The term “hacking” has come a long way from it’s late-1950’s origins (and even that was a relatively new usage then), and today it seems to have taken on generally negative connotations, which the author digs into briefly in the introduction; From then on, the language politics are left aside as the reader through an introduction to C programming while showing how the C code runs at a lower level.

Coding is done in C using the included boot-able Linux CD that allows you to run Linux without having to install it. Included on the CD is the Linux OS, the code from the book and various tools- in short, you should be able to pop in the CD and follow along with the book.

Let’s be clear, that’s lots of C code, I haven’t seen this much C code in since the early 1990; But that’s seems to be necessary, this being a programming book that goes deep into how code really runs. You learn how to write a simple program, then disassemble it into assembly and debug it was the gdb (GNU Project Debugger), the goal here is to learn how things go on behind the code, how lines of C become lines of assembly and how those are stored in the basic building blocks of the computer – it’s here that things become possible that are not evident when looking at printfs and for-loops.

The lessons from the first chapter are applied in Exploitation as the reader learns how small flaws in the code can open up holes where an attacker can invade. Worth reading to are the antidotes about how various bugs create the holes in the first place. A good example is the IIS/Unicode exploit (p.117) where additional functionality added to the popular web-server has opened up holes in a previously secure system.

When I received this book. I turned to the chapter on networking first, and found it to be quite an in-depth low-level look at how systems network. Like the previous chapters, this two delves into a lot of how holes appear in systems, for someone curious about how this is done, there’s lots to digest, even if you’re not of a technical bent. Like the Exploitation chapter, this builds on Networking, showing how an attacker’s code is uploaded into a system. Related topics include hiding the attack though altering logs, avoiding crashing the system. Likewise, Countermeasures looks at how to detect and attack and ways to avoid it. Finally Cryptology coves some of the theory of how information can be encrypted and various attacks.

Even to the non-technical reader, there is a lot of discussion on the kinds of things that can go wrong with software, the overlooked bits that can be used in new ways (who would think a printer could be used to spoof an TCP/IP packets?, why would someone want to do this). If there ever was a time for the saying, “in the details” this is it, the details of what is possible is fascinating. Of particular interest might be the good description of the various network attacks, interesting how old vulnerabilities show up in new protocols (e.g. ‘ping of death’ makes a comeback in early Bluetooth implementations).

So, to sum up, this book is one of those that lives up to its title: yes, it shows you how to take advantage of sloppy or careless programming, but it’s also an ‘Art’, as far as learning how things fit together, as the author says at one point, a lot of the work is not being able to break somethings, it’s being able to take something apart, modify it and then put it back together.