| Page | Description |
| xxvii | Chenxi Wong should be Chenxi Wang |
| 56 | The footnote states there are no DCOM implementations for UNIX. That turns out to be untrue; Software AG provides an implementation. |
| 57 | Call-level authentication is now automatically elevated to packet-level. |
| 57 | To be fair, v2 of the LAN Manager protocol is much better than V1. |
| 58 | If it wasn't clear, level 7 also provides integrity. Levels 6 and 7 can perform mutual two-way authentication if using kerberos. |
| 58 | Our source was outdated on the issue of delegating identity in DCOM; this is available in Windows 2000 and XP. |
| 71 | In the section, "Security by Obscurity", replace "built" with "used". The exact history of the Enigma is oversimplified here. See Kahn's "The Codebreakers" for a more accurate description. |
| 102 | "Karst" should be "Kursk". |
| 106 | "Nielson" should be "Nielsen". |
| 146 | printf(%s\n",... should read printf("%s\n",... |
| 147 | Add a newline after the } where } and "buf = ..." are on the same line. |
| 149 | "...versions of system calls" should be "...versions of library calls" |
| 151 | "This approach only works database of your favorite software security scanner" should read "This approach only works for those functions the library actually reimplements safely." |
| 151 | "source scanner..": delete second period. |
| 167 | printf("i = %d; argc = %d\n"); should read printf("i = %d; argc = %d\n", i, argc); |
| 190 | The first full paragraph should read: There are other special permissions in UNIX. The text permission, most often called the "sticky bit" (as previously mentioned), does nothing on files in any modern OS. |
| 193 | In the footnote, "On System V" -> "On some System V systems" |
| 195 | set_perms_to_0600 should have an int return type |
| 196 | chown_to_100 should have an int return type |
| 196 | both code examples should return 0 by default. |
| 197 | <sys/stats.h> should be <sys/stat.h> |
| 202 | SIDs can also apply to computers. |
| 205 | Note that chdir can fail, and its return value should be checked. |
| 223 | Note that there may be a need for additional headers depending on the OS (particularly sys/setlimits.h) |
| 223 | The string declaration should be for new_dir not newdir. |
| 226 | We should explicitly note that when using base 64 encoding for randomness, you need to replace the "/" character with a "." or some other character that isn't special to the file system. |
| 237 | The exponent in the second equation should be attached to "x", not the number 1. |
| 244 | "Blumb-Blumb-Shub" should be "Blum-Blum-Shub". |
| 312 | The return type of get_uid_by_name should be uid_t, not gid_t. |
| 319 | while(i-) should be while(i--) |
| 319 | The brace after envrion[i] = 0; should be removed. |
| 350 | "MD5Final" should be "EVP_DigestFinal". |
| 382 | MS SQL server now supports encryption. |
| 402-403 | Commas at the end of each line of the array (except the last) are missing. |
| 418 | ret ^= start++ should be ret ^= *start++ |
| 427 \& 466 | Firewalls and Internet Security incorrectly reported as 2nd Edition; year is 1994, not 2001. |
| 467 | [Hamlet, 2001]: "Joe Mayber" should be "Joe Maybee". |
