March 06, 2004 Rating: Odd, one of my reviews seems to have been removed. I suspect that this forum is vulnerable to various SQL injection techniques, and that terrorist-associates of ORA do not want the world to know about ORA's open support of their organizations. Political and social subversion techniques are most successful when the target population isn't able to Know Their Enemy(tm). Again I will stress that it is my duty as an American citizen to do all in my power to oppose this sort of thing. I'm certain that executives at ORA are also very patriotic and can appreciate the importance of upholding the Constitution of the United States of America, and as publishers appreciate such unalienable rights as the freedom of speech and the freedom of press. If this information I'm about to reveal makes it's way up to true executives of the company, perhaps something can be done to keep this cruft off the market. And perhaps restructure the company somewhat - establish guidelines about doing business with terrorists, protocols regarding full and proper background checks on authors to prevent this from happening again. And, perhaps hiring a true technical review team - aside from the morality issues involved with publishing this book, based on who the author is - the book lacks technical value of any sort, and is entirely useless to the reader. If ORA spent a few more dollars on hiring staff with a technical background, who could easily determine that this book has no technical merit, and that the author has no technical skill, it would have never made it this far into the publication process. I suppose that I can somewhat respect the capitalist mindset (sell as much of whatever as quickly as possible for as much as possible). However, O'Reilly is losing credibility in the eyes of the public now, for showing little integrity - both morally and technically. If anyone from ORA would like to engage in an intelligent discussion on the matters I have outlined above, please contact me at honeyd () bugtraq org. I feel strongly about this matter and would like to see something constructive come from it. I will continue to do all in my power to protest the very existance of this book. Perhaps it's time to fire interns like Kyle, who suggest "supporting terrorism is not what we're all about", instead of taking a more appropriate stance of "ORA will never support terrorism again", or denying such involvement. In the least, you should speak with me about the technical qualities this book doesn't have, before mass distribution, so you can make a real educated decision on whether or not it should be on the market. Although, the author's background with terrorists should be enough to keep you from pushing it out to the market. Thanks for all your considerations, and continued support of the First Amendment. Here is a copy of the original post of mine, that was censored via SQL and XSS based attacks on this website by unfriendly states: Hi Kyle - If the book has not "left the warehouse" yet, it might be in the best interest of your company to keep it there. Or even better, burn all copies of it before distribution. You should do some research into who this Chris character is. He has no technical skills whatsoever. Techniques discussed in the book are beyond outdated. Material is clearly stolen from iss_ethical_hacking.pdf, which isn't even good literature itself. Clearly no one at ORA is clued in the matters of computer security. If you were, you wouldn't list "The Definitive Guide To the Secure Shell" or whatever the fuck it's called as "related literature". This book of Chris' won't teach anyone anything useful - he's a clueless moron. The work-copies that were published in Phrack are not the only copies of the manuscript that are in circulation. The final PDF's he submitted to you have been "out" for quite some time. And you can make a statement about ORA not supporting terrorism, but you clearly don't understand - Chris was a part of a group that attempted to profit by selling DEPARTMENT OF DEFENSE documents to TERRORISTS for personal profit. People who deal with terrorists like that, are terrorists themselves - and should be executed by firing squad, and not writing about mid-90's "hacking techniques". Supporting them in any way makes you as awful of a person as they are. So stop trying to rationalize the actions, and do something useful. Get this trash off the market before it gets there. Why not comment on the sixty-seven times that I have personally hacked Chris' machines? And the countless times that others have? That's good material for your book on computer security. As an American citizen, I feel it's my civic duty to do all I can to keep this book from being distributed. You can either step up and be a man, Kyle, or keep with your Al-Quada sympathizing ways, and continue to allow your company to support terrorists. If I worked at a company, who didn't have a clear policy against dealing with terrorists, I think I'd quit right away. What the fuck kind of person are you? At least your company supports the freedom of speech and will leave these posts for everyone to read. I just wish you were a bit more American. Remember Kyle - patriots are people who don't settle. You know what you have to do. The Honey Daemon - The Honey Daemon honeyd () bugtraq org The Honey Daemon March 05, 2004 Rating: Sorry, wasn't as good as I thought it would be. Luke March 05, 2004 Rating: Considering the fact that this book has not yet left our warehouse, I'm suprised by the amount and vehemence of the criticism. I hope that when the book reaches a larger audience, we'll have an informed and spirited dialogue about its strengths and weaknesses. For the reviewer who last read the manuscript while it was still being written (I wont comment on the "hacking Chris's system" part), I hope you'll try again now that the book is finished, considering that significant changes are made in a book as it is developed. One more thing, I think most folks who are familiar with O'Reilly know that supporting terrorism is not what we're all about... Happy Friday. Kyle March 05, 2004 Rating: I forgot to mention - that in these post 9/11 days, that it is dispicable of a publisher to do business with known terrorists. Who at ORA is responsible for doing background checks on the authors? Fact: Chris Mcnab was a member of a group of computer terrorists, known as The Rhino Nine - an organization that attempted to sell materials stolen from the department of defense to terrorists. If you don't believe this, you need to search for the words "rhino9" and "terrorists" on the Google. Why ORA would do anything to help a terrorist advance himself financially, I'm not certain. However I am certain that I will never buy any ORA books again and that I will recommend that everyone follow my lead. ORA supports terrorism. Buying books from ORA is like crashing a 767 into a skyscraper. honeyd () bugtraq org March 05, 2004 Rating: Maybe if Chris McNab studied even rudimentary programming and vulnerability exploitation instead of merely trading tools with known script-kiddie criminals such as Gov-Boi and the Divine Intervention this book would be more than what it is - a modern equivelant of his Confidence Remains High ezine but without the intelligent articles submitted by others. As mentioned above in other reviews, Chris' home boxes have been hacked many many times by many many people and the MOTD banner from his personal machine "studio31337" was published by the same Phrack magazine as published an early copy of this book. This banner, taken from the box on which he traded exploit programs with known criminals such as famed Nasa.gov defacer //Storm// (now known as tsao) and plotted hacking and defrauding online casinos, contains uninformed references to non-functioning and indeed entirely fake exploits. Is Chris McNab (famed defacer of doe.gov, amnisty international, and perhaps greatest of all spiceworld.com) really the sort of person you wan't to learn network security from? Much better information written by much more intelligent and skilled indeviduals can be found freely on the internet. Don't waste your money here. TBM March 05, 2004 Rating: I found the book to be beyond disappointing. It reads like ISS' "Guide to Ethical Hacking", which is quite possibly one of the worst security-related documents ever compiled. Most of the book was blatantly plagerized from the ISS text, in fact. I first read the book several months ago, after hacking the author's home computers for the sixty-seventh time in my short career as a dot-slasher. We passed copies around in the computer underground known as the eris free for a while, mainly because my friends and I have nothing better to do than to make fun of boring stuff like this. Some of his book was published earlier, independantly - in a publication known as Phrack: The Hacker Quarterly. In the computer security world, people like Chris Mcnab are nothing but a joke. He works for spammers, and spammers are barely a step up from child pornographers. I recommend you do not buy this book. The techniques and ideas in it are outdated, and simple at best. You're better off performing some sort of self-genitilia-multilation rituals to actually learn anything relevant to computer security, than reading this collection of horseshit. Incidently, I liked the cover with the ninja a lot more. The Honey Daemon March 05, 2004 Rating: Wow. What a waste of money. I dont think I learned a single worthwhile tidbit throughout this whole book. I got it as a present, since I was studying for my CISSP, but this book only covered how to use tools. It is a book for people who wish to remain uninformed, yet still get away with doing security audits. My suggestion for the author is to learn the background behind these techniques more. Dont just use the tools without a clue. Jon Cruble