Lately I've been asked to take a look at the latest (by then ;-) Hagin9 issue and to share my thoughts on a blog. Well, I thought why not — after all it may save you guys some cash or maybe get you running to the nearest newsstand. Literally running, because it took me some time to get into this. But hey, you still have like four days to the end of the month...
OK. Before we start, the important thing is that you shouldn't treat all this as me telling you what's worth reading and what's not — I think it really depends on what you are into. Instead try to think of it as of a short and unbiased *cough* *cough* glance between the covers. Honestly, I have no idea if it'll work for you or not. So, if you care, just give me a shout.
And, as a final note before we get to the meat — unfortunately, this short review concerns the Polish edition of the magazine, so it's best if you actually read Polish.
Another thing is that author focuses chiefly on the MySQL and PHP pair and talks about the specifics of the both, which you may like or dislike depending on your own focus. If you like the subject and would like to take a closer look, feel free to check out one of these links (or better all of them).
When you're done introducing yourself to the idea of SQL Injections, you can read a wee bit about Flaws in VoIP. Authors focus on Asterisk and show some basic ways to play with the VoIP transmission. Nothing spectacular though. There are some minor inaccuracies regarding MD5 being broken, but if you like reading, well, why not...
Then there is a looong long article about host level intrusion detection. Author describes what trails get left by a successful, although not careful enough, attacker on a Unix-like system. He also describes ways of finding these trails and figuring out how a system got compromised and what has been done to it afterwards. The article seems to be a wee bit too long for what it gives you, but it may be just my impression.
The last article in the Attack section talks about XP's license key construction. To be honest I've learnt couple of funny things from it. There is some nice knowledge there, but it's pretty easy to get lost in all this. Maybe I haven't been paying enough attention, but I feel like I somehow missed some of the points. But anyway, again, if you are into windows internals, by all means, go for it.
The next article shows how the Opera anti-phishing contraption gets useless when user is exposed to a DNS Spoofing attack (or to any malware that can modify the hosts file, actually). Of course, the HTTP protocol is to be blamed for facilitating bad guys in making this anti-phishing check useless, but another important thing to remember is that if you happen to get infected with a malware that is able to do as much as alter your hosts file, you are in much more trouble than having your anti-phishing device go useless.
Finally, if you are wondering how to setup the Microsoft IIS with SSL support, well, the next article should help you figure it out. Not a rocket science, but if you like such things, it's there for you. Once, you're done with this, you may like to check out what certs are the best for information systems auditors (the CISA, CISM and others) and check out how it is to be a man of the law.
That's it. Now, if you have nothing better to do, please drop me a line and tell me if anything of this was of any use to you. Thanks!