Hacking doesn't necessarily carry with it a negative connotation. It is a common misconception to see "hackers" as the Wargames Kid. A true hacker is one who strives to hone his skill as a programmer / systems administrator. The direction in which he applies his hacks has no bearing on the fact that a hacker is a hacker, for good, bad, or indifference.

Hacker, Hack, Hacking, etc. is a connotation-neutral word.

If the book in question (whos exact name you didn't give, and whos actual publisher you didn't list) is truely a cookbook for systems cracking, it might be seen as irresponsible that it's been published (though I kind of disagree). But I don't think that you (nor I) have read the book, and therefore aren't qualified to comment on its content. One observation that can be made, however, is that even if it is a recipe book for system cracks, most of that info is already publically accessible from CERN, linux/unix security alert mailing lists, Microsoft security alert lists, etc. The information is publically available from responsible, legitimate sources.

As for the copyright dating issue, remember, in the world of periodical magazines, you always receive the July issue in June, the June issue in May, etc. Automobile manufacturers release their 2004 model cars in fall 2003.

...Yes, I know I left out some information

Based on the pros and cons you posted, this looks like the review you are looking at. This review of a book called "Hacking - The Art of Exploitation" is a word for word match with your quote.

First of all, it is not an O'Reilly book, it is published by NoStarch Press. Second, I don't think we should condemn O'Reilly for offering this book for sale. I searched their website for both the book and the author, and yes they are selling it - but your local bookstore might just carry it, or maybe something more malicious.

Anyway, this book isn't related to their "Hacking" series - which isn't about breaking into computers and networks, it's about taking something to its limits - Google Hacking means using Google to the fullest extent, for example.

I can't speak for the post-copyright accusation, but based on the facts above I think this rant needs to be retracted.

B

thanks bmann

mmm.. love that selective quoting Wassercrats, here are the bits you decided not to include...

Description

• If you have read Hacking Exposed or Counter Hack- this is the next book you should check out
• Detailed coverage of string vulnerabilities, stack overflows, heap overflows, and more
• Shows you how to analyze these vulnerabilities and create your own exploit code
• A must-have book for vulnerability and penetration testing- clear, concise and informative

Guide Review - Book Review: Hacking- The Art of Exploitation

People often talk about whether the hacker technique genre of books such as Hacking Exposed, Hack Attacks Revealed or Counter Hack actually do more to teach the next generation of hackers and crackers than they do to help educate people about security. Those books don't go to nearly the depth that Hacking: The Art of Exploitation does.

Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.

Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.

Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.

This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.

you're into politics, eh.. never would have guessed..

cheers,

J

First of all, it is not an O'Reilly book, it is published by NoStarch Press.

Not that I agree with the OP at all. As I matter of fact, I think it's very much a Hanlon's Razor sort of thing.

Back to the NoStarch Press thing - they do have some type of major business relationship with OReilly. From nostarch:

Beginning January 1st, 2004 our US distributor is O'Reilly & Associates (www.oreilly.com). O'Reilly represents No Starch Press books to all major wholesalers (Ingram, Baker & Taylor, Bookazine, Koen, etc.), national chains and independents, online booksellers, and academic and technical bookstores, as well as directly to consumers through direct marketing and trade shows.

-derby

First they disobey copyright regulations

post-copyright one of their books

they are selling a hacking book

What's your point?

Abigail

Hm. You make a completely non-backed up accusation of fairly minor violations to the copyright statement, and attack them for /gasp/ publishing content. I'm downvoting you.

-- Wildly inaccurate accusations and nothing to do with Perl.

Wassercrats, wtf? Did you actually read the entire text of the copyright basics page when you first complained about O'Reilly? Copyright notices are optional. They may appear at the discretion of the copyright holder. Furthermore, the copyright is usually held for the duration of the author's life plus an additional 70 years unless the work was done for hire which would make the copyright good for 95 years from publication or 120 years from creation, whichever is shorter. Also, there was a sentence right before the text that you cut and pasted that was very important. It said:

The notice for visually perceptible copies should contain all the following three elements: (Emphasis mine)

Do you understand the difference between using the word should and using the word must? Where's the problem? What are you bitching about? That you won't be able to distribute copies of the book without someone suing you for 95 years instead of 94 years? Write a note for your grandchildren.

And now on to this business about the hacking book. Have you ever heard the saying "Don't judge a book by its cover"?

they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

This rant about the hacking book is hilarious. You see the words "hacking", "exploit", and "vulnerabilities" and you start running around with your tinfoil hat suitably adjusted and start warning all the locals that a great evil is contained in a book you've never read. Software vulnerabilities are very real. Knowing how to find vulnerabilities and testing their severity is a very valuable skill to possess. This book seems to cover some of these topics. I believe I may have to check it out.

First they disobey copyright regulations and post-copyright one of their books (at least), which will make it appear less out of date in the future (fraud),

You miss several points:

• It takes time to print and ship a book, much less produce, edit, and write it.
• Copyrights expire at the end of a year, as far as they can be said to expire at all.
• Copyrights start at the point of creation of a work.
• The date in a copyright notice in a book is just a notice. Copyright protection starts from the origination of a copyrightable work, though it can be registered formally with the copyright office.
• I have heard copyright lawyers make the argument that a book published on December 31, 2003 would not receive a full year's copyright protection because of the end of year cutoff, so there is a year's variance in publication dates for book. I have not been able to confirm this in twenty minutes of digging in the U.S. code, nor would I take legal advice from the Internet.
• O'Reilly uses Founder's Copyright anyway.

I see in their latest catalog that they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

Spidering Hacks could be used to develop programs that harvest e-mail addresses, perform DDoS attacks, mirror sites without permission, forge information, crack authentication schemes, and other nasty things.

Then again, if you try to make it impossible for bad guys to do bad things, you'll likely only prevent the good guys from doing clever things.

Just for completeness and just so I can one day say hey, I took part in that "discussion"!:

'hack' ne 'crack'

You are disparaging what is certianly the most popular publisher in the Free Software world, and which became that way by offering a consistantly solid line of books. Any call as extreme as a boycott should be backed up by a solid argument.

O'Reilly has made mistakes. Their clustering book was a disaster (I've heard rumors that the editor that approved it for publishing was fired for it). In all, though, they can be forgiven because of their use as an overwellmingly useful source of technical information.

I clicked on this node with the view twards giving the information presented a fair, objective opinion. However, the arguments you present do nothing to presuade me.

On "Hacking" books: if a bunch of script kiddies actually buy it, good. At this point, getting those kids to read any book is probably a good thing. In any case, I doubt the kiddies would spend money on such a book when free Internet resources will suffice for their purposes. They don't really want to learn about computers, just cause damage with them (no more, really, than the inner-city graffiti artist cares about the details of the paint they use). So this book is really more than they're looking for, and they don't want to waste time or money on information they don't want.

What it is useful for is security researchers and people who truely want to learn. Two sets of people, often overlapping, that should be encouraged in their endeavors.

On copyright problems: try finding a publisher (technical or not) that doesn't post-copyright some of their books. It's usually books published twards the end of the year, and the copyright date is given for the next year. This practice is so widespread in the industry that if you were to boycott every publisher that did it, you could hardly buy any books at all. Yes, it's illegal and a little deceiving, but is largely ignored.

Remember the Masked Magician? He did a series of specials on television in which he exposed a good many magical acts, demonstrating exactly how they worked. The reason he did, he said, was to force magicians to create new tricks.

My point is that this is an analogous situation but not aimed at crackers. The book is, IMO, trying to force those responsible for system security to create new tchniques to thwarth crackers.

At any rate, Crackers don't use books from what I have heard. They go online, talk to others and download scripts if they are beginners. They don't need no steenking books. I, on the other hand, intend to get a copy as soon as I can. The information will be useful to lessen the number of mistakes I make. Any book that does that is a valuable commodity as far as I am concerned.

Wassercrats, I appreciate you bringing this subject up. Now I know it is a book worth buying and where to get it.

xenchu

In short, a hacker is just a programmer.. *Cracker*s on the other hand, are people who break into things..

C.

Assuming you're against it because you're of the opinion that 'hacker' means 'bad guy', try reading up on the subject .. (yeah, all links from ESR, such is life).

Blech. That's not how natural languages work. Words don't get defined and then never change meaning. New words are created every day. Words fall in disuse all the time. Words change meaning, or get a new meaning next to the old one. Dictionaries describe current and historic usage - they follow the evolution of a language, they don't lead the way.

For many people "hacker" means "bad guy". Regardless how much ESR writes, that means that (the|a) meaning of "hacker" is what "cracker" means as well.

Abigail

The fact that I'm grateful to O'Reilly for publishing a terrific catalogue of books has nothing to do with the fact that you've written a poorly documented node on a non-Perl issue. I therfore downvoted your original node.

In addition, I think you're missing the point here: in the open source world that we now live in, publicizing these kind of exploits will let the 'white hats' test their own systems and do something about making them more resistant to attacks from the 'black hats'.

In future, I recommend more research and fewer accusations. I hear that in Texas they have a saying, Be sure that your words are soft and sweet in case you have to eat them some day. Wise words.

I don't care that you don't like the book or what it stands for - I just wish you had read it before denouncing it...

most of the cries ever heard to "burn the books" were from people who had never even read them.

I've read some O'Reilly books which I think should be burned. ;-). Of course, that has all to do with the quality (or rather the absense of quality).

Abigail

But I fear that at any rate you would only burn your own copy - so much for the Revolution...

<peeve type = "pet">

ever heard of the 1st Amendment? O'Reilly is US;

Yes, what about it? The first amendment is waved like a magic wand all the time, most of the time unappropriately. Let me quote it for all those non-US people (all US people do know the text, don't they? (cynical laughter)).

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Pay attention to the first word. Is it involved here? Nope. Can we then wave with the first amendment? Sure, but it doesn't have any more effect than waving some blank papers, all it does is making a small breeze.
</peeve>

why even think of boycotting a company that publishes some of the finest tomes on programming and related topics in the world, first class stuff.

Eh, this was about boycotting O'Reilly. Not companies that publish the finest tomes on programming. ;-)

Abigail

Okay, okay Abigail-II and hardburn. My bad-- I also normally cringe when people trot out the 1st admendment. Just like when I hear the words," separation of church and state" which is not in the Constitution, period. So your points are well-taken, my points: O'Reilly can do what they want and when you have that large of a body of work, leave 'em alone.

Big question: I wonder if the W3 is gonna support the new tag <peeve.... Abigail-II continues to amaze...she closed the tag.

—Brad
"A little yeast leavens the whole dough."

ever heard of the 1st Amendment?

Adding to what Abigail-II said, the 1st Amendment only applies to the government. Individuals have the right to choose to stop buying from a company for any reason they want, and have a right to pursuade others to do so (which is also protected under the 1st Amendment). As it happens, the rest of us have a right to think Wassercrats is a kook and likewise pursuade others to do so.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

Individuals have the right to choose to stop buying from a company for any reason they want

According to a quick reading of some stuff here:http://www.bxa.doc.gov/antiboycottcompliance/oacrequirements.html there is legislation penalizing US citizens or corporations for participating in unsanctioned (by Uncle Sam) boycotts led by foreign governments and requiring reporting to the US of requests to honor such a boycott.

Scary stuff.

Wassercrats, I know you're very busy trying to respond to all of the other replies to your OP so I'll try to be brief.

You have a strong conviction that what O'Reilly is doing is immoral and a disservice to society. You believe that you are providing society with a service by bringing to to the attention of others. For this, I applaud and thank you. You seem to have an unquestioning stance on your belief and for that I admire you. We've attempted to provide well-reasoned replies to your posts, some more confrontational than others, and you've rejected all of them. After reading your last reply, I'm rather certain of this. I must now ask you: can we agree to disagree? =)

To my fellow monks, Wassercrats's beliefs are deeply rooted. All of the replies thus far have produced no change in his position. Please consider that before responding to any other replies in this thread. Wassercrats seems to be on a destructive path with the only victims being his XP and his reputation here at the monastery. Have pity on him and let what you see as self-evident to come to him as he continues to learn. With regard to your voting practices in the future, please don't get into the habit of reputation-voting Wassercrats. As with anyone, read what he says and allow the merit of the content to determine the way you vote.

Update: Ugh, that was pretty cheesy. That's the last time I post anything after being deprived of that much sleep. Anonymonk, thanks =)

Wow, completely content free AND takes up a great deal of room.

Congrats, that's an excellent way to point out the problems in the Perlmonks moderation system.

This post is Pathetic.

It shows a complete ignorance of everything from scientific history to computer security to the open software you claim to support.

After you display this ignorance you proceed to bash one of the best, if not the best, companies out there that supports an open, educational process.

Do a little research next time before you post such garbage. You can start here, here, here, and here

I think most of my thoughts have been well voiced by others.. espcecially Abigail-II ( You go g.. You go! ). For some of us hacking was what got us into this hobby/career.. Yeah I downvoted you, wish I could have done it more than once. At least the negative value of this node is entertaining. If it weren't for that it'd just be an embarrasment.

Please Boycott Amazon

You seem to be arguing that we should equate "illegal" with "immoral." I am saddened.

Be well.

If you can't hack it, you can't secure it. We have this expression in the Dutch language: the worst poachers become the best foresters. I'm making my living now with securing networks, all knowledge I would have learned if I wouldn't have found anything on the 'net. Actually, I own zero books on Unix, Posix or system administration, and didn't pay for any of my software, so I'm very grateful for whatever knowledge is shared online.

Besides, the cat is out of the bag a long time already; look for phrack on your search engine of choice - excellent learning resource.