[4287] in linux-announce channel archive
Linux-Announce Digest #579
daemon@ATHENA.MIT.EDU (Digestifier)
Mon Oct 27 23:13:08 2003
From: Digestifier <Linux-Announce-Request@senator-bedfellow.mit.edu>
To: Linux-Announce@senator-bedfellow.mit.edu
Reply-To: Linux-Announce@senator-bedfellow.mit.edu
Date: Mon, 27 Oct 2003 23:13:02 EST
Linux-Announce Digest #579, Volume #4 Mon, 27 Oct 2003 23:13:02 EST
Contents:
"Hacking: The Art of Exploitation" from No Starch Press (Leigh Sacks)
ANNOUNCE: BEAST/BSE v0.5.5 (Tim Janik)
----------------------------------------------------------------------------
Date: Mon, 27 Oct 2003 12:23:25 CST
From: Leigh Sacks <leigh@nostarch.com>
Subject: "Hacking: The Art of Exploitation" from No Starch Press
October 27, 2003
FINALLY, A HYPE-FREE HACKING BOOK
"Hacking: The Art of Exploitation" - serious hacking from a serious hacker
San Francisco, CA - Countless people have picked up a book on hacking,
excited to get into the nitty-gritty of hacker exploits, only to discover
that the book doesn't really tell them anything useful. Sure, it's
entertaining, and maybe it presents some ideas about what hackers have done
and can do. But if it doesn't really teach anything, is it really worth the
money?
Finally, here's a book that tackles the art and science of hacking:
"Hacking: The Art of Exploitation" (No Starch Press, Nov 03, $39.95 US,
ISBN 1593270070). This technical, code-filled book about the art of
creative problem solving known as hacking dissects various hacker
techniques, both old and new, to see what makes them work. Unlike many
hype-filled hacking books which explain how to download and use someone
else's exploit, Erickson goes in-depth into each exploit to explain what
happens at the code level, and the underlying logic. As the reader learns
about each exploit technique they learn not only about that particular
security flaw but also why most systems are vulnerable and most software is
insecure.
Some of the techniques covered in the book are:
* Exploiting programs using buffer overflows and format strings
* Writing printable ASCII polymorphic shellcode
* Defeating non-executable stacks by returning into libc
* Redirecting network traffic, concealing open ports, and hijacking TCP
connections
* Cracking encrypted 802.11b wireless traffic using the FMS attack
This is a book for the true hacker, whether that means the black clad
system invader we see in the movies (thanks, Keanu), the underappreciated
sys admin keeping miscreants off his network, or just the neutral computer
technology enthusiast who enjoys the challenge. "Hacking: The Art of
Exploitation" teaches the reader to think like the hacker writing the
exploits so that he can learn to think for himself. And that is the essence
of hacking.
HACKING
The Art of Exploitation
by Jon Erickson
ISBN 1593270070, November 2003, $39.95 ($59.95 Cdn), 264 pp.
Available at fine bookstores everywhere in November 2003
To order from the publisher: visit www.nostarch.com, email
orders@nostarch.com, or call 800-420-7240
For press queries contact Leigh Sacks - 415-863-9900 or leigh@nostarch.com
ADDITIONAL RESOURCES
Author's site: www.phiral.com
www.2600.com - The Hacker Quarterly
www.phrack.org - Hacker magazine by the community, for the community
www.cert.org - Major reporting center for Internet security problems
www.securiteam.com - Security and hacking community
"Hacking: The Art of Exploitation" table of contents:
http://nostarch.com/frameset.php?startat=hacking_toc
Sample chapter from the book - chapter 3, Networking:
http://nostarch.com/hacking_ch3.pdf
Cover image: http://nostarch.com/frameset.php?startat=hacking_big
ABOUT THE AUTHOR
Jon Erickson has a formal education in computer science and speaks
frequently at computer security conferences around the world. He currently
works as a cryptologist and security specialist for Luminare Consulting.
ABOUT NO STARCH PRESS
Since 1994, No Starch Press has published unique books on computing, with a
focus on Open Source, security, hacking, web development, programming,
gaming, and alternative operating systems. Our titles have personality, our
authors are passionate, and our goal is to make computing accessible to
everyone.
For more information, or to request a review copy or schedule an interview
with the author, contact Leigh Sacks at leigh@nostarch.com or 415-863-9900
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
Date: Mon, 27 Oct 2003 16:54:52 CST
From: Tim Janik <timj@gtk.org>
Subject: ANNOUNCE: BEAST/BSE v0.5.5
BEAST/BSE version 0.5.5 is available for download at:
ftp://beast.gtk.org/pub/beast/v0.5
or
http://beast.gtk.org/beast-ftp/v0.5
BEAST (the Bedevilled Audio SysTem) is a graphical front-end to
BSE (the Bedevilled Sound Engine), a library for music composition,
audio synthesis, MIDI processing and sample manipulation.
The project is hosted at:
http://beast.gtk.org
This new development series of BEAST comes with a lot of
the internals redone, many new GUI features and a sound
generation back-end separated from all GUI activities.
The most outstanding new features are the demo song, the effect and
instrument management abilities, the track editor which allowes
for easy selection of synthesizers or samples as track sources, loop
support in songs and unlimited Undo/Redo capabilities.
Note, if you encounter problems with .bse files from previous BEAST
versions, this may indicate bugs at the compatibility layer.
A bug report accompanied by the problematic file can be send to the
mailing list and is likely to get you a fixed file in return.
Overview of Changes in BEAST/BSE 0.5.5:
* New (or ported) modules:
DavCanyonDelay - Canyon Echo by David A. Bartold
BseMidiInput - Monophonic MIDI Keyboard input module
BseBalance - Stereo panorama position module
ArtsCompressor - Mono and stereo compressor [Stefan Westerfeld]
* Added utility script to crop and duplicate parts [Stefan Westerfeld]
* Added "Party Monster" demo song [Stefan Westerfeld]
* Implemented ability to use sequencer as modulation source
* Added support for external MIDI events in song tracks
* Added .bse file playback facility to bsesh
* Added support for C++ Plugins
* Now installs bse-plugin-generator for simple creation of C++ Modules
* Added manual pages for installed executables
* Lots of small MIDI handling fixes
* Fixed MP3 loader
* Major GUI improvements
* Registered MIME types for .bse files, provided .desktop file
* Made search paths for various resources user configurable
* Added prototype support to IDL compiler [Stefan Westerfeld]
* Work around PTH poll() bug on NetBSD [Ben Collver, Tim Janik]
* Support NetBSD sound device names [Ben Collver]
* Added i18n infrastrukture for BEAST and BSE [Christian Neumair, Tim Janik]
* Added Azerbaijani translation [Metin Amiroff]
* Added Russian translation [Alexandre Prokoudine]
* Added Serbian translation [Danilo Segan]
* Added Swedish translation [Christian Rose]
* Added German translation [Christian Neumair]
* Added Czech translation [Miloslav Trmac]
* Added Dutch translation [Vincent van Adrighem]
* Lots of bug fixes
---
ciaoTJ
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: Linux-Announce-Request@NEWS-DIGESTS.MIT.EDU
You can submit announcements to be moderated via:
Internet: linux-announce@NEWS.ORNL.GOV
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Announce Digest
******************************