(The following book review appeared in Network World
magazine's May 25, 1998 issue.)
Network Administrator
Alert! So You Wanna Be A Hacker?
By Winn Schwartau
"How do you break into a computer?"
"How can I break into and write graffiti on a Web site?"
"How can I learn to be a hacker?"
Network administrators, security professionals, corporate
management, the Department of Defense - to name a few, are actively
attempting to defend their Internet connections, their Intranets,
their corporate assets and indeed their jobs against an increasingly
hostile Cyberspace. The neighborhood is clearly getting worse
by the minute.
And the media hasn't helped. Labeling everyone with access
to a keyboard and an attitude as a "hacker," the term
has developed incredibly pejorative connotations. "If he's
a hacker, he must be bad." "Oh, God! It's a hacker,
watch out." "Hackers are criminal by nature."
Well, thank you very much John Markoff et al, for rip-roaring
headlines that have forever misinformed America.
What is the best hack you've ever seen? (Think now, pause.
Stop reading, and really think before proceeding. What is the
best hack you've ever seen?) The answer is from the mega-hit
movie, Apollo XIII. Remember the scene at NASA, and a manager
spills a box of assorted parts onto a table and says to a group
of engineers: "This is all they have up there. Figure out
how to save their lives."
First of all, hackers are not bad. Criminals are bad. Criminal
hacking is bad. Hacking is not bad. And that is the recurring
theme in Carolyn Meinel's thoroughly enjoyable, highly entertaining
and educational new book, "The Happy Hacker: A Guide to
(Mostly) Harmless Hacking."
The Happy Hacker will answer hundreds of those unanswered
questions that network administrators have, like, "exactly
how do those %@*&#^ hackers break into my computers?"
Meinel provides dozens of step by step methods on exactly how
it's done; from telnet to port surfing to using a shell account.
In her folksy conversational manner (she's from New Mexico),
she starts off by teaching the reader how terribly insecure a
Windows95 box is, and walks us through a series of super-simple
way to hack right into your corporate network. Considering that
the vast majority of computer crimes and hacks occur from within
a company's network, these introductory parts of The Happy Hacker
are worth the price of the book alone. These are the weaknesses
that Microsoft will never tell you about, wishes would just go
away and provide one of the most compelling reason to ignore
Win95, forget about Win98 and rush right out and buy a copy of
the infinitely more secure NT.
Now, before you rant and rave about "Hackers writing
a book!", Meinel is a computer scientist, a mother of four,
and as she puts it "an old lady" who remembers her
forties. While she provides a whole slew of hacks that work,
especially on those machines "with poor defenses,"
there are no technical revelations of scurrilous Clinton-level
scandal. These are the basics of hacking, and after a read of
this highly worthwhile book, I realized that every security and
network administrator should have this on their shelf.
Far from encouraging teenage wannabes from hacking away at
your front door, the book is chock full of "You Can Get
Punched In the Nose, Fired and Busted Warnings" and "You
Can Go To Jail Warnings." Many of the tricks and techniques
throughout The Happy Hacker are clearly illegal, immoral and
unethical. The point that Meinel makes over and over is that
"hacking your own equipment is healthy and good. Hacking
a box or network with permission is good. Any other kind of hacking
will land you in jail."
The Happy Hacker has something for everyone. It is a moderately
technical book, with advice for the Newbie sprinkled throughout,
as well as offering Evil Genius Tips for the more advanced readers.
Her goals are admirable, even though she has been railed by
the hacker community and several legitimate publishers refused
to print her tome. She advocates the ethical use of technology,
legal hacking where the results are beneficial and conducted
with permission - and totally decries illegal activities of any
kind.
Her sections on spoofed email will be a God-send to the network
administrator trying to train staff in the details of how hackers
work their so-called magic. The dangers of open ports and shell-based
telnet are driven home in the clearly written section on How
To Map the Internet.
As Denial of Service attacks become more prevalent, Meinel
provides the basics of why and how they work, plus the hard facts
on what can and what cannot be done about them. She gives coherent
advice on how to protect yourself against spamming, email bombs
and other words of wisdom. Her participation in a number of hacker
wars has given Meinel an insider's look at the psyche and the
psychosis of the Undernet (Underground Internet), lamerz, d00dz,
wannabes, 3lit3 haxors and host of the techno-denizens you probably
don't want your daughter dating. (Most hackers are of the male
of the species.)
While the book needed a good editor, (typos, math errors from
time to time, inconsistent formatting; but what the heck: the
tiny publisher, American Eagle, also published the controversial
Virus Handbooks and similar works) my primary criticism is a
compliment. Meinel includes so many URLs for reference, in every
chapter, now I have to spend a lot time to organize them. I wish
she had put them all into a properly annotated on-line bibliography.
So, network admin folks, managers and bosses on high: if you've
ever wanted to know exactly how systems are broken into, this
is the book for you. It's easy going style and value-packed content
puts it on my Top 10 list of Essential Security reading List.
Buy
the Happy Hacker book now!
