[4287] in linux-announce channel archive

home help back first fref pref prev next nref lref last post

Linux-Announce Digest #579

daemon@ATHENA.MIT.EDU (Digestifier)
Mon Oct 27 23:13:08 2003

From: Digestifier <Linux-Announce-Request@senator-bedfellow.mit.edu>
To: Linux-Announce@senator-bedfellow.mit.edu
Reply-To: Linux-Announce@senator-bedfellow.mit.edu
Date:     Mon, 27 Oct 2003 23:13:02 EST

Linux-Announce Digest #579, Volume #4          Mon, 27 Oct 2003 23:13:02 EST

Contents:
  "Hacking: The Art of Exploitation" from No Starch Press (Leigh Sacks)
  ANNOUNCE: BEAST/BSE v0.5.5 (Tim Janik)

----------------------------------------------------------------------------

Date: Mon, 27 Oct 2003 12:23:25 CST
From: Leigh Sacks <leigh@nostarch.com>
Subject: "Hacking: The Art of Exploitation" from No Starch Press

October 27, 2003

FINALLY, A HYPE-FREE HACKING BOOK
"Hacking: The Art of Exploitation" - serious hacking from a serious hacker

San Francisco, CA - Countless people have picked up a book on hacking, 
excited to get into the nitty-gritty of hacker exploits, only to discover 
that the book doesn't really tell them anything useful. Sure, it's 
entertaining, and maybe it presents some ideas about what hackers have done 
and can do. But if it doesn't really teach anything, is it really worth the 
money?

Finally, here's a book that tackles the art and science of hacking: 
"Hacking: The Art of Exploitation" (No Starch Press, Nov 03, $39.95 US, 
ISBN 1593270070). This technical, code-filled book about the art of 
creative problem solving known as hacking dissects various hacker 
techniques, both old and new, to see what makes them work. Unlike many 
hype-filled hacking books which explain how to download and use someone 
else's exploit, Erickson goes in-depth into each exploit to explain what 
happens at the code level, and the underlying logic. As the reader learns 
about each exploit technique they learn not only about that particular 
security flaw but also why most systems are vulnerable and most software is 
insecure.

Some of the techniques covered in the book are:

* Exploiting programs using buffer overflows and format strings
* Writing printable ASCII polymorphic shellcode
* Defeating non-executable stacks by returning into libc
* Redirecting network traffic, concealing open ports, and hijacking TCP 
connections
* Cracking encrypted 802.11b wireless traffic using the FMS attack

This is a book for the true hacker, whether that means the black clad 
system invader we see in the movies (thanks, Keanu), the underappreciated 
sys admin keeping miscreants off his network, or just the neutral computer 
technology enthusiast who enjoys the challenge. "Hacking: The Art of 
Exploitation" teaches the reader to think like the hacker writing the 
exploits so that he can learn to think for himself. And that is the essence 
of hacking.

HACKING
The Art of Exploitation
by Jon Erickson
ISBN 1593270070, November 2003, $39.95 ($59.95 Cdn), 264 pp.
Available at fine bookstores everywhere in November 2003
To order from the publisher: visit www.nostarch.com, email 
orders@nostarch.com, or call 800-420-7240
For press queries contact Leigh Sacks - 415-863-9900 or leigh@nostarch.com

ADDITIONAL RESOURCES
Author's site: www.phiral.com
www.2600.com - The Hacker Quarterly
www.phrack.org - Hacker magazine by the community, for the community
www.cert.org - Major reporting center for Internet security problems
www.securiteam.com - Security and hacking community
"Hacking: The Art of Exploitation" table of contents: 
http://nostarch.com/frameset.php?startat=hacking_toc
Sample chapter from the book - chapter 3, Networking: 
http://nostarch.com/hacking_ch3.pdf
Cover image: http://nostarch.com/frameset.php?startat=hacking_big

ABOUT THE AUTHOR
Jon Erickson has a formal education in computer science and speaks 
frequently at computer security conferences around the world. He currently 
works as a cryptologist and security specialist for Luminare Consulting.

ABOUT NO STARCH PRESS
Since 1994, No Starch Press has published unique books on computing, with a 
focus on Open Source, security, hacking, web development, programming, 
gaming, and alternative operating systems. Our titles have personality, our 
authors are passionate, and our goal is to make computing accessible to 
everyone.

For more information, or to request a review copy or schedule an interview 
with the author, contact Leigh Sacks at leigh@nostarch.com or 415-863-9900

##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################


------------------------------

Date: Mon, 27 Oct 2003 16:54:52 CST
From: Tim Janik <timj@gtk.org>
Subject: ANNOUNCE: BEAST/BSE v0.5.5


BEAST/BSE version 0.5.5 is available for download at:

  ftp://beast.gtk.org/pub/beast/v0.5
or
  http://beast.gtk.org/beast-ftp/v0.5

BEAST (the Bedevilled Audio SysTem) is a graphical front-end to
BSE (the Bedevilled Sound Engine), a library for music composition,
audio synthesis, MIDI processing and sample manipulation.
The project is hosted at:

  http://beast.gtk.org


This new development series of BEAST comes with a lot of
the internals redone, many new GUI features and a sound
generation back-end separated from all GUI activities.

The most outstanding new features are the demo song, the effect and
instrument management abilities, the track editor which allowes
for easy selection of synthesizers or samples as track sources, loop
support in songs and unlimited Undo/Redo capabilities.

Note, if you encounter problems with .bse files from previous BEAST
versions, this may indicate bugs at the compatibility layer.
A bug report accompanied by the problematic file can be send to the
mailing list and is likely to get you a fixed file in return.

Overview of Changes in BEAST/BSE 0.5.5:

* New (or ported) modules:
  DavCanyonDelay - Canyon Echo by David A. Bartold
  BseMidiInput   - Monophonic MIDI Keyboard input module
  BseBalance     - Stereo panorama position module
  ArtsCompressor - Mono and stereo compressor [Stefan Westerfeld]
* Added utility script to crop and duplicate parts [Stefan Westerfeld]
* Added "Party Monster" demo song [Stefan Westerfeld]
* Implemented ability to use sequencer as modulation source
* Added support for external MIDI events in song tracks
* Added .bse file playback facility to bsesh
* Added support for C++ Plugins
* Now installs bse-plugin-generator for simple creation of C++ Modules
* Added manual pages for installed executables
* Lots of small MIDI handling fixes
* Fixed MP3 loader
* Major GUI improvements
* Registered MIME types for .bse files, provided .desktop file
* Made search paths for various resources user configurable
* Added prototype support to IDL compiler [Stefan Westerfeld]
* Work around PTH poll() bug on NetBSD [Ben Collver, Tim Janik]
* Support NetBSD sound device names [Ben Collver]
* Added i18n infrastrukture for BEAST and BSE [Christian Neumair, Tim Janik]
* Added Azerbaijani translation [Metin Amiroff]
* Added Russian translation [Alexandre Prokoudine]
* Added Serbian translation [Danilo Segan]
* Added Swedish translation [Christian Rose]
* Added German translation [Christian Neumair]
* Added Czech translation [Miloslav Trmac]
* Added Dutch translation [Vincent van Adrighem]
* Lots of bug fixes


---
ciaoTJ


##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################


------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: Linux-Announce-Request@NEWS-DIGESTS.MIT.EDU

You can submit announcements to be moderated via:

    Internet: linux-announce@NEWS.ORNL.GOV

Linux may be obtained via one of these FTP sites:
    ftp.funet.fi				pub/Linux
    tsx-11.mit.edu				pub/linux
    sunsite.unc.edu				pub/Linux

End of Linux-Announce Digest
******************************

home help back first fref pref prev next nref lref last post