[I wrote this review but decided not to circulate it. Instead, I wrote a
 second review and posted that to a few mail lists.]

The Happy Hacker: A Guide to (Mostly) Harmless Computer Hacking
Carolyn P. Meinel
American Eagle Publications, Inc

Technical Editors: John D. Robinson, Roger A. Prata, Daniel Gilkerson
                   Damian bates, Mark Schmitz, Troy Larsen
Text copyright 1998 by Carolyn P. Meinel
Cover artwork copyright 1998 by Neil Carlin


Rather than write a review based on my opinion of the book, I decided
to take a slightly different approach to it. Here are some quotes
about various topics from the book. In some cases I have paired them
with quotes on the same topic to show the contrast. Read her own words
and decide for yourself if the book is worth it. These are just a few
things that stood out as I skimmed the book.



pg 15: "So don't assume that everything you learn in Win95 is just
        a baby version of WinNT. NT is also much harder to break into."

        From a PRN article about the HH book: "forget about Win98
        and rush right out and buy a copy of the infinitely more
        secure NT."

        Companies like Shake Communications have over 120 NT Bugs
        in their databases. Mail lists dedicated to NT Security
        get up to 10x the traffic of security problems than equivilent
        unix lists.

pg 240: "In early 1997 the readers of Bugtraq begin to discover huge numbers
         of flaws in the Windows NT operating system."

pg 25: "Windows is way too vulnerable to simple hacks."


pg 19: "Learn how to do DOS and you are master of the Windows NT

pg 16: "MS-DOS stands for Microsoft Disk Operating System, an ancient
        operating system dating from 1981."

pg 23: "Whoever controls the registry of a Win95 or WinNT box
        controls that computer - totally."

pg 21: "But using other people's programs to do things seemingly by
        magic isn't the hacker way, right?"

        pg 9: "is to go to http://www.windows95.com/apps/ and download
               some of their programs..."

        pg 12: "One download site for this goodie is:

        pg 13: "You can find it at ftp://ftp.zdnet.com/pcmag/1998/0325/..."

        pg 19: "..but a free program you may download from
                http://www.ntinternals.com allows..."

        pg 21: "which you can download from http://www.koasp.com..."

pg 27: If your friend's Win95 box is "a really big mess":
        "..use your Win95 boot disk to bring his computer back to life.
        Reinstall Windows95."

pg 14: "If you absolutely, certainly must be able to get back your
        Windows graphics...here is your absolute desperate final solution.
        Just reinstall Win95...."


pg 10: "YOU CAN GET PUNCHED IN THE NOSE WARNING: If you want to use
        someone else's graphics, it is a good idea to ask permission
        instead of just taking them. You may also be violating copyright

        Compare: cover of book, figure directly behind lady sitting
                 down, to the right.

        Compare with: www.dis.org/defcon_iv/DEFCON1/defco008.jpg

       The image 'defco008.jpg' is copyrighted.

winner quotes

pg 30: "When you get the kind of online connection that allows you to see
        pretty pictures on the Web, you are using TCP/IP."

pg 31: "I recommend picking VT100 because, well, just because I
        like it best."

pg 33: "Don't ask me why, it makes no sense but it works on my computer.
        Yours might be different."

pg 67: "I make my living asking dumb questions."

pg 77: "I had no idea what he meant, but then sometimes I'm a
        little slow."


pg 37: "And Happy Hacker is a book on legal hacking, right?"

pg 37: "The worst of all is a killer ping... It's a good way to lose
        your job and end up in jail."

pg 37: "ping -l 65510 ..."

       [The exact way to execute a 'killer ping' denial of service attack.]

pg 42: "But as you will discover elsewhere in this book, denial of service
        attacks are easy, lame, and may be the biggest threat to the


pg 39: (Talking about DOS commands)
        "Route - Manages router tables - router hacking is considered
         extra elite."

       [The MS-DOS 'route' command has nothing to do with routers.]


pg 41: "The Macintosh boasts one of the most secure network operating
        systems known."

       "...about one in every five of the world's webservers run on
        Macs, and over half of all Web sites are developed on Macs."

       "In February 1997, the Swedish company Infinit Information AB
        (http://infinit.se/) announced a contest to break into their
        Web server."

       [1. The web server's security does not reflect the security
           of an operating system unless it is integrated as part
           of the original product.

        2. A hacker was able to beat the contest *twice* actually.

        3. 20% of web servers are NOT Macs.]


pg 56: "It would be really dumb to accidentally commit computer
        crimes with an IRC program you don't fully understand."


pg 63: "One of the most popular hacking tricks is forging email."

       [Is that to say spammers are hackers?]


pg 64: "If you use the information in this chapter to spam from
        Eudora, I will personally punch you out."

pg 184: "If people reading this book use the information below
         to write a spam program and sell it to the teeming
         masses yearning to make money fast, I will personally
         punch them out."


pg 78: "You could go to jail warning: In the US, war dialing is illegal."

        [Colorado Springs and a FEW other limited areas make it
         illegal to 'successively dial numbers without the intent
         to communicate'.]

pg 83: "The way you can tell this is your problem is that you enter the
        correct user name and password over and over again but it doesn't
        work. If this happens, don't keep on trying the login sequence.
        Don't jump to the conclusion that you got hacked and your password
        changed. Break the connection, dial again and see if you are lucky
        enough to get a healthier modem."


pg 222: "You can get sued warning: ... This was libel. If your victim
         can afford to sue you, you could have to pay out lots of money."

        [Finally, an area she is an expert on.]


pg 90: "  But the bash shell ignores this command,
        smugly sitting there with a "bash#" prompt. That #, by the way,
        doesn't mean I'm root. It means the sysadmins at this shell account
        provider think it is cool to make the "#" a default prompt for
        all users."

pg 90: "Kewl directories to check out include /usr, /bin and /etc.
        For laughs, jericho suggests exploring /temp."

        [Misquote. I said /tmp]

pg 92: "Jericho recommends the book Unix in a Nutshell published
        by O'Reilly."

pg 104: "Getting this list of commands makes you look really kewl to your
         friends because you know how to get the computer to tell you how
         to hack it. And it means that all you have to memorize is the
         "telnet  25" and "help" commands. For the rest, you can
         simply check up on the commands while on-line. So even if your
         memory is as bad as mine, you really can learn and memorize this
         hack in only half an hour. Heck, maybe half a minute."


pg 107: "An internet host computer that doesn't run ident is a gold
         mine for bad guys. No one can trace back to the true users
         of port 25 on a host that doesn't run ident. On these computers,
         spammers, email bombers, extortionists and nasty pranksters
         can run rampant."

pg 128: "(Note: sendmail 8.8 also tracks true identity of the user
         regardless of whether ident is running.)


pg 118: "If you want to be a real hacker, you will be using the pico


pg 128: "Ident determines the email address of the person who composes
         email and logs a record of that person writing that particular email
         message into a file named syslog. This syslog file is what you look
         for if you want to track down email criminals. Syslog is a file that
         can only be read by the sysadmin of the computer on which the
         message was forged. So to tacking down these criminals usually requires
         the cooperation of sysadmins on the computers used to commit these bad
         guy deeds." [sic]

        [Mail isn't logged to syslog by default. It is logged to 'messages'
         or another log file depending on configuration. 'syslog' is often
         readable to ANY local user on the system as well.]


pg 129: "the users of these programs began to get arrested and Global kOS
         withdrew these programs from their download sites."

         [Site one example of an email bomber using their software getting


pg 148: "However, if your experiments at using anything other than a program
         plainly labeled "nslookup" don't work, don't email me to complain.
         I *will* flame you."

pg 153: "Or it could be something else. Sorry, I'm not enough of a genius
         yet to figure this one out for sure. Are we having phun yet?"


pg 158:   "This is interesting, no username
        requested, just a password. If I were the sysadmin, I'd make it a
        little harder to log in."

        [Despite the ability to set up an ACL to control who can connect
         to this port, I doubt she is referring to that.]

pg 228: "At that infamous DefCon V panel I hosted, Shadrack boasted to the
         audience that "When I break in, I close the doors behind me." He
         makes a big deal about how hackers can keep from getting busted
         by deleting or modifying log files."

        [The above quote was taken out of context. It was said in reference
         to professional controlled penetration attempts, not about
         hackers in general.]

pg 144: "19   chargen   Pours out a stream of ASCII characters. Use ^C
         to stop. On some computers even ^C doesn't work - you may even
         have to reboot your computer. Great for playing jokes on newbies."

pg 170: "...is available from the Hack FAQ written by Voyager.."

        [from the hack faq: "No document will make you a hacker."]


pg 219: "Trust me, the Succeed.net attackers are toast."

        "When it came back up, Succeed.net was now one of the most secure
         ISPs around. It also was about the least fun for any hacker to use.
         The owner had disabled nearly all services, including telnet and
         ftp. Only dialup and Web page access is now allowed. TCP Wrappers
         is in place." [sic]

        [As of June 29, 16 services including telnet and ftp are open
         on succeed.net.]