Network Security, some questions
I just got the book, Hacking The Art of Exploitation Second Edition, by Jon Erickson. I was wondering if anyone else here has that book, what they think of it? I am finding it very informative, my only problem is that the live cd does not want to boot, it keeps saying it can't find the config file. I sent a email to nostarchpress and they sent me a link to the torrent for the iso but it is still doing the same thing. I noticed that it is trying to boot into a old version of Ubuntu, version 3 or 4 I think. I have been trying to do the examples from Ubuntu (9.04) and I downloaded the source code from the publishers website. I am just getting different "results" than he is in the book. I only just started it, so I am only on the first example, but he says that you have eax, pcx, edx, ebx, esp, ebp, esi, and edi as the first eight pointers in the register but when I run the same command in ubuntu I get completely different names for those registers. I get rax, rbx, rcx, rdx, rsi, rdi, rbp, and rsp as my first eight. I can pretty safely guess that they are the same as what he is referencing in the book. Have any of you guys who have this book run into that same issue? Is what I am seeing in Ubuntu the normal way to see that stuff or is what is in the book the normal way? Anyway, I am trying to really learn how all this works and hopefully someday I can apply it in a job, yes trying to prevent hacking or security testing. I have no plans of using this information in a "harmful" way. I guess you could say I want to be a white hat, not a black hat :). What kind of got me really insterested is my professor apparently used to be a black hat a long time ago and he has really encouraged me to get into it.
I have tons of questions about it actually. I am taking classes and working in the IT deptartment at my school, and a lot of the guys I work with keep telling me that network security is increadibly hard. They keep saying that essentially one screwup and your out of the business forever. I kind of find that hard to believe. First, you probably almost never work alone on something like that, and there is no such thing as perfect security. it is staying on top of things and making sure that you constantly check and update your security to stay ahead of the game. Anyway, what are your guys opinions on that stuff too?