A Bug Hunter’s Diary: A Guided Tour through the Wilds of Software Security
By Tobias Klein
(No Starch Press, paperback, list price $39.95; Kindle edition, list price $31.95)
If your passion or desire is to find and kill software bugs and fight hackers, you should check out this well-written how-to book.
Tobias Klein, an information security specialist, has tracked down many difficult bugs and identified security vulnerabilities in some of the world’s best-known software, including Apple’s iOS, the Mac OS X kernel, web browsers, and the VLC media player, among others.
Using a diary approach, plus code examples and illustrations, Klein describes a bug he has just discovered in a software package. Then he illustrates how it creates a security vulnerability that a hacker could exploit, and he describes how to fix or at least reduce its risks.
Chapters 2 through 8 each focus on separate bugs, and Klein includes a list of “lessons learned” for programmers who want to avoid creating similar problems.
Klein’s well-illustrated book is organized as follows:
- Chapter 1: Bug Hunting – (a brief overview.)
- Chapter 2: Back to the ‘90s - (shows how he discovered a bug and vulnerability in a Tivo movie file that allowed him to crash a VLC media player and gain control of the instruction pointer.)
- Chapter 3: Escape from the WWW Zone – (illustrates how and where he found a bug in the Solaris kernel and the “exciting challenge” of demonstrating how it could be exploited for arbitrary code execution.)
- Chapter 4: Null Pointer FTW – (describes “a really beautiful bug” that opened a vulnerability into “the FFmpeg multimedia library that is used by many popular software projects, including Google Chrome, VLC media player, MPlayer, and Xine to name just a few.”)
- Chapter 5: Browse and You’re Owned – (discusses how he found an exploitable bug in an ActiveX control for Internet Explorer.)
- Chapter 6: One Kernel to Rule Them All – (focuses on how he decided to search for bugs in some third-party Microsoft Windows drivers and found one in an antivirus software package.)
- Chapter 7: A Bug Older than 4.4BSD – (how he found an exploitable bug in the XNU kernel OS X.)
- Chapter 8: The Ringtone Massacre – (how he found an exploitable bug in an early version of the iPhone’s MobileSafari browser that enabled him to modify ringtone files and access the program counter.)
- Appendix A: Hints for Hunting – (“…some vulnerability classes, exploitation techniques, and common issues that can lead to bugs.”)
- Appendix B: Debugging – (about debuggers and the debugging process.)
- Appendix C: Mitigation – (discusses mitigation techniques.)
Tobias Klein is the author of two previous information security books that were published in Germany. Because hackers use many of the same tools as those seeking to keep them out, there is an important limit on how much detail Klein is able to impart in this book.
As he notes in a disclaimer: “The goal of this book is to teach readers how to identify, protect against, and mitigate software security vulnerabilities. Understanding the techniques used to find and exploit vulnerabilities is necessary to thoroughly grasp the underlying problems and appropriate mitigation techniques. Since 2007, it is no longer legal to create or distribute “hacking tools” in Germany, my home country. Therefore, to comply with the law, no full working exploit code is provided in this book. The examples simply show the steps used to gain control of the execution flow (the instruction pointer or program counter control) of a vulnerable program.”
– Si Dunn