffective.Techniques to hacking are exposed and breaking into telephony, firewalls systems etc. the various topics covered up.The Book Exposes what's really happenning on Network - Though for a common surfer its just a passing read but very useful to Tech buffs and interesting read to students who would be interested to know the way of the Wizard Networking. In Process of reading, one gets to be aware of how to use Hacking software but to the defensive point to take measures to point of protection. Normally not much into Technical reading, I recommend this book as a very good piece if you really wanna know the 'Hack Game' - Enjoy the Read!
24 Lots of Info
Although it didnt answer all my questions it provides an excellent foundation. Great place to start for computer professionals.
25 Refreshinly honest, though a few too many topics
With all the literature on network security, I really found this book a refreshing change of pace. Security experts will tell you that it is not enough to just know how to update patches and turn off unnecessary services. One must understand the mindset of a hacker, know the tools they like to use, and how they see your network from their perspective.
I really liked the approach of this book. It obscures nothing, and gives the would-be security person an in-depth view of how one can penetrate a system given time and a little know-how. The blunt honesty of this book can be surprising, as it gives default passwords for routers and switches among other things, but its this sort of wake-up call that turns network admins into security -conscious ones. I am definitely this book is in print.
I did have to give 4 starts to the book because it covers so many topics that it cannot devote as much as I would like on any one. Sections on Unix and Windows hacking are better left in the other books in the "Hacking Exposed" series. However, the information contained in those sections is no less useful.
All in all, this is a very worthwhile investment for admins and security guys who want to see things from the other side of the firewall, so to speak. :)
26 version 2?
Is this version better than version 2? or is it just updated?
27 Good Stuff! Essential for people who want to know security.
This book will scare you if you are an admin. Shows not only hacker tools/utilities but also how administrator's toolkits can be your own worst enemy. Essential to know what's possible in order to defend against it.
28 Excellent Book for the Beginner
I bought this book simply to broaden my knowledge on IT security. Although I have worked in the IT field for years, my area of expertise is not security. The book offers a nice overview of the hacking methdology from footprinting to actually hacking into a network. It is a perfect book to get started in the area of IT security.
29 Interesting.....
It's an intersting book for someone who wants to get into the security field, but if you are already there or have some experience you are better off just keeping tabs on all the hack/crack related websites.... it won't tell you anything new
30 Very informative
I bought this book when I was starting to get into penetration testing. It gave me an idea and showed me a way of thinking. It's definately a must have. The problem with such books is that they get outdated very quickly. Buy the latest one edition.
31 A must read for any sysadmins
I you are even remotely involved in system administration and don't know much about hacking techniques you must read this book. It not only explains some of the most popular hacking tools available out there but it also gives you some basic countermeasures. Extensive coverage of Unix, NT and 2000 but not much on XP. However most of the same tehniques can be used against XP.
32 GET COUNTER HACK INSTEAD
I could not read past pg 60 or so. It's esentially a hacking for dummies series, that's how bad the layout is. A better book that brings it all together is Counter Hack by Ed Skoudis.
33 Great Book
I have been looking for an informative reference on security for a long time, and this one is great. It does a great job of categorizing security issues. I recommend it for anyone that is at a college level. This book has helped me with my IT network curriculum.
34 A must-have...
For the security-minded professional, this book is a MUST HAVE... any security collection is simply not complete without this easy-to-use, well-written reference. Though typically not enough information for script-kiddies and the like, it's enough for the security engineer type to quickly and easily identify problems and come up with ways to fix them in their environments.
35 great humour
whatever you use its in here, its a bit short on wireless and xp (the latest ms os release when written) but it covers unix and microsoft.
it covers the theoretical as well as the known bugs. Asks important questions. The lession learned are patch - dont use microsoft, and configure it properly to begin with.
36 I almost feel like a hacker!
This book was good, it gave some decent information and pretty much covered NetBios hacking. This book also gives you links and tips on how to hack and possibley not get caught. I learned some good Footprinting from this book, and I recommend it to a "newbie" or someone who is a script kiddie.
37 Too shallow wireless section.
I bought this third edition, mostly because of the claims about covering wireless security area. Well, as it turned out, this 'coverage' includes just three lousy pages !!
The book is very like the second edition. No relevant changes are presented, and therefore several issues are now dated.
If you don't already own the second edition, then buy this new third edition, overall, it is a quite comprehensive and useful book. However, if you are looking for a serious wireless security treatment, then you should better try books like ' Hack Proofing Your Wireless Network' or alike.
38 Heavy but effective
I wasn't quite sure what I was letting myself into with 'Hacking Exposed'. In fact, I'm not even sure why I bought it - curiosity, I suppose. Being reasonably computer literate, I expected to find stuff that I might quickly understand. Sadly for me, I guess I'm not as computer savvy as I thought since about 70% of the content went way over my head. That's not the book's fault, since it is well laid out, well thought out and well presented.
Maybe what got me in the end was the SUID shell... [tsuiami}$ echo "/bin/cp /bin/sh /tmp/.sh ; /bin/chmod 4755 / tmp/ .sh" /etc/rc.d/rc3.d/s99local (page 369)
Any/clues/anyone? I'm;well;lost!
Certainly, for anyone who's in touch with 'real' programming, at least 'Hacking' talks about security from an offensive angle. A full catalog of the weaponry that black-hat hackers use is laid out in its full gore.
39 exceptional book
This is an exceptional book. It is technical enough for technicians to attempt play hacker and demonstrate why vulnerabilities are actually an issue to the non-technical staff.
I highly recommend everyone who wants to work in the Computer security field get and read this book. BTW, only attempt these tips and tricks on networks you have permission to attack. This book doesn't cover the legal issues that come from attacking a network.
40 Excellent Book
I feel all IT people should read this book! I learned tons of stuff about hacking and how to guard my systems!
41 Time to reposition the "Hacking Exposed" series?
I am a senior engineer for network security operations. I've read and reviewed every edition of the "Hacking Exposed" series since the 1999 original. "Hacking Exposed" is a winner; the authors' powerful example-driven style teaches the tools and tactics of vulnerability assessment and penetration testing. Nevertheless, I've compared this third edition to its "Hacking Linux" and "Hacking Windows 2000" cousins, and I believe the authors should rethink their goals for the "Hacking Exposed" series.
"Hacking Exposed, Third Edition" (HE:3E) describes techniques to attack and defend a wide variety of network assets: Microsoft products (9x, ME, NT, 2000, XP), UNIX variants, Novell's NOS, routers, PBXs, firewalls, and so on. Weaknesses in individual applications are explained, with attention given to remote control tools (VNC, Windows Terminal Server, PCAnywhere), Web technologies (IIS, ColdFusion, ActiveX, Java), and file sharing/chat systems (Napster, IRC). Readers are unlikely to find so many topics given fairly thorough coverage in a single volume.
Unfortunately, at 727 pages, HE:3E has gained too much weight. The 1999 first edition offered 484 pages, and the 2001 (yes, 2001) second edition gave 703 pages. While the authors should be credited for not simply copying and pasting material from their 2001 edition of "Hacking Exposed: Windows 2000," many of the same topics appear in both books. Furthermore, some subjects are redundantly described within HE:3E. For example, why rehash port redirection and rootkits in chapter 14 when they were adequately covered in earlier sections?
I strongly recommend the authors remove the UNIX- and Windows-specific material from a future fourth edition of "Hacking Exposed," directing readers to "Hacking Linux" and "Hacking Windows" when necessary. The authors should briefly describe general UNIX and Windows vulnerabilities in "HE:4E," and devote most of the book to their methodology and systems not covered in other books. This overhaul will give the authors a chance to remove some dated material from "Hacking Exposed," like a reference to ISS RealSecure v3.0 (6.0 is now in use).
I recommend readers who have not read previous "Hacking Exposed" titles buy this book. Despite my concerns, I still learned something new (wireless issues, format string vulnerabilities) and re-acquainted myself with material mentioned in earlier editions (RIP spoofing, enumeration techniques). If you've read "Hacking Exposed, Second Edition," wait for a revamped fourth edition.
(Disclaimer: I received a free review copy from the publisher.)
42 Not for beginners
I like the rating system the book uses for the individual types of hacks. It gives the reader an idea of the damage and how easy it is execute a particular hack. If you're looking for a beginners guide to explain hacking at a higher level, suggest you keep looking.
43 A Must Have for any administrator's bookshelf
I came into this book with little knowledge of hacking methods, outside of what I had read in some other books. Boy were my eyes opened! Not only did I find out how simple things I take for granted and use often can be used maliciously, but how much is out there designed to do harm to me. Some quibble that this is tantamount to a "how to" guide for wannabe hackers, but it's important for someone like me to know the tools and be able to act preemptively against potential hackers. The book is exhaustive and greatly epxanded from the first edition. Thought I skipped a lot of things that weren't directly related to my systems or experiences, I have found myself grabbing the book again and again to look something up, or to explore how something works so I can try to avoid it.
This book, as well as the recent worms and viruses, should serve as a wake up call for anyone who deals with networked computers, from the system administrator to the home user with an exposed system on a cable modem. Probably one of the scariest books I've read in a long time. It may not keep you reading like Stephen King, but it's just as scary and proves, what you don't know *CAN* hurt you.
44 Great book....
I thoroughly enjoyed this book. It will not turn the average computer user into a true hacker but it gives you a good understanding of the many vulnerabilities that exist in todays systems.
The layout of the book is excellent. It follows in the logical order in which an attacker would go about his/her work. It starts with generic information gathering and then divides into exploits by OS. It covers the use of a very large number of tools (would be nice if they were included in a CD) as well as an explaination their strengths.
This book is definitely helpful to the intermediate/advanced user who is connected to the internet via DSL/cable modem. By explaining how computers are hacked, users have a better idea of what to do to their own computers to keep hackers out. It can also make you paranoid so read at your own risk.
45 Hacking Exposed is a treasure
Don't let the size of this book fool you. This was one of the most exciting ( and scary ) books that I've read in a long time. I'm the owner of one of the largest used book webstores in the nation and it opened my eyes to the hacker's toolkit and how to stop them. Written from the hacker's perspective, it delves into how they can break into a site. Truly, if you are concerned about your own web site and/or your firewall security in a home or business, this book is worth it's weight in gold. I tightened down my firewall greatly after reading this book.
46 The book for security
Have now read this book and have found it extreamly good. I do troubleshooting ISP's & ASP's systems on mostly MS systems and there were a lot of items that I did not know about. Now that I know my customers and my self hopefully will be more secure.
I'm looking forward to the 3 edition. I can't wait!!! Great work - if you are a bit insecure about what secutity book to buy. Buy THIS !!!!
47 Packed With Knowledge!
You might expect a massive book about computer hacking to be tedious reading, but - surprise - this one is actually fun. You'll be impressed by the quality of the writing and the clarity with which the authors explain complicated matters. Why have these clever writers gone public with information on how to hack into computers? They figure that hackers learn how to penetrate systems anyway. It's the network administrators and other professionals that need to understand hacking to protect their own vulnerabilities. The book, which is detailed almost to a fault, explains how to defend and attack specific programs, Web sites, voicemail, firewalls and even individual Internet users. We at getAbstract.com recommend this as an essential reference for businesspeople who want to know why system administrators always look twitchy. It's also a good tool for any computer professional whose day - or career - might be ruined by a single moment of system weakness.
48 Great Resource
Without question the best Hacking book I have read. Great detail, references, tools and techniques. I had the first edition and was reluctant to buy the second just because I was afraid there would not be enough new information. I am glad to say I was wrong and it was well worth the purchase.
49 Hacker Aproved
I got this book when it first came out and learned a lot of new things from it. its starts from the bottom up and runs you thought the whole hack. very well writen and informative great book for a wanna-be hacker or new systems administartor/ secuity admin. im glad someone has the guts to tell the world that security sucks.
50 Broad coverage, good material.
I bought Hacking Exposed after being dismayed by Hack Attacks Revealed. I thought that Exposed, being older, would have been out of date and less useful, but found that it was a far superior book.
The one flaw with Exposed is that it tries to cover too many different systems. I think they should have gone into more depth on some of the issues, but I guess they're covering that with their OS-specific books, such as Hacking Linux Exposed and Hacking Windows 2000 Exposed. (The former is an excellent read -- superior to Exposed in my opinion. I don't support windows machines and won't be reading the latter.)
I'd recomend Hacking Exposed to anyone that wants a good overview of many areas of security and hacking, but I'd also grab their OS-specific varients that are applicable to for the greater detail.
51 Script-Kiddie Bible. Cracking Exposed.
This book goes into explicit detail explaining not only how to committ various attacks but where to find the free tools to use in the attack, etc. I am surprised that some hacked ISP has not sued this books authors yet! Not only does it explain the attacks in detail but it explains how to defend against them. This book is written from an offensive point of view as if it were trying to teach you how to be an uberskriptKiddy. Easy to read and easy to understand.
52 Not Bad
This book isn't bad. Now that DSL and cable modems are becoming more standard consumer items, this book will at least provide some insight into potential threats to unprotected or mildly protected systems. If you are using at least Black Ice Defender or Norton Personal Firewall, this book will help you to understand and probably counter the threats those software firewall apps alert you to.
53 A frightening but necessary read
A thought-provoking and disturbing book for anyone whose business involves the Internet -- and that makes reading it all the more important. I've bought copies of this book for all my systems staff. A caveat, however: "Hacking Exposed" is a highly technical book that's not for the novice or the technology-challenged. If you want to give your boss something to read to bring him/her up to speed on information security, you're better off with something like "Secrets and Lies" by Bruce Schneier. But buy this book for yourself and your techie co-workers.
54 good book
good book, much better than the first but lacking detail. i can find exploits on any security website. as i read from another review, wheres the beef?
55 Better and most useful
"Secrets and Lies" by Bruce Schneier taught me that computer security is much more than building better firewalls and managing them well. "Hacking Exposed" showed me what that means in practice. Scambray and McClure have all the knowledge and tools to look at the front door of the network, but also know that most hacks come through social engineering, unguarded other entrances, email delivered trojans, and other techniques that bypass the firewall entirely. That's the real world, and they treat it with gusto, vibrancy, and deep understanding. Most computer books are "just the faqs" dumps of the subject, with a little organization. These guys put you right inthe middle of things, and their knowledge clearly comes from intense practice, not theory. Dave Burstein
56 ANYTHING EXCEPT 5 STARS IS UNFAIR.
Guys! This is a starter book. Get real!
-(1)- Many readers complain that it does not have enough detail (Specific and new hacks, deep description of protocols, for example). But this piece was not written for this. You can't blame a chicken for not giving you milk. This is an overview book, which can't cover everything physically, it is thick enough already, giving a very good general notion of the field. -(2)- Same readers take stars from the book for "containing only links, not much else". But that's the point! Just follow references, they are very useful. It is the only way to find fresh and profound material. Guys, who expect to find everything in one book are just lazy and unprofessional people, who bought it to play around with neighbour's PC or some box on the web. -(3)- "I bought the book, but it turned out to be useless :( ". Shure it did. You didn't check table of contents and reviews. But that's not the author's fault, don't take off stars.
57 A good start for those interested in Computer Security.
I work for a major government contract in the DC area which supports over 100,000 internet/email users. We have a highly secure network with multiple firewalls, etc. This book will not really help you secure a network but it will give you a good background on theory for detection of potential attacks. Since it is relatively cheap, I suggest that this book be added to your collection if you are pondering getting into computer security.
58 Truly An Excelent Book
This book is very useful a must have to all network administrators or people who just want to secure there pc. Before I had this book I thought my pc was secure enough from intruders but when I read the book I found out how unsecure I really was. You may think your safe from intruders but guess what your not so read this book and see how safe your pc will test out to be!
59 Some People Being To Harsh
As a sysadmin and fan of hacking around with comps in general. This book is excellent for relative newbies to the security field. If you want detailed descriptions of theory and such, get some more scientific books. But if you want real-world applicable information this book is about as good a book as any to start with. Some of the attacks are dated, and it doesn't go into real technical detail. But if you are looking for a how-to guide on how to find protocol and application bugs. You are nothing more than a script-kiddie who wants to be able to write his/her own apps. That type of information doesn't exist, you get it from hacking around and learning it on your own. However this will give you good places to start researching how others scripts work. (Esp *nix versions, since they usually come as uncompiled C code *woot*).
60 Linux exposed was much better
I like the other exposed book much better. This book contains too many outdated hacks and again very little detail.
61 Whhheeerrreeesss The BEEF?
i have been in the comminications field for 13 years now. this book reviewed like it was one of the best out there for hacking methods and vulnerabilities and i thought it would compliment my library. after going through about a third of the book, i now know it is poor. this book is nothing more than a internet directory listing for hack sites and software. it gives no detail at all. it explains next to nothing. where as i was looking for actual mechanics for attacks, to include protocols and logic, this book simply references web site, after site, after site. i would not even recommend this book for a beginner due to no depth. you could do better pointing your browser to the internet than read this book (well, the book does pretty much tell you to go to the internet). look elsewhere, even if you are looking for a starter book on the topic.
62 Where's the detail?
Would be much better if organized properly. Some very cool techniques I wasn't aware of, but too little detail.
63 Still the best for vulnerability assessment and pen testing
I am a senior engineer for managed network security operations, which includes conducting vulnerability assessments against client networks. I read this second edition to gain insights into ways to better assess a client's security posture, and also to understand some of the attacks I see while monitoring intrusion detection systems. Of the books I've read, Hacking Exposed remains the best guide to systematically assess and (if necessary) compromise hosts. By understanding black hat methods, defenders can better prepare for the tidal wave of exploits washing upon the networking shore.
Parts I (Casing the Establishment), II (System Hacking), and III (Network Hacking) are a tour-de-force of attacker tools and techniques. While explaining how to penetrate systems, the authors spend a fair amount of time explaining how those systems work. From a system administration standpoint, these descriptions are pure gold. Since the authors are fairly operating system-agnostic, they show the pros and cons of Microsoft, UNIX, and Novell products in the harsh light of improved security. For example, the discussion of file handles, file descriptors, and signals in chapter 8 ("Hacking UNIX") helped me understand a little bit of UNIX's guts, while giving a security spin to file system operations.
Thankfully, Hacking Exposed gives Microsoft operating systems plenty of attention. While recognizing that many of us dislike administering these systems, the authors provide helpful and solid chapters on Windows NT and Windows 2000. They also demonstrate many ways to use Windows as an attack platform. They convincingly show that if a scan can be performed in Linux, someone has developed a similar tool for Windows.
My favorite issues in the book involved describing Windows rootkits (a recent development) and UNIX loadable kernel modules. On the negative side, I felt the book lost steam in section IV (Software Hacking), spending too much time repeating earlier material. Also, unless you're a relative newbie to security, you may become bored with the litany of historic deficiencies and required patches discussed in section IV.
Overall, the second edition of Hacking Exposed remains a must-read book for security professionals. I recommend it as the sort of book one reads after gaining an overall sense of the security field and learning about TCP/IP. With those foundations in place, it's time to learn how black hats operate. If you're a system administrator, you'll learn how to fortify your network assets. If you're an intrusion detector, you'll learn what to watch for. If you're a pen-tester, you'll learn how to compromise hosts. Who could ask for more?
64 Good for reference, but...
This book definitely contains a lot of useful information. Unfortunately, it could be organized better, and doesn't go into enough details about the concepts. It is very focused on the use of publicly available tools and information. That said, I still use it as a reference book for specific pieces of vulnerability information.
65 Great for sys admin
Yes this book covers a lot. It shows you how to hack and what tools do you need. Be prepared to spend many hours reading and testing, just likes hackers do :)
If you are not willing to invest many hours, stick to web site security alert and apply the patches...
py
66 A good reader! This book is extremly interesting,
This book is extremly interesting, personally I think anyone that uses computers can learn quite a bit from reading this book. I think that it is good enough to be used as a textbook for college classes for information and projects. I learned a lot about computer security, and keeping my computer safe from reading this book. The only thing I did not like was this. The book constantly refers to their web site for examples and programs, most computer science or computer tech. book usually have an accompaning CD rom that comes with the book, this book does not come with such a CD rom, if you want that you have to buy it from the web site for another small some of money. otherwise I would have given this book 5 stars, but overall it is extremly interesting.
67 Great Book
This book is great for hackers and administrators it teaches everything you need to know for basics and more advanced. It shows you how to think like a hacker. Even though you already know something in this book you will even know more about the subject and find things about what you thought you knew that are amazing.
68 More like a collection of CERT advisories.
This book is a good introduction to script kiddies, programmers who want to know about tools to attack systems and novice system administrators. It is a compendium of most of the attacks known. I did not like the way the attacks are classified according to the operating system rather than based on the bugs involved. For each attack mentioned in the book, they describe the tools needed to carry out the attack, a high level description of the attack strategy using the tools and ways to protect against the attack. However the book fails to explain the flaws in the protocols or programs that allow these attacks. I would recommend this book to someone who doesn't care how an attack works, but is just interested in knowing about various attacks. Definitely not recommended for someone working in this area or someone with basic OS knowlege.
69 Not what I had expected
This book didn't teach me anything I didn't already know. I guess I should have read the title before I bought the book. I was expecting Computer security auditing 102 and got Hax0r1ng ExP0sed: your 800 page ub3r l33t guide to take you half way to script kiddie! I'm not saying that this book doesn't have any decent information, I am just saying that it's not for the guru. I could rewrite this entire book in fewer than 40 pages.
70 A *MUST-HAVE* for all Network/System Administrator
This is THE book to have about security... The authors tell it as it is, no B.S. You have access to the tools real hackers use and to the knowledge they all share... This is probably the best computer book I've ever bought... It explains in details how to footprint, scan, use backdoors, social engineering...
In one word: A-M-A-Z-I-N-G!
71 This is the book to use for penetration testing and analysis
Hardly a week goes by that CNN does not report a high-profile Web site being defiled or an e-commerce site being penetrated. While most people know why these incidents occurred, Hacking Exposed explains how they occurred and, more important, how to prevent them from occurring.
The cover of Hacking Exposed announces that "Network security is Y2K without the deadline." That alarmist statement, however, is the only hype in the book. The work is packed with real-world examples and links to tools needed to assess the security of any type of client/server and Web system. As they detail the myriad vulnerabilities in different types of systems, the authors provide countermeasures for each of them.
Well organized, the book progresses in an orderly fashion. It methodically goes through the process of exploiting a target to penetrate a system--from identification and enumeration to actual penetration. The authors provide detailed instructions and explanations for many security features and flaws in Unix, Linux, Windows, NetWare, routers, firewalls, and more. Topics covered include state-of-the-art computer and network penetration, as viewed by both the attacker and the defender; remote system identification; vulnerability identification; war dialers; firewall circumvention; and denial-of-service attacks. An appendix explores the security characteristics of Windows 2000.
Some may argue that books such as this one only serve to motivate and educate hackers. The truth is that hackers are already aware of the book's contents. This book is designed for system administrators and managers who need to know their systems' risks and vulnerabilities and how to address them. When they are done with this book, system administrators and managers will be familiar with such critical topics as back channels, port redirection, banner grabbing, and buffer overflows. Hacking Exposed is a must-read for anyone who wants to know what is really happening on their network....
72 Excellent overview of hacking methodology
Superb book on the methodology of hacking. It is more important to understand the way hackers think, then to rely on security tools that come and go. There will always be new and better tools. Great resource on many different topics, researching your target, OS vulnerabilities, network security, internet user security, and much more.
73 Good book -- but for CISSP??
This is no doubt a great book. I initially bought this book, the information security handbook and practice exam ... to study for CISSP exam. While the material of this book was generally out of scope for the exam, it was without a doubt still a great book -- it just was more technical than the exam, whereas, the exam was just VERY broad. If your looking to pass the CISSP, don't rely on this book, but if you want a GREAT book about "hacking" then get this!!
74 Hacking Exposed, 2nd Edition
SUPERB
This book is just as good if not better than the 1st edition. This book is what sys admins have needed for years and now they have it. The 2nd Edition is not just a few more exploits and info with a new cover it is a whole new book!
yes some of the content is still the same but that is because that exploit of bit of information is still valid, if you got the first one and feel it was a big help (which think 99% of people who got it thought) then i would HIGHLY recommand getting the 2nd edition.
Only bad part was no cd!
Where is it? I know you can buy it from them but i think it should come with the book and they put the rpice up ... or something!
Other than that great book, well needed by everyone!
*about me: i am ... from London UK, you can work out the rest ;)
75 Finally
Finally a book written by a Scambray that is worth a darn. Within the immediate family there are no less than six english majors over the past two generations. The first attempt at a publication was an academic endeavor on the behalf of one Kenneth Scambray. A nice try but not what you would call a best seller. Something about farming. "A Varied Harvest" I am not a computer specialist but from the feedback from our IS department within my company this book is great. Congratulation Joel, we are all proud of you. Carol, Linda, Kara, and Terry need to get to work. Look for Kenneth's second try. I think he had to switch to Italian to go for a larger audience.
76 Impressive follow-up edition
I read the first edition and thought it was a great book that every administrator should have. I didn't think that they would come out with a second edition so quickly. I am impressed that the second edition isn't just a rehash of the same material. It is filled with new information that is a must have for security minded administrators. The application hacking information is the wave of the future.
We have had consultants come in to perform work for our company who have carried the first edition in hand to perform security reviews for us. I can't wait to see how long it takes them to bring in the second edition. Its amazing how the authors share this great information with their competitors. The authors are keeping the competition on their toes and increasing the general knowledge of security for the whole industry.
Keep it coming guys!
77 Extreme Hacking Guide
This is book is a really good book, if your seeking knowledge on how to protect your computer, in the past I had malicious hackers perform many attacks on my computer, some DoS, some just TCP port probes, I now no longer have to worry about such attacks! thanks to the authors.
