I am a senior engineer for network security operations. I've read and reviewed every edition of the "Hacking Exposed" series since the 1999 original. "Hacking Exposed" is a winner; the authors' powerful example-driven style teaches the tools and tactics of vulnerability assessment and penetration testing. Nevertheless, I've compared this third edition to its "Hacking Linux" and "Hacking Windows 2000" cousins, and I believe the authors should rethink their goals for the "Hacking Exposed" series.
"Hacking Exposed, Third Edition" (HE:3E) describes techniques to attack and defend a wide variety of network assets: Microsoft products (9x, ME, NT, 2000, XP), UNIX variants, Novell's NOS, routers, PBXs, firewalls, and so on. Weaknesses in individual applications are explained, with attention given to remote control tools (VNC, Windows Terminal Server, PCAnywhere), Web technologies (IIS, ColdFusion, ActiveX, Java), and file sharing/chat systems (Napster, IRC). Readers are unlikely to find so many topics given fairly thorough coverage in a single volume.
Unfortunately, at 727 pages, HE:3E has gained too much weight. The 1999 first edition offered 484 pages, and the 2001 (yes, 2001) second edition gave 703 pages. While the authors should be credited for not simply copying and pasting material from their 2001 edition of "Hacking Exposed: Windows 2000," many of the same topics appear in both books. Furthermore, some subjects are redundantly described within HE:3E. For example, why rehash port redirection and rootkits in chapter 14 when they were adequately covered in earlier sections?
I strongly recommend the authors remove the UNIX- and Windows-specific material from a future fourth edition of "Hacking Exposed," directing readers to "Hacking Linux" and "Hacking Windows" when necessary. The authors should briefly describe general UNIX and Windows vulnerabilities in "HE:4E," and devote most of the book to their methodology and systems not covered in other books. This overhaul will give the authors a chance to remove some dated material from "Hacking Exposed," like a reference to ISS RealSecure v3.0 (6.0 is now in use).
I recommend readers who have not read previous "Hacking Exposed" titles buy this book. Despite my concerns, I still learned something new (wireless issues, format string vulnerabilities) and re-acquainted myself with material mentioned in earlier editions (RIP spoofing, enumeration techniques). If you've read "Hacking Exposed, Second Edition," wait for a revamped fourth edition.
(Disclaimer: I received a free review copy from the publisher.)