404 Tech Support

The Book Seer is a very straight-forward web app that would be useful to anybody looking for recommendations as to what they should read next. When you visit the site, you see a gentleman in the background with a speech bubble over his head. The speech bubble has two blanks where you put the title and author of the last book you read as if the guy is saying it. Both title and author are required but once you’ve filled out the fields simply hit the arrow to get your recommendations.

Exploiting Online Games is the third book in series of titles by Greg Hoglund and Gary McGraw. Their two other books have previously been reviewed here at 404 Tech Support – Exploiting Software: How to Break Code and Rootkits: Subverting the Windows Kernel. These titles typically provide information for developers to take into consideration in their projects and for IT Professionals to use in their analysis of securing their environment. I am primarily reading these books for the latter reason and approach these reviews with that perspective.

Exploiting Online Games covers a variety of topics: the basics of online gaming and hacking, playing for profit, End User License Agreements, bugs in games, hacking game clients, bots, reverse engineering, modding, and security points for game developers. The basics explains some common terminology and clarifies the different types of online games including FPS (first-person shooters), MMORPGs (Massively Multiplayer Online Role Playing Games), and virtual worlds (like Second Life).

At over 1200 pages, the All-In-One CompTIA A+ Certification Exam Guide, 6th Ed by Mike Meyers, is quite the tome. I read it cover to cover in preparation for the A+ exam and just completed it.

For a little information on the CompTIA A+ certificate, it is a standard achievement proving basic competency with computer hardware and software. This should probably be the first certification you target in IT as other tests, like Network+ and Security+, build from it. The A+ certification involves two separate tests. The first test is the Essentials test, which everybody takes. The second test allows for more specification. There are IT Technician, IT Help Desk, and IT Depot Technician exams. Which one you choose depends on your career path and uses for the certification. I went with the IT Technician exam as it’s a good balance between the other two.

Exploiting Software – How to Break Code by Greg Hoglund and Gary McGraw is an earlier work by the same authors of the previously reviewed Rootkits. This one dives into the security risks for poorly coded software. Copyright 2004, the book provides lots of examples of exploitable code from wrongfully used functions and improper coding methods five years ago. Despite its age (5 years can be significant in the technology industry), the relevance is still just as potent for Exploiting Software.

The book contains chapters dedicated to:

1. Software–The Root of the Problem
2. Attack Patterns
3. Reverse Engineering and Program Understanding

Upon completing a class that used this book as a text book and studying through it  for the Network+ certification test, I’ve had a lengthy time with Sybex’s Network+ book to prepare for the N10-003 exam.

This book covers all of the topics of the Network+ exam, such as:

The OSI Model, TCP/IP Fundamentals, TCP/IP Utilities, Network Operating Systems, Wired and Wireless Networks, WAN and Remote Access Technologies, Network Access an Security, Fault Tolerance and Disaster Recovery, and Network Troubleshooting.

There are some good explanations of technologies that prove entertaining as well.

Name Resolution

Rootkits, authored by Greg Hoglund and James Butler, is a very technical reading for a very technical topic. Rootkits themselves (the technology) gained quite a bit of fame in 2005 when Sony was found to be embedding rootkit technology along with their CDs to prevent copying of music. This book goes well beyond the simple copyright protection and really delves into the attacker’s perspective: getting in and staying in without being detected. There are plenty of reasons why the corporate world should be afraid of rootkit technology, corporate espionage, record tampering, insider trading, and much more.

Managing Humans: Biting and Humorous Tales of a Software Engineering Manager is an interesting read from ‘Rands’, the author of the book and the blog Rands in Repose.

If you want to gain a perspective of what it’s like to be a manager in the software development industry, you should read this book. It could also provide valuable insight for current managers looking to improve. While neither being in the Software Development industry nor even a manager in the IT industry, I was able to appreciate this book for providing the perspective of somebody that was what I am not.