Industrial-Sized Deals TextBTS15 Shop Women's Handbags Learn more nav_sap_SWP_6M_fly_beacon Melanie Martinez $5 Off Fire TV Stick Subscribe & Save Shop Popular Services pivdl pivdl pivdl  Amazon Echo Starting at $99 Kindle Voyage Nintendo Digital Games Big Savings in the Amazon Fall Sportsman Event STEM Toys & Games
Customer Review

18 of 30 people found the following review helpful
1.0 out of 5 stars Should not be a hacking exposed book, August 7, 2008
This review is from: Hacking Exposed Linux, 3rd Edition (Paperback)
Bitterly disappointed with this book.

Whilst if you are looking for a book on how to secure a Linux system it would make a very useful book as it does include up-to-date information about doing so, it absolutely does not inform you how to actually hack a Linux system. Which would be fine if it was not a "Hacking Exposed" book.

The first 50 pages are an advertisement for ISECOM and OSSTMM and nothing really to do with Linux specifically.

Local Privilege escalation - for Linux most people would think this will make up a good chunk of the book, in fact it takes up about 2 pages, followed by around 6 pages on how to stop it - end of subject; it is never mentioned again.

The largest chapters in the book are PSTN, ISDN and X.25 hacking closely followed by Wireless Hacking. Looking to exploit FTP, SSH, RPC, RLOGIN, TELNET etc?...the book does not cover them from a hacking point of view. Even a search in the index for rlogin reveals zero results.

In short if you are thinking about buying this book to learn how to hack Linux - by the older version of Hacking Exposed Linux that was released in 2000. If you are looking for a book about securing Linux then this is certainly a book that will be useful to you.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

[Add comment]
Post a comment
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Amazon will display this name with all your submissions, including reviews and discussion posts. (Learn more)
Name:
Badge:
This badge will be assigned to you and will appear along with your name.
There was an error. Please try again.
Please see the full guidelines here.

Official Comment

As a representative of this product you can post one Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
The following name and badge will be shown with this comment:
 (edit name)
After clicking the Post button you will be asked to create your public name, which will be shown with all your contributions.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.  Learn more
Otherwise, you can still post a regular comment on this review.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
 
System timed out

We were unable to verify whether you represent the product. Please try again later, or retry now. Otherwise you can post a regular comment.

Since you previously posted an Official Comment, this comment will appear in the comment section below. You also have the option to edit your Official Comment.   Learn more
The maximum number of Official Comments have been posted. This comment will appear in the comment section below.   Learn more
Prompts for sign-in
 

Comments


Sort: Oldest first | Newest first
Showing 1-3 of 3 posts in this discussion
Initial post: Aug 7, 2008 12:34:06 PM PDT
W. Remes says:
I'm sorry. I think you missed the ball with that one. This is supposed to be an up-to-date book, rlogin hasn't had an exploit since 2001 ;-)
Also RPC is only used in Windows system, I don't think it has a place in a book about hacking linux ... This book is on my list to buy for sure !

Additionally, I have to b-slap you one other time ... the OSSTMM is nothing to be advertised, it is a completely free framework for everybody to
use and ISECOM is a non-profit organisation. You gotta get your facts right before you start ranting.

In reply to an earlier post on Aug 7, 2008 7:00:01 PM PDT
Ever hear of SunRPC? Probably not.

In reply to an earlier post on Aug 21, 2008 4:05:07 PM PDT
Last edited by the author on Aug 21, 2008 4:23:40 PM PDT
Nobody. says:
As a professional Pen tester I see rlogin, rcp and rsh in use on a weekly basis if not a daily one - it may be old but it is still very prevalent in networks today and fully deserves mention in any 'Hacking Exposed Linux' book. Also rlogin is not and never was an 'exploit' as you put it, it is a fundamentally flawed _protocol_ that is open to abuse. If you think Linux does not use RPC style applications (derived from ONC) then I would immediately dismiss your post as uninformed or biased to the book and/or author. Prahaps you could explain what listens on port TCP:111 and what its job is.

When the origional post said 'Advertising OSSTMM' I imagine most people will understand it didn't mean in the 'TV advertisement way' more as in spreading the word about it - which as ISECOM is the publishing body for only makes sense I suppose.

I don't mean to discredit the book as it is useful to anyone looking to secure a Linux system; however pen testers and the like who buy this book will be looking for it to cover NFS, X11, rlogin, ssh and all the stuff mentioned in the original post, which are still among the common methods of attack against Linux/UNIX/Solaris systems. I think selling it as a hacking exposed book is a massive falsehood as it does not expose many useful hacking methods at all, as is expected form these range of books. As previously said, anyone looking for a book that covers practical ways to compromise a Linux system would be 100% better off with the original Hacking Exposed Linux book (which is still avaialbe on this site) and I cannot emphisis this enough as I would not want anyone else to buy this book, like I did, in the anticipation that it would cover hacking Linux, when in fact it is just cashing in on the Hackng Exposed name.
‹ Previous 1 Next ›

Review Details