• RRP: £39.99
  • You Save: £7.00 (18%)
FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Hacking Exposed Linux: Li... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Over 2 million items sold. Fast dispatch and delivery. Excellent Customer Feedback. Most items will be dispatched the same or the next working day.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Hacking Exposed Linux: Linux Security Secrets and Solutions Paperback – 1 Aug 2008

1.0 out of 5 stars 2 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£22.53 £16.14
Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£32.99 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

Frequently Bought Together

  • Hacking Exposed Linux: Linux Security Secrets and Solutions
  • +
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
  • +
  • Rtfm: Red Team Field Manual
Total price: £64.41
Buy the selected items together

Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 813 pages
  • Publisher: McGraw-Hill Education; 3 edition (1 Aug. 2008)
  • Language: English
  • ISBN-10: 0072262575
  • ISBN-13: 978-0072262575
  • Product Dimensions: 18.5 x 3.3 x 22.6 cm
  • Average Customer Review: 1.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 353,176 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

About the Author

ISECOM (the Institute for Security and Open Methodologies), (Barcelona, Spain & New York, NY) is an open, collaborative, security research community established in January 2001. In order to fulfill its mission focus to apply critical thinking and scientific methodology to all facets of security, ISECOM is chartered as a commercial-free and non-partisan organization. The ISECOM Board of Directors reflects many countries representing thousands of members and volunteers from around the world. In a world of increasing commercial and industrial misrepresentation of security, ISECOM enables logical and rational decision-making in all aspects of security, integrity, privacy, and safety.

Customer Reviews

1.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See both customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
Should not be a Hacking Exposed book.

I would recommend the following book instead to anyone looking to learn how to hack a Linux system: Hacking Exposed Linux, 2nd Edition: Linux Security Secrets and Solutions (Hacking Exposed)

If you are a sys admin looking to secure a Linux system then this is certainly a book that deserves a slot on your bookshelf as it contains cutting edge information on how to keep a Linux system secure (as you would expect from ISECOM) and it will be extremely useful to you in this respect, but buy the earlier version if you are looking to learn how to hack Linux, as you will not learn any hacking methods from this book whatsoever. To be fair, the back cover does say you will learn about securing Linux and makes no mention of covering hacking topics.

My gripe is that it should not be sold under the Hacking Exposed brand name.
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This has the wrong title I think, its basically what to do to prevent getting hacked, what configuration settings to apply and a lot of niche stuff you wouldn't really see much in the wild unless you have a spectrum analyser and you are going after a big corporate with very local access i.e.tempest issues. Hardly anything on tools as you get in normal hacking exposed books, very poor especially with the quality of the authors who have contributed, alot of old stuff i.e. telnet, finger, rhosts et al are still being used and these should be referenced as they are still stalwarts for getting access to a network, I think this book is coming from the wrong angle totally from every other one in the series I have read. There are a few new bits in there i.e. a little bit on web apps but these are generally glossed over. I am pleased I pre-ordered in feb and got this book for £15 but I'm not sure its worth that, alot of better books out there.
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x8a3884c8) out of 5 stars 10 reviews
41 of 44 people found the following review helpful
HASH(0x8a3b9cf0) out of 5 stars Messy and mediocre Linux security book 24 Sept. 2008
By Henrik Lund Kramshøj - Published on Amazon.com
Format: Paperback
I will probably take a lot of heat for this, so let me start by putting on my asbestos suit.

To quote the beginning of this book, page About the authors:
This book was written by multiple authors, reviewers, and editors - too many to all be listed here - who collaborated to create the best Linux hacking book they could.

The best Linux hacking book! Wow I will probably like this book, having already read and used the OSSTMM from ISECOM before.

Then I got very excited reading the praise of the book from Jake Kouns on the front cover, reading praise by Clement Dupuis on the back cover book and browsing the Table of Contents. This book is going to be so much fun reviewing and will probably have me recommending it for future training and courses about Unix/Linux security.

The reason I start saying Unix/Linux, and will soon only say Unix - is that this book tries to cover more than just Linux. Examples include appendices with information about BSD security, listing FreeBSD, NetBSD and OpenBSD information, and also including references to other Unix systems in the book.

I will also use the term Unix, because lets face it there is a lot in common between Unix systems, from Linux to Mac OS X - as anyone will know from reading a real Unix Security book like Practical Unix and Internet Security from O'Reilly - THE BOOK about Unix security.

I was very disappointed, and I have to be true to the wording - the best Linux hacking book. This book is not about hacking Linux, it is more about hacking WITH Linux. Will all respect for the authors I will try to explain why this review is not outright positive.

Let me start by get some problems sorted out immediately.

It is not a problem that this book is written by multiple authors, there seems to be more or less the same writing proficiency - quite good writing actually.

It is not a problem that this book includes relevant security information. This information could alert the reader to different attack vectors or enhance the experience while reading the book. Great to have a setting and presenting the reasons why we should secure our infrastructures based on Unix.
What is a problem then

The problem is that this book is really about general information security. Having just taught a week of CISSP CBK I recognize a lot from this book, and there is a lot of good advice in this book. I am also teaching a lot of penetration testing USING Linux for doing hacking, so I can recognize a lot of good stuff about hacking WITH Linux and Linux programs.

It is a problem that this book use a lot of prose to explain that some things are important, and when they should get down to doing the actual work they reference How To documents or existing projects doing the actual stuff.

Let me give a few examples.
BIOS password security is vital for Linux, and disk encryption - go read a howto

Chapter 4 includes about 4 pages about BIOS passwords and how to circumvent these. Then a single page is presented with the title Whole Disk or Partition Encryption, which is supported by two half page screenshots and links to existing howtos and mentioning that you can use tools like Truecrypt and BestCrypt. Great stuff, really taught me how to use that! BTW the link for the howto is: [...]

Another example.
Unconventional Data Attack Vectors - does X.25 still matters?

Chapter 6 includes a very nice treatment of wardialing and accessing modems using programs that run on Unix. This is related to Unix, but actually not specific to hacking Unix. Then we have more than 25 pages of X.25 - an old technology. The author proclaims early in the chapter that X.25 is being used, but other pages on the internet say that use is in "dramatic decline".

Since I have actually used X.25 I feel compelled to say that this technology IS dead, like SNA it requires bad configuration magic and a lot of voodoo to get a basic connection, and I would not even dream of trying to do scanning using this technology. Further I am told in this chapter that of four tools, only two of these can be downloaded - the rest are PRIVATE! Yeah great, that will help me a lot.

One tool listed is by the guy writing this chapter, Marco Ivaldi and I am sure the tool is great, the writing is great - but I don't believe that a reader searching for the best Linux hacking book really appreciates 8,5 pages of country calling codes in a book containing only about 500 pages. (Amazon list this book as having 800 pages, but from 530 til 591 are appendices, and index stop on page number 613.)

Yet another example
OpenSSH is vital, but why have options listed all over the book?

A thorough description of the OpenSSH configuration is a subject that most Unix people need. Only a few options are listed, and actually placed in different places of the book, some listed on page 535 in Appendix A: Management and Maintenance and others listed on page 576 in Appendix C: BSD. And ohhh if you need privilege seperation it is on page 78, during chroot description. To be fair, the index does list two of these - but why under SSH and not OpenSSH.

OpenSSH is vital to the security of your Linux or Unix system. There is no doubt that the best Hacking Linux book should cover this in more detail. I actually also noticed a very common error, specifying that PasswordAuthentication is the option to disallow password loging at all is wrong. To turn off password login you need to have both of these options.

PasswordAuthentication no
ChallengeResponseAuthentication no

and what about PAM! Pluggable Authentication Modules are used on Linux, and some Unix systems, and is vital to the security of your system. This subject is not in any way described in a proper way that would allow a reader to secure a Unix system. Neither are a lot of other Unix related technologies described, even though they are found and used in real life environments with Unix. To be the best you will have to at least describe the common attack vectors like NFS attacks, FTP attacks and more in some detail.

These examples unfortunately got a bit long, so to get back on track. This book does not present Unix security efficiently, so perhaps ISECOM and me do not agree what a hacking Linux book is?
What is a Hacking Linux book

I would assume the book would use tools to hack into Linux and show the options I could change to prevent these. This is what I have come to expect from reading books in the Hacking Exposed series like Hacking Exposed: Network Security Secrets Solutions. Listing attacks, tools and countermeasures basically.

If the authors wish to push a testing methodology while doing so, go ahead! You have a great testing methodology the ISECOM OSSTMM and you have the skills from the authors. Unfortunately you have failed to provide that along with the Hacking Exposed feeling and I consider the outcome messy and mediocre.

Messy because the goal of the chapters become unclear and mediocre because more specialized books already talk about hacking using the tools presented.

Having other books in the Hacking Exposed giving tools for breaking INTO the system and how to protect, while this book is about USING Unix to break into - anything. Having a wardriving program running on Unix will find modems, no matter if they are connected to Unix or Windows.

To summarize, the things that work for this book are:

* It treats information security nicely in some parts and will give you some overview from physical security through some parts that may be relevant. The information is for the most part not specific to Unix systems nor Linux systems and certainly not targeted even at a specific Linux distribution. The BSD parts listed in the appendices are actually more focused on specific features available than the rest of the book.
* The chapters and parts about Analysis of C code, wardialing, wireless security, Voice over IP and others do actually work. The chapter about Voice over IP is dense with information and the chapter about wireless presents nicely detailed information with nice balance between attack, tools and defense.

Things that do not work are:

* Having a 40 page introduction before getting to anything Unix specific is not working, other Hacking Exposed book dive right into technical stuff.
* Listing the reasons to have protection, but not explaining HOW TO secure the Linux server, pointing to existing howto documents that the reader must fetch to be able to do anything usefull is not right.
* The organization with real good vital information in appendices, do not work. The meat of a book is part of the chapters and appendices are supplemental information, period.
* The index does not work. You can look up SSL or TLS, both are not explained, but you are directed to page 399 - which do not explain those as Secure Sockets Layer and Transport Layer Security. During the writing of my review I was unable to locate a reference to these protocols in the book, but there SHOULD be one in the book.
* Having a mail services chapter without listing a comparison of some popular mailservers for Unix is not working. You may only be running Sendmail but the mail servers like Postfix, Qmail, Exim has a lot of users and warrant a fair treatment. Actually I would go as far as arguing that a high percentage of security consultants would be happy to put Sendmail to sleep and never recommend it for new installations.
* X.25 - is this really needed today - spending 25 pages listing arcane stuff that 99% of the readers won't be able to use because the programmers have not disclosed the tools?

... lets stop now, the authors did explain good stuff, it is just not enough focused on Unix and/or Linux.
Target audience

I actually don't really know who this book is aimed at. The level of detail is certainly not enough for advanced users and beginners in Linux security will be confused.

If you need a book about running tools to analyze C code, test VoIP or wireless security on Linux and using Linux, this book might have good information.

On the other hand if you are looking for a book because you have the task of securing Linux systems this book will not help you much. This fails the book from my viewpoint and only earns an overall grade of messy and mediocre, even though there are some parts that contain good information in this book.

If you need to know more about the OSSTMM and applying the methodology to actual attacks, you might get some information - but in all fairness reading the actual OSSTMM and articles are the source.
8 of 9 people found the following review helpful
HASH(0x8a3bb060) out of 5 stars Not about hacking Linux 15 July 2010
By Josh Stone - Published on Amazon.com
Format: Paperback
When I was reading this book, I kept waiting for the topic to be Linux. The book starts with OSSTMM material. You can tell the OSSTMM folks have become too abstract to be concerned with the work-a-day security industry. This is not what I (or, I'm sure, anyone) will expect from a Hacking Exposed book. Imagine a book of definitions, but no examples; references to techniques, but no tools.

The book features large tracts of discussion about OSSTMM, PSTN, ISDN, X.25, VOIP, Wireless (in general, not really Linux), RFID, web-apps (shouldn't that be its own book?), and C code static analysis. There's a whole chapter on hacking the users, without any real discussion of brute force attacks or tools you'd use to hack a Linux system. I was very disappointed.

Where is discussion of kernel- and user-space? Where are hardware abstraction layer boundaries? What about exploiting stacks and heaps in Linux? What are the security implications of Linux dynamic libraries? What about hacking OpenSSH, Apache, Samba, X11, NFS, Kerberos, NIS and other common Linux services?

If you're looking for hands-on Linux exploitation techniques, look elsewhere.
7 of 8 people found the following review helpful
HASH(0x8a2c1408) out of 5 stars 1st and 2nd editions better 11 Nov. 2009
By paul kaiser - Published on Amazon.com
Format: Paperback Verified Purchase
hacking linux exposed 3rd edition is a complete rewrite and (in my opinion) loses the power of the previous editions.

the first two editions have numerous examples of exploits followed by appropriate strategies for defending against them. the current edition is jargon and alphabet soup found within the field of security. about the only redeeming feature of the latest edition is a concise summary of security software for linux found in the appendix.

i teach linux security (usually in the spring) and i know how difficult it is keep current with examples of exploits. what i demonstrate one year is unavailable the next! however, the red books really attempted to demonstrate the various vulnerabilities the blue book is generality and vocabulary.
3 of 3 people found the following review helpful
HASH(0x8a3bb48c) out of 5 stars Good book, but little news 13 Dec. 2008
By Lene Jensen - Published on Amazon.com
Format: Paperback Verified Purchase
I had this on preorder, so I got it the moment it came out. If you are new to Linux security, this book is excellent. It talks about all the things you need to be aware of, and how to protect your systems. I would most definitely recommend it. Unfortunately for me, I knew most of this already. It did have some tidbits I liked, and the security recommendations are most definitely sound. I give it 4 stars, because I had expected more about hacking and less about securing.
10 of 14 people found the following review helpful
HASH(0x8a3bb858) out of 5 stars First time not disappointed 7 Aug. 2008
By Peter Klee - Published on Amazon.com
Format: Paperback
This is the first time that I'm not disappointed at all after buying a new edition of a Hacking Exposed book. Yes, it is not a rehash of the 2nd edition. What's wrong about that? Combining the concepts of OSSTMM and Hacking Exposed was a wonderful idea. It's an excellent starting point for both students and professionals. I wish we would see more innovation like this on the security book market.
Were these reviews helpful? Let us know