Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Exploiting Software", Greg Hoglund/Gary McGraw

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKEXPLSW.RVW 20040531 Exploiting Software , Greg Hoglund/Gary McGraw, 2004, 0-201-78695-8, U$49.99/C$71.99 %A Greg Hoglund %A Gary McGraw %C P.O. Box
    Message 1 of 1 , Jun 28, 2004
    View Source
    • 0 Attachment
      BKEXPLSW.RVW 20040531

      "Exploiting Software", Greg Hoglund/Gary McGraw, 2004, 0-201-78695-8,
      U$49.99/C$71.99
      %A Greg Hoglund
      %A Gary McGraw
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2004
      %G 0-201-78695-8
      %I Addison-Wesley Publishing Co.
      %O U$49.99/C$71.99 416-447-5101 fax: 416-443-0948
      %O http://www.amazon.com/exec/obidos/ASIN/0201786958/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0201786958/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0201786958/robsladesin03-20
      %P 471 p.
      %T "Exploiting Software: How to Break Code"

      I have learned to beware of books with titles like this, which
      generally indicate a hastily compiled set of old vulnerabilities,
      benefitting nobody save the author. This work, however, turns out to
      have a lot of value for those interested in security of software.

      Although it does not deal with the factors inherent in software that
      almost ensure problems, chapter one outlines the fact of bugs in
      software, the relative rate and increasing prevalence, and future
      developments that may exacerbate the issue. Chapter two provides
      taxonomies of general types of software problems (distinguishing, for
      example, between a bug and a flaw), patterns of attack activities
      (pointing out that most exploits are used in combination), and types
      of system scanning activities (used to determine specific attacks that
      might be effective). This material is very useful in structuring the
      debate about software exploits and attacks in general, but,
      ironically, the chapter (and book) itself could benefit from better
      organization. Reverse engineering, both via black box testing and
      through code analysis, is described in chapter three. The discussion
      is general, and presents the different activities that can be
      undertaken, usually at a fairly abstract level. (This is not true in
      all cases: there is a chunk of twelve pages of code for a plug-in
      module and eight pages of script for the IDA disassembler, which is of
      questionable utility, depending on the familiarity the reader may have
      with that particular program.)

      At this point in the book, the issue of the validity of the "learn to
      exploit in order to learn to protect" philosophy should be addressed.
      In general, the "hack to protect" books do not provide much that is of
      value for the defenders. That statement is not necessarily true of
      this work. Since most of the presentation is at a conceptual level,
      it is the ideas, and not particular exploits, that are being reviewed.
      The authors are explaining tools and techniques that, yes, can be used
      by attackers, but can equally be used by those who wish to probe a
      given system for weaknesses in order to determine vulnerabilities to
      be patched. (There appears to be only one exception in chapter three:
      the authors note that vendor patches tend to act as a roadmap for
      vulnerabilities, and it is difficult to say how this technique is
      useful for defence, other than to note that the probability of an
      exploit increases after a patch has been issued.)

      Chapter four lists types of attacks on server software, while five
      looks at clients, primarily web browsers. Indications pointing to
      patterns of malformed input that are likely to generate successful
      exploits are described in chapter six. The classic and ubiquitous
      buffer overflow gets a detailed explanation (supported with a number
      of examples) in chapter seven, which has a strangely extensive section
      on RISC (Reduced Instruction Set Computer) architectures. Chapter
      eight is rather disappointing in light of the tone of the rest of the
      book: it is primarily concerned with how to create and program
      rootkits, and the worth for defence is doubtful.

      While ultimately of greatest use to a rather select audience (those
      specifically concerned with finding and patching loopholes in
      software), this book does have a lot to say to most security
      professionals. The security aspects of software development tend to
      be glossed over too quickly in most general works on security.
      Specific examples of malformed input are used, in too many security
      texts, as evidence of the author's superior security erudition, rather
      than to explain the underlying concepts. Hoglund and McGraw have
      prepared solid tutorials and definitions of these important ideas
      (although one could wish that they had prepared the arrangement of the
      book with the same degree of care).

      copyright Robert M. Slade, 2004 BKEXPLSW.RVW 20040531


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Daughters of feminists love to wear pink and white short frilly
      dresses and talk of successes with boys/
      It annoys/
      Their Mums ... - Nancy White
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.