Home

About the authors

Buy the book

Listening room

PYWN News Page

Errata

PYWN Services Page

Tools from the book

Errata

It seems no matter how careful you are and how many people you have read something, there is always something wrong. This page contains the errata (errors) we have found in PYWN since the first edition. If you have something that is not listed here, send a message to info@protectyourwindowsnetwork.com and we will add it if we agree that it is wrong.

Chapter 2, page 40, Table 2-1

88/tcp is marked as Internet Key Exchange (IKE). It should be Kerberos.  IKE uses 500/udp for negotiations.

Chapter 2, page 47

"Because we have an SQL injection vulnerability"

should be

"Because we have a SQL injection vulnerability"

Page 59 in the "Taking Over the Domain" section:

"we run Netcat and pop back a remote shell to our attacker host just like we did with the Web server"

should say

"we run Netcat and pop back a remote shell to our attacker host just like we did with the database server"

"This will generate a remove command shell from the Web server on our attacker, just like from the Web server."

should say

"This will generate a remote command shell from the Web server on our attacker, just like from the database server."

Chapter 8, page 230

The labels on the diagram are incorrect. Victim should be attacker and vice versa.

Chapter 9, page 245

The threat tree has two boxes with 1433. One should be 1434

Chapter 9, 260

Upper-case ANY under MOM is incorrect. MOM uses port 1270 for encrypted traffic starting with MOM 2000 Service Pack 1. Prior to that, port 51515 was used for plaintext traffic. The MOM administrator console communicates with the server using DCOM.

Chapter 11, Page 316, Figure 11-3

The sprocket reads "MD5". It should read "MD4"

Appendix C

This is by far the one we feel the worst about. In the first and second printing, Appendix C contained a hosts file that we received from a colleague of ours. We received it very late in the publishing cycle and unfortunately trusted it blindly. As it turns out, the hosts file blocks some very useful sites, including some anti-spyware sites. For that reason we pulled the file from the third printing and replaced the entire appendix with the following text:

Many people have started using black hole hosts files to prevent connections to known spyware hosts from functioning. These files operate by mapping all the known spyware hosts to a localhost address, causing the connections to fail. Note, however, that these files sometimes get flagged as spyware by some spyware detection tools since they are custom hosts files.
There are several sites on the Internet that provide such hosts files. Since they need to be kept constantly up to date the best course of action is to ensure that you update it frequently from the site where you obtained the file.
One of the best such files is available at http://www.mvps.org/winhelp2002/hosts.htm.

The hosts file in Appendix C on the CD should not be used. We really apologize for the problems this has caused. The fix, should you have added this hosts file, is to remove it and reboot.

Chapter 13, Page 412

There is a section on that page that is related the problematic hosts file in Appendix C. This should also be changed in the third printing. The section that begins:

"For them we recommend using a method that a colleague of ours..."

Should be:

"For them, we recommend an increasingly popular technique of 'black-holing' the undesirable sites using a custom hosts file. Such a file resolves know spyware sites to a loopback address so that that the machine has no way to resolve them."

Send mail to info@protectyourwindowsnetwork.com with questions or comments about this web site.
Copyright © 2006 Jesper M. Johansson
Last modified: March 3, 2006