The Mac Hacker's Handbook by Charlie Miller
As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defences, what attacks are, and how to best handle those weaknesses.
User Review
The Mac Hacker's Handbook covers a lot of useful technical topics surrounding vulnerability analysis and exploit development for Mac OS X. That said, it doesn't so much teach you directly, as guide your learning. For example, it introduces the use of D Trace on OS X for dynamic analysis. It makes a very good case for D Trace's usefulness in reverse engineering, and for you to go out on your own and learn about it. Its D Trace examples aren't really free standing and require some background that you must get yourself. If the book were to give you the necessary background on every topic it introduces, it would be an enormous tome, and the authors probably would still be writing it.
The Mac Hacker's Handbook is the best reference for Mac-specific attack information that I have found. At 368 pages, it may appear small compared to the typical 750+ page security tome. That's because the authors have done a near-perfect job of sticking to the topic at hand, the Mac. The authors do not succumb to the usual temptation to try and teach assembly language or reverse engineering. Rather, they do an excellent job touching on those topics in an OS X context, and assume the reader has a little background in that area already, or can otherwise keep up. I have done some limited research into the areas of Mac malware and process injection in the past. This book has done a fantastic job of filling in many holes in my knowledge that I hadn't been able to take care of before. Plus, it introduced me to a number of Mac-specific security features I wasn't aware of before. Highly recommended for anyone interested in Mac security.
About the Author
CharlIe Millerwon the second CanSecWest Pwn2Own contest in 2008 and was named one of the Top 10 Computer Hackers of 2008 by Popular Mechanics. Dino Dai Zovi won the first CanSecWest Pwn2Own contest in 2007 and was named one of the 15 Most Influential People in Security by eWEEK.
0 comments:
Post a Comment