| Books - Computers & Internet - Security & Encryption |
| 1-20 of 100 1 2 3 4 5 Next 20 |
|
|
|
click price to see details click image to enlarge click link to go to the store
| 1. Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke, Robert Knake | |
 | Hardcover
list price: $25.99 -- our price: $17.15 (price subject to change: see help) Isbn: 0061962236 Publisher: Ecco Sales Rank: 2969 Average Customer Review: 
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Richard A. Clarke warned America once before about the havoc terrorism would wreak on our national security -- and he was right. Now he warns us of another threat, silent but equally dangerous. Cyber War is a powerful book about technology, government, and military strategy; about criminals, spies, soldiers, and hackers. This is the first book about the war of the future -- cyber war -- and a convincing argument that we may already be in peril of losing it. Cyber War goes behind the "geek talk" of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals. From the first cyber crisis meeting in the White House a decade ago to the boardrooms of Silicon Valley and the electrical tunnels under Manhattan, Clarke and coauthor Robert K. Knake trace the rise of the cyber age and profile the unlikely characters and places at the epicenter of the battlefield. They recount the foreign cyber spies who hacked into the office of the Secretary of Defense, the control systems for U.S. electric power grids, and the plans to protect America's latest fighter aircraft. Economically and militarily, Clarke and Knake argue, what we've already lost in the new millennium's cyber battles is tantamount to the Soviet and Chinese theft of our nuclear bomb secrets in the 1940s and 1950s. The possibilities of what we stand to lose in an all-out cyber war -- our individual and national security among them -- are just as chilling. Powerful and convincing, Cyber War begins the critical debate about the next great threat to national security. Reviews
Customer review from the Amazon Vine™ Program (What's this?) Richard Clarke's credentials are well established, having been a national security advisor to presidents of both parties, his viewpoints are his own, not politically-driven ideology.
Clarke takes the time to go over the basics of the cyber-universe for those that are not especially net-savvy, and then gets into the meat of the what, who, where and how (the "when" is the big question of course) of potential cyber attacks against the US. He gives a bit of history on attacks that have already happened, and a few that have failed. I say the information is a bit scary because, even with a degree in Computer Science, I did not know the extent to which the Internet connects and controls so many aspects of our daily lives; in business as well as in our personal lives. More and more machines and appliances are being built with the capability to "talk" to the manufacturers who make them, a legitimate and smart way to diagnose problems and download fixes.... but the idea that the new copy machine in my home office might be hacked, and ordered to malfunction to the point that it catches on fire, is unsettling to say the least. This is a good book, a page turner, and delivers information every 21st Century American should know.
Customer review from the Amazon Vine™ Program (What's this?) I've been in the information security field just about my entire professional life, both in and out of government, and I've been hearing people sound the alarms about "cyber warfare" for at least the last 15 years. Most of the time their grasp of the technical aspects is limited, they don't have a clear idea about what they're talking about, their scenarios read like movie plots, and they're usually trying to win government contracts. Although this book does have some serious shortcomings, Clarke's book is without a doubt the clearest and best work I've seen on cyber warfare. I'll lay out his book and his thesis first, then I'll tell you where I thought he fell short and what I thought of it.
Clarke first gives an overview of all the instances to date where cyber attacks have been used by state actors. In all cases but one (The Estonia attacks in 2007), the cyber attack was used to enhance a conventional attack. This is actually the best such overview I've seen, included some examples I hadn't heard of before, and Clarke's analysis is spot on. The only thing he didn't include was the very recent "operation aurora" (Google it if you want details), which probably occurred after he finished writing the book. The book then has a detailed discussion of American policy on cyber warfare, and Clarke details all the developments to date. Since Clarke worked for presidents Clinton, Bush, and Obama on national security issues, this book provides a front row seat to the ins and outs of the way our policies have developed. Clarke also details what is known about the cyber war capabilities of other countries, including China, Russia, and North Korea. Only then does Clarke begin to go into the technical aspects of cyber attacks, but the technical stuff is very high level (the back cover description explicitly says that this book goes "beyond the geek talk"). He really is just trying to show the potential damage that can be done with cyber attacks. (In other words, this is the part of the book where he tries to scare you). Clarke then discusses what he views as the primary reasons there has not been significant action in the area of defending against concerted cyber attacks. It is, in my opinion, a very realistic and fair analysis which avoids finger pointing. He then starts to lay out what he feels are reasonable defenses that the US must begin to take. In the last part of the book he lays out a clear agenda for defending against cyber attacks which includes a mix of regulation (he admits it's a dirty word but thinks it's necessary), more technical controls at major network boundaries, and an expanded scope for DHS to protect the civilian infrastructure too. He also discusses international arms control treaties, and appears to be a big fan of some international cyber war treaties, which, like nuclear arms control treaties from a generation ago, could be used to create "rules of the game" for international war. As I said, in the beginning, this is without a doubt the best piece on cyber war I've ever read. He really does an excellent job of covering everything from the history to the players to the regulations to the endless possibilities. The one place where I feel he misses the boat is in some of the technical aspects. He admits to not being a technical person, and does make a few technical errors, although they're all far too minor to be worth mentioning. My real issue is that in all his scenarios he starts with the assumption that every combatant (like, say, the USA and China) have successfully hacked into every network that the other side controls, and left backdoors to get back in. Further, none of these back doors have been discovered and removed. As someone who does this for a living, I can assure you it's not that simple. While I have no doubt that a government spending considerable resources could certainly gain access to many networks in a relatively short period of time, and if they left backdoors some might not be discovered, if someone left too many backdoors some would certainly be discovered. Breaking in is not as simple as just pushing a button like it is in the movies - in fact, recent studies have shown that the average security breach is the result of four separate mistakes. While mistakes are made all the time (which means that breaches occur all the time _somewhere_), it's much harder to cause breaches in every system you target all at once. In several places, Clarke's dire warnings fall into the trap of imitating movies more than real life. I will admit that as a technical person this is my bias showing, and I realize that this book is still largely intended to be a policy one, which is why I still give it a very positive rating. I would simply be remiss if I let this pass unmentioned.
Customer review from the Amazon Vine™ Program (What's this?) I consider the term war to be extremely overused and that includes when it appears in the term "cyber war." I prefer the longer but more accurate term, "cyber component of national rivalries." War is an event between nations where the goal for each side is to kill as many citizens of the other side as quickly and efficiently as possible so that the other nation must accept their terms. In the cyber actions of one nation against another, most human casualties are consequential rather than a direct result of the action.
Few people can match the national security credentials of Richard Clarke and in this book he makes the case for national action to protect the U. S. infrastructure from substantial cyber attack carried out by another nation. Such attacks have already been executed; to date they have not made significant noise in the major news outlets, although most have appeared in the computing literature. Clarke uses the phrase kinetic weapons to refer to the "bombs and bullets" type of warfare, so he distinguishes between cyber attacks and real attacks. Clarke also mentions several war games that have been carried out and the results are alarming, a great deal of the infrastructure of the United States is vulnerable to a concerted cyber attack if the malicious software entities have been properly placed and timely executed. Of course, he also admits that the United States is also capable of launching cyber attacks of its own. The most interesting points in the book are when Clarke talks about nuclear weapons and how policies evolved and agreements were reached between the United States and the Soviet Union over how the weapons would be declared and their use specified. There is no question that these agreements helped keep the world safe and worked to defuse several potential crises that could have led to the threat of nuclear weapons being used. Clarke proposes similar guidelines of allowed and disallowed behaviors in the cyber component of national rivalries. Acts such as industrial espionage, spying and other data thefts would be considered acceptable but the destruction of financial data and power plants would be disallowed and considered the equivalent of an attack by kinetic weapons. Certain trial runs that only cause limited damage would result in harsh diplomatic rhetoric but not be considered the equivalent of a kinetic attack. There is no question that in the modern world, low-level cyber attacks of one nation against another take place on a regular basis. Up to this point, even the most significant have been more in the category of significant annoyance rather than a crisis. However, the potential of a major attack is real and potentially devastating, so it is necessary for the United States to develop an effective strategy of defense and deterrence. Clarke sets down some sound principles for such a strategy while pointing out many of the current vulnerabilities. He does an excellent job in describing the new form of the execution of national rivalries and perhaps even how the next major kinetic war will begin. Personal note: I have taught computer science at the collegiate level for over twenty years, including courses in encryption and computer security. I have also attended many conferences where at least one of the topics was computer security.
Customer review from the Amazon Vine™ Program (What's this?) This is a frightening book. It describes an unexpected form of warfare in which the United States is already behind China, Russia, and possibly terrorists. And worse for us, we have already lost initial battles. Richard Clarke is a former Assistant Secretary of State and a Washington insider, having served Presidents Reagan, George H.W. Bush, Clinton, and George W. Bush. He made headlines with his charges against the Bush-Cheney administration on getting this nation into a needless war in Iraq, and events proved him correct. Now, he and Robert Knake tell how our wonderfully-efficient, computerized systems that control our electric grids, transportation systems, defense against military attack, and much of our day-to-day life are open to attack, control, and destruction by hackers, terrorists, or enemy agents working to disable us before a massive attack by a foreign power. His call for rapid and powerful action to set up defenses is right on the money. I only hope that our nation's leaders heed the warning and act swiftly.
Customer review from the Amazon Vine™ Program (What's this?) As a former Information Technology (IT) guy, I found Cyber War to be quite interesting. While I usually dislike the term "Cyber", I guess it's the best way to describe the topic so the majority of people know what Clarke is referring to. It may be a shock to many readers just how interconnected everything has become, and the author does a good job of explaining how some systems are not actually on the Internet, but can be accessed from another computer that is. While he primarily covers strategies in the book, he does present scenarios that may scare people. For example, if you thought the plane you were flying across the country on could fall out of the sky anytime due to a hacker, would you still fly?
My main concern with he book isn't really what he write about, but rather what he doesn't touch on. He spends a lot of time comparing a "cyber" strategy to the Cold War strategy. My complaint is that while he makes them sound very related, he forgets a very important difference. In the Cold War, only a powerful government could launch a nuclear missile. In a Cyber War, just because the U.S. government may decide to not take action, does not mean that a citizen will. If you are a skilled computer guy, or a "hacker" to use the authors term, you could decide to initiate or retaliate a response without the government even knowing it. I can only assume this wasn't covered in the book because it would just complicate the strategy even more than it already is. While the book may be too technical for some and not technical enough for others, it does a good job of laying down the foundation for a national discussion. Considering the state of the economy, I think most of us realize how quickly things can go from bad to worse, and our financial markets are extremely susceptible to this new threat. I hope the book will get more people thinking about the issue, and I'm sure that was Clarke's primary objective in writing it.
Customer review from the Amazon Vine™ Program (What's this?) Written for the public at large, this is an easily readable book which addresses the topic of cyber attacks from pranksters, hackers, and serious spies which have the potential to threaten our individual freedom and our national security. The authors cover the precedence for cyber snooping and illustrate the weaknesses inherent in computer software which have allowed this type of activity to flourish in a theoretically secure environment. They also point to political reasons why government bigwigs have chosen to ignore or address security breaches gingerly.
Constructing a variety of scenarios for potential security problems, it takes very little imagination for the reader to become adequately uncomfortable at how many levels and ways our financial systems, powers grids, and national security can be potentially compromised. While the authors state that we may already be losing the battle re: cyber war due to our own national ineptitude, they suggest potential ways to raise our national conciousness and open public dialogue on solving this problem. While I liked this book and found the topic more than a little threatening and creepy, it seems like an ideal read for anyone who is concerned with national and/or personal security or public affairs. It is probably also of interest to computer geeks and techie types.
Customer review from the Amazon Vine™ Program (What's this?) The title, and the phrase "cyber war", which has been over-hyped of late, might seem over-wrought -- but for the author, and for the compelling case he makes. This is a field in which an entire industry has had to come into being to stop the avalanche of hacks, worms, viruses, botnets and trojan horses that bedevil the Internet every day. It turns out that the potential for a much greater, overwhelming hit is far greater. The cyber-invasions of Estonia and Georgia are already a matter of record. Mr. Clarke walks us through a number of different scenarios and different dark alleys of the Internet -- and if even one of these scenarios comes true, it will be bad.
He also makes the point that our defenses are weak: at best, he says, Dept of Defense might protect the dot-mil sites, Homeland Security might protect the dot-gov sites. Apparently our utility systems, our communications, our transportation networks, our banks -- to name a few -- are wide open but for private net-security software and personnel. It's as if, during the Cold War, he asserts, that private industry would have had to provide its own Nike batteries against Soviet attack. He also makes the point, the important point, that even absent a catastrophic attack, our intellectual properties are in peril and that may quietly produce, over years rather than milliseconds, our decline. A creeping cyber-espionage, a quiet theft of our trade secrets, research and patents, may, he says, be just as destructive in the long run. This is an important book, among few in this subject area, that deserves pondering. Even if it merely sparks a national discussion, even if only a small portion of this threat, as he describes it, turns out to be potent, then this work will have been a boon. Highly recommend.
Customer review from the Amazon Vine™ Program (What's this?) This book may be eye-opening if the prospect of cyber warfare is new to the reader, and it's certainly rich with examples of attacks that have already happened. I applaud the author for bringing this subject to the average person, since there's definitely a complacency in how both the public and the government assesses the security of the online infrastructure.
Unfortunately, I think there are also elements of melodrama that undermine an otherwise important message. Cyber attacks are complex, requiring an almost unparalleled coordination, and there are already security measures in place that shut down most attacks relatively quickly. The assertion that hackers could bring the country to its knees is true in a general sense, just as nuclear war would have the same effect if everyone launched at the same time, but the probability of the success of this kind of attack is low. The lack of skills, knowledge and capabilities of rogue nations and terrorist groups in this area makes some of his scenarios border on science fiction - it's still infinitely easier to launch a conventional war than engage in this kind of high-tech assault. Clarke's warning suffers from any real technical detail or commentary by security experts who might be able to add some perspective. Unlike wars fought militarily, there is a substantial level of defense built by corporations that are barely covered here (look at Google's recent China incident as an example) and in many respects these private defenses would go a long way to prevent the Doomsday outcome developed here. Still, it's an interesting read with many good examples of what has happened - but I think the reader should use their judgment to assess what weaknesses actually exist.
Customer review from the Amazon Vine™ Program (What's this?) "Cyber War" is a shocking revelation of a significant threat to our world. This expose details a vulnerability for the developed world that our government and international corporations simply must address. I served in our military for twenty four years, so I am not feeling panic. We successfully stood up and protected our country and most of the world from nuclear attack. I knew the extent of our preparations and was confident of our tactics. Now, after being retired for nearly two decades, I no longer have access to secret military capabilities and strategies. Accordingly, I must trust that those who followed me protected our national interest. Unfortunately they may only be protecting our armed services. Most experts agree that our military is so good that no enemy could hope to compete for several decades. With that in mind, an enemy may devise a strategy that avoids direct conflict with our forces. What will happen if an enemy decides to attack our civilian structure instead. If, for example, they were able to disrupt our financial institutions so that people lost access to their bank accounts and credit cards, what could our armed forces do? If they attacked our power supplies, already subject to black outs and brown outs, they may be hurting our military as well. "Cyber War" attempts to explain just such scenarios. Early in the text Clark and Knake review several successful cyber attacks that have occurred in the last decade. Russia, in its campaign to control Estonia and later Georgia, managed to shut down all civilian and government systems and render each country powerless. Israel, possibly using technology developed in the United States, remotely shut down the defense system of Syria so they could bomb a threatening military facility. Most of us began to realize the nature of war had changed when the Twin Towers were destroyed on 9-11. The United States and her allies have been fighting a war on terror for the last nine years. During that period, asymmetrical warfare has advanced and other nations, like Russia and China have been developing cyber tools to both protect themselves and attack their enemies. Are we? Clark suggests six priority actions. First, we must initiate a dialogue with the people about cyber warfare. Universities, business, government and the public need to know about the possibility and the costs of cyber attacks. There has been too much secrecy. Second, we need a "defensive triad. Internet Service Providers (ISPs) and power suppliers needs regulation (to protect themselves and us). The authors explain that the internet centers on a few "1st Tier" Internet Service Providers (ISPs), such as Verizon and Qwest. Those ISPs must be a part of any defense against Cyber War. We must protect our power grid. Shutting down the power grid will shut down the internet. We must mobilize the Department of Defense. Any nation that decides to attack us will likely have as an intended side effect damaging DOD. Our third necessary action is to reduce the level of cyber crime. We need the laws, the investigative tools and the punishment. Some cyber criminals are developing abilities nearly as sophisticated as that of nations. Fourth, CWLT - Cyber War Limitation Treaty. We need a global ban as exists with nuclear weapons. Considering that all developed nations are subject to cyber attack, negotiating a treaty to limit cyber warfare activity should be possible. Fifth, sponsor research on more secure designs. The internet is over 40 years old. The bandwidth and capabilities have improved, but security is mostly unchanged. Security within the internet system has certainly not improved. Sixth the President of the United States must be aware and approve the placement of "logic bombs" (software applications that ask a network to shut down or erase its own programming) and "trapdoors" (like a "Trojan horse" that allows an enemy to invade undetected by security). Such actions increase the likelihood of war, and our highest government officials must be aware of their use. I highly recommend "Cyber War". This is a must read for anyone interested in our nations defense. ... Read more | |
| 2. CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris | |
 | Hardcover
list price: $79.99 -- our price: $41.73 (price subject to change: see help) Isbn: 0071602178 Publisher: McGraw-Hill Osborne Media Sales Rank: 10766 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review COVERS ALL 10 CISSP DOMAINS: THE CD-ROM FEATURES: Shon Harris, CISSP, is a security consultant, a former member of the Information Warfare unit in the Air Force, and a contributing writer to Information Security Magazine and Windows 2000 Magazine. She is the author of the previous editions of this book. Reviews
| |
| 3. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard | |
 | Paperback
list price: $59.99 -- our price: $37.79 (price subject to change: see help) Isbn: 0470613033 Publisher: Wiley Sales Rank: 9248 Average Customer Review: 
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers. Reviews
| |
| 4. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh | |
 | Paperback
list price: $16.00 -- our price: $10.45 (price subject to change: see help) Isbn: 0385495323 Publisher: Anchor Sales Rank: 5799 Average Customer Review: 
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review
Reviews
Singh has done a very nice job of demonstrating how deep an impact cryptography has on history. He opens the book by recounting Mary Queen of Scots' conspiracy to have Queen Elizabeth murdered and how she attempted to use encryption to cloak her intentions. It was a very exciting way to open the book. Singh has found the right combination of technical detail, historical detail, and character development. Singh's explanation of how the German WWII Enigma functioned is exceptional. He made it very easy (and fun) to understand. Singh's last chapter is also very neat on the subject of quantum cryptography. Though I have a BS in computer science, I'm no physics genius and Singh did a nice job of making (what I consider) difficult physics concepts easy to understand and of showing how they can be applied to modern cryptography. Although I don't know a thing about "Fermat's last theorem", I've been so pleased with Singh's writing style that I'm considering reading that book also just to see what it is all about. If you like codes/ciphers and want to read about their impact on history without reading a thousand pages then get this book. You'll be happy you did.
Chapter 4 deals with the war effort at Bletchley Park and the work on the Engima machine. Here Mr.Singh adds an additional dimension by providing some insight into the work of Alan Turning, the development of Colossus, the first (now reported) electronic programmable computer and the unrecognized cryptanalysts who broke Ultra and the other codes of WWII. Chapter 6 brings us up to present day cryptographic issues from RSA and PGP to philosophical issues of personal privacy in modern society with web centric commerce and online book reviews. At each step in the process Singh successfully combines the elements of a technical treatise with a human values and features. For those wanting to go a little further under the hood and look at the processes and algorithms in some of the codes mentioned in the text, several appendices at the end of the book should fill that yearning. I found the book informative and enjoyable to read.
Once I started reading I realized The Code Book was totally different. Singh takes you on a tour of the history of cryptography through the history of the world. You will find that cryptography was an unexpected key element in several historical events. Through the entire history, Singh's writing is exceptionally clear and easy to follow. The material in the book is accessible to all levels of reader -- even those with no knowledge of cryptography.
Ultimately, though, it's light. The history of cryptography is enormous, and a book this size can only summarize. If you're into the history, then The Codebreakers by David Kahn is the more definitive work. If you're more interested in the personal stories of people involved with code making or breaking, there are some excellent works, such as Between Silk and Cyanide by Leo Marks, which give you more detail of particular people or times. If you're interested in modern-day issues with computer security and encryption, Bruce Schneier has written two outstanding books, one for the programmer and one for the layman, detailing modern cryptographic techniques and security issues. And if you're interested in a gripping fictional work, they don't come better than The Cryptonomicon by Neal Stephenson. That's not to take away from Singh's book at all. It's extremely enjoyable, and it was a perfect vacation read for me. If you're not seriously into cryptography the way I am, you might not find the above books interesting, but find Singh absolutely fascinating. Recommended to anyone.
The first chapter starts with the description of the monoalphabetic substitution ciphers, its failure and the consequence of the latter, the execution of Mary Queen of Scots. From then we proceed to polyalphabetic ciphers, the Vigenere Cipher and the Babbage's method of breaking it; as an added bonus Singh has thrown in the three Beale papers, allegedly leading to over a ton of gold buried in the hills of Virginia. The third chapter describes the path Germans made between the world wars, from the Zimmerman note disaster to the construction of Enigma. Closely related to it is the next chapter, a story about the Poles and the Brits cracking Enigma. The fifth chapter is a step aside: on deciphering texts that are not purposely encrypted, but simply written in extinct languages and scripts, like Egyptian hieroglyphics or Minoan Linear B script. From then on, we are probably already on the more familiar territory; the discovery and re-discovery of public key cryptography, and its application in Phil Zimmerman's PGP. The last chapter tries to provide a peek into the future: quantum computers that can break currently uncrackable codes in linear time, and quantum encryption, which cannot be broken without violating the laws of physics. Apart from the Beale treasure papers, Singh added another gem for aspiring cryptanalists: they can test what they have learned with ten ciphertexts in the appendix, and the author promised to pay 10.000 GBP to the first one who solves all of them. And Singh proved to be a good teacher: to date, nine stages out of ten are solved already (the last one involves a massive amount of CPU time). True, David Kahn's Codebreakers contains a more exhaustive treatment of the historic development of cryptography, and Bruce Schneier's Applied Cryptography will provide you with a knowledge needed by a working specialist. However, if you share just a casual interest in the area, this is the book for you. It's much more than just stories about people involved in the cryptography and other related trivia - you will be surprised that Singh's lucid explanations will actually make you understand how the algorithms work.
Singh's book is an enjoyable and well-done overview of the basics of cryptography. He begins with a story about how Mary Queen of Scots was doomed because her crypto was bad, and continues up to the present day. He describes the 16th Century French Vigenere cipher, World War I cryptography, including the Zimmerman telegram, and lots of detail about Enigma. There is a fascinating side branch into the related issue of deciphering ancient languages. He does a good job describing the Rosetta Stone and the work in deciphering that, and a good job discussing Linear B. The concluding chapters discuss computer based cryptography, particularly the Data Encryption Standard, Public-key Cryptography, the RSA algorithm, and Pretty Good Privacy. I was a bit disappointed in the final chapter, on Quantum Cryptography, which didn't explain things as clearly as I would have liked. Their is also a set of ciphers in the back, and a contest for readers to try to decode them. Singh does a good job describing the characters involved, in the best tradition of popular science. And though I've known a bit about this subject for some time, he still taught me lots of new stuff. I was particularly surprised to learn that British researchers had invented both Public-key Cryptography and an equivalent to RSA several years before the more famous inventor, but that the British government had classified their work, denying the researchers credit for their discoveries. This is a sound, entertaining, and informative introduction to the basics of cryptography.
The characters were well written within the history. Instead of falling asleep to a list of names and dates, I was saddened to read of the fate of Alan Turing when they discovered his secret, all fired up about the buried treasure surrounding the Beale Papers, and laughing at the quandry of the poor Navajos who were 'captured' by Americans who mistook them for Japanese spies. The other high quality aspect was the cryptography explanations. Never having known much about cryptography beyond the absolute basics behind Enigma, I found it extremely easy to understand his explanations of how this or that cypher worked, and how historical figures went about cracking them. Even his explanations of how Enigma worked were simple to comprehend. Based on his explanations I'm confident I could create coded messages myself - maybe even decipher one! It probably has a lot more to do with my ignorance of Egyptology than the authors explanations, but the only portion of the book I didn't like was the explanation of how the hieroglyphs were deciphered. The explanations themselves were clear, but it seemed to me there were some assumptions made about why people in ancient Egypt did certain things that just seemed a bit off to me. The author was clear enough and accurate enough about everything else that I'm assuming the fault is mine, and I'll be reading some Egyptian history sometime soon.
| |
| 5. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson | |
 | Paperback
list price: $49.95 -- our price: $30.34 (price subject to change: see help) Isbn: 1593271441 Publisher: No Starch Press Sales Rank: 6755 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment--all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity. Reviews
The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86. The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.
It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same. What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text. This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly. The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.
Includes detailed explanations and code for:
The writing style can be a little empty, and could use a bit more of a layered approach, but this is a minor criticism. I work in IT security, and this is the first hacking book I have ever recommended. Go for it.
The author presents three major topics. The first one addresses in excellent detail how software exploits can be crafted. Here you can learn a methodology on how buffer/heap/format string vulnerabilities are done. A second part of the book discusses network level vulnerabilities, while the last part adddresses cryptography. Even on this last topic, which traditionally looks either to mathematical or to general in other books, "hacking : the art of exploitation" is great and keeps one breathless.
| |
| 6. 2600 Magazine: The Hacker Quarterly - Digital Edition - Autumn 2010 | |
 | Kindle Edition
list price: $3.95 Asin: B0049P1NIK Publisher: 2600 Enterprises Sales Rank: 2246 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Reviews
| |
| 7. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard, Marcus Pinto | |
 | Paperback
list price: $50.00 -- our price: $30.93 (price subject to change: see help) Isbn: 0470170778 Publisher: Wiley Sales Rank: 9162 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools. Reviews
| |
| 8. Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
 | Paperback
list price: $34.95 -- our price: $23.07 (price subject to change: see help) Isbn: 1597496111 Publisher: Syngress Sales Rank: 10647 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review For the first time, Deviant Ollam, one of the security industry's best-known lockpicking teachers, has assembled an instructional manual geared specifically toward penetration testers. Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief "spy manuals" that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease. Deviant's material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you're being hired to penetrate security or simply trying to harden your own defenses, this book is essential. Reviews
| |
| 9. The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon | |
 | Paperback
list price: $16.95 -- our price: $10.08 (price subject to change: see help) Isbn: 076454280X Publisher: Wiley Sales Rank: 19971 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review
Reviews
Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption. The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering. Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information. The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios. At the end of each chapter, the book analyzes what went wrong and how the attack could have been prevented. The book is quite absorbing and makes for fascinating reading. With chapter titles such as The Direct Attack; Just Asking for it; the Reverse Sting; and Using Sympathy, Guilt and Intimidation, readers will find the narratives interesting, and often they relate to daily life at work. Fourteen of the 16 chapters give examples of social engineering covering many different corporate sectors, including financial, manufacturing, medical, and legal. Mitnick notes that while companies are busy rolling out firewalls and other security paraphernalia, there are often unaware of the threats of social engineering. The menace of social engineering is that it does not take any deep technical skills - no protocol decoders, no kernel recompiling, no port scans - just some smooth talk and a little confidence. Most of the stories in the book detail elementary social engineering escapades, but chapter 14 details one particularly nasty story where a social engineer showed up on-site at a robotics company. With some glib talk, combined with some drinks at a fancy restaurant, he ultimately was able to get all of the design specifications for a leading-edge product. In order for an organization to develop a successful training program against the threats of social engineering, they must understand why people are vulnerable to attack in the first place. Chapter 15 explains of how attackers take advantage of human nature. Only by identifying and understanding these tendencies (namely, Authority, Liking, Reciprocation, Consistency, Social Validation, and Scarcity), can companies ensure employees understand why social engineers can manipulate us all. After more than 200 pages of horror stories, Part 4 (Chapters 15 and 16) details the need for information security awareness and training. But even with 100 pages of security policies and procedures (much of it based on ideas from Charles Cresson Wood's seminal book Information Security Policies Made Easy) the truth is that nothing in Mitnick's security advice is revolutionary - it's information security 101. Namely, educate end-users to the risks and threats of non-technical attacks. While there are many books on nearly every aspect of information security, The Art of Deception is one of the first (Bruce Schneier's Secrets and Lies being another) to deal with the human aspect of security; a topic that has long been neglected. For too long, corporate America has been fixated with cryptographic key lengths, and not focused enough on the human element of security. From a management perspective, The Art of Deception: Controlling the Human Element of Security should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature.
Most employee's don't think they are allowed to say 'no' to giving out information over the phone or email in the name of great customer service. There may be company policies but they 'still try to do the right thing' to help a co-worker regain access to the system, when in fact the person is a hacker. Many solutions are offered to help small and large companies balance the choice of customer service over security and trust. One funny chapter was how Mr. Mitnick's used the same social engineering methods in prison to get additional phone calls, better food, and increase family visits. Classic... He didn't stop even in prison. I recommend this book.
What we in the IT world call 'social engineering' is nothing more than a con that exploits human trust. Mitnick was highly effective at social engineering and this book provides a wealth of information regarding his views of 'social engineering' vulnerabilities and how he exploited them. He exposes the details of some of the most effective techniques used by those who use social engineering to accomplish their goals - whether those goals are as sinister as corporate espionage or fraud, or merely to prove that they can gain access to systems and information. While some of the recommended countermeasures in this book may seem Draconian there is middle ground to implement effective controls that do not hamper business processes or impose overly restrictive policies. The bottom line, though, is to learn from this book and distill the key lessons into knowledge throughout your organization. Awareness is one of the most powerful security tools, and this book promotes that. Also, while this book is ostensibly about IT security, the lessons imparted are as applicable to any other aspect of a business as they are to IT - in many ways there are even more applicable because the exploits are based on effective con games that were in existence long before computers came on the scene.
Its a fun book with lots of entertaining and education stories on what One of the articles I have read on the book called it "Kevin Mitnick's The attack side is stronger in the book than the defense side, social engineering: one of the definitions called it a "hacker's The book's stories show examples of hackers defeating firewalls, The book will give lots of ideas to those involved in penetration The biggest shortcoming of the book is that it has no "attack HOWTO" Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
The book sets out security policies, and there's also a whole chapter on security training. One of Mitnick's recommendations is for companies to supply each employee with a copy of the book. Normally I'd dismiss this as blatant self-promotion. But believe me, in this case, the more people share the book's stories with each other at the water cooler, the closer the company will come to being a secure environment. Mitnick makes it clear that everyone in the company has to be aware of security issues, and of the many types of attacks he describes so well, and know how to react to any demand for information, even from someone who appears to be an insider. By the time you finished the book, you'll be a believer, and you'll think two or three times before giving out information. And company security officers may want to stop simply sending e-mails about security, and get all employees (including the receptionists!) into classroom training. The only problem I had with this book was Mitnick's use of the term "social engineering" to describe the manipulation of employees and security systems. Social engineering is what the conservatives accuse the liberals on the U.S. Supreme Court of doing. But that's a minor item in an otherwise overwhelming and totally convincing book.
I was a former victim of Kevin's exploits. He gained access to our network through an elaborate pretext; gaining access to systems that were secured by firewalls, dial back modems, extensive security policies and (unfortunately) many humans like myself. Everything but the humans worked flawlessly. The art of the con is as old as anything. Con artists know that any system, yes ANY system, can be compromised as long as humans are involved. All the technology in the world (alone) isn't going to stop a creative and motivated social engineer. Sadly, the focus of IT security today is on technology and technology alone. Very little attention is paid to the topic of social engineering and how to mitigate this threat. `Human nature' is, once again the culprit here, as people view controls that reduce social engineering threats (strict process controls, seemingly redundant and repetitive procedures) as unnecessary or overly paranoid. This book goes a long way to illustrate the wide applicability of this type of threat, even describing social engineering attacks against the traffic court systems and the Social Security Administration. This book is a `must read' for any serious security professional, and a very interesting read for anybody wanting a look at the way a real hacker's brain works.
"The Art of Deception" is, by default, the definitive and authoritative reference work on the subject of "social engineering". No author has ever tackled this tremendously important--and consistently ignored--aspect of information security with the same amount of depth, specificity and firsthand knowledge that Mitnick documents in this book. Despite the book jacket's description of Mitnick as a "legendary hacker" and "cyber-desperado", this book is decidedly NOT about "hacking" in the purest form in the word. In fact, it's rather ironic that for most people, the name "Kevin Mitnick" is synonymous with the profile of a stereotypical "master hacker", because he is much less regarded in the underground hacker scene for his technical skills than for his adept social engineering skills. Some would even say that without his social engineering chops, Mitnick would have been nothing more than an average geek with knowledge of common computer intrusion techniques. Even if you accept that opinion as true, it truly underscores the very real threat social engineering poses to ANY organization, and also proves one of the underlying themes of this book, which is that an attacker doesn't need to possess exotic and hyper-advanced "hacking" skills (or in many cases, even a computer!) to get at your company's sensitive data. All it takes is a phone call and gullible employees who aren't aware that answering a caller's seemingly innocuous questions can ultimately compromise the security of the entire company. Like the blurb on the book jacket says, "the gravest security risk of all is human nature." The renowned cryptographer Bruce Schneier once wrote, "security is not a product, it's a process". "The Art of Deception" bolsters that notion, and completely shatters the myth that technological measures can ensure information (or even physical) security. If anything, a company's security technology can be artfully used against itself in ways that completely negate its effectiveness. There is a very enlightening section on Caller-ID spoofing which will definitely open the eyes of anyone who thinks that a Caller-ID display is positive proof of a caller's identity and location. Mitnick claims a 100% success rate in getting information out of people using a spoofed internal company Caller-ID name and number. Because of this, he continually reminds the reader of the absolute worthlessness of Caller-ID as a security mechanism. I'm glad he does this, because almost no one outside of the hacking and phreaking scene even realizes that Caller-ID spoofing is possible, and the more this fact can be beaten into the heads of I.T. or security managers, the better. You can have millions of dollars of firewall products, encryption technology, password policies, and intrusion detection systems in place, but if I can simply call up your company's new intern on the phone (using spoofed Caller-ID, of course) pretending to be a company executive, and social engineer him into divulging information or even sending out sensitive files or faxes directly from internal computers, then that "technology" is nothing more than a heap of black boxes with lots of pretty blinking lights. An iron door on a cardboard house. There are many people who have automatic biases against Mitnick (due to his past record as a convicted felon) and will cast off this book as nothing more than a how-to manual on conning corporations out of their data. The debate on whether he deserved the treatment he received from the U.S. Federal Government and Justice Department, and whether he is truly a "criminal" or not, is completely ancillary to the value and legitimacy of this book. It is not an I.T. or con man's version of "The Anarchist Cookbook". He devotes 78 pages at the end of the book specifically outlining recommended corporate security policies. The book is always written from the perspective that the social engineer is the "bad guy", and Mitnick makes no concerted attempt to justify social engineering as a legitimate activity. The only problem I see with "The Art of Deception" is, ironically, not the book itself. It is with the very people whom this book seeks to educate regarding the dangers of social engineering. No doubt, most IT managers will come away from this book as if they had a religious epiphany. However, knowing the time and budget constraints placed on employees by many companies, I am extremely skeptical that you can instill the same sense of urgency and vigilance in employees who don't have a direct, firsthand reason to care about information security. If you can social engineer the overnight janitor to turn on a restricted development server, or get an intern to divulge the name and internal phone extension of a project manager, then you're still screwed. It's difficult to see how it's possible to effectively guard against all forms of social engineering without making every single employee in a company act like an annoying paranoid twit in response to even the most truly innocuous situations. Regardless, this book should be required reading for all company executive and managers, in both large and small organizations. When it comes right down to it, "The Art of Deception" is fundamentally a book on psychology than actual information security techniques, and as such, the principles demonstrated within are equally applicable to any company that has information or resources that need to be protected from outsiders. For example, Mitnick explains a hilarious, and ridiculously simple social engineering scheme that can get your traffic tickets dismissed. And with no computers required from the social engineer's end. The book is at least funny, if nothing else. ... Read more | |
| 10. Mind Hacks: Tips & Tricks for Using Your Brain by Tom Stafford, Matt Webb | |
 | Paperback
list price: $24.95 -- our price: $16.47 (price subject to change: see help) Isbn: 0596007795 Publisher: O'Reilly Media Sales Rank: 15097 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review The brain is a fearsomely complex information-processing environment--one that often eludes our ability to understand it.At any given time, the brain is collecting, filtering, and analyzing information and, in response, performing countless intricate processes, some of which are automatic, some voluntary, some conscious, and some unconscious. Cognitive neuroscience is one of the ways we have to understand the workings of our minds. It's the study of the brain biology behind our mental functions:a collection of methods--like brain scanning and computational modeling--combined with a way of looking at psychological phenomena and discovering where, why, and how the brain makes them happen. Want to know more? Mind Hacks is a collection of probes into the moment-by-moment works of the brain. Using cognitive neuroscience, these experiments, tricks, and tips related to vision, motor skills, attention, cognition, subliminal perception, and more throw light on how the human brain works. Each hack examines specific operations of the brain. By seeing how the brain responds, we pick up clues about the architecture and design of the brain, learning a little bit more about how the brain is put together. Mind Hacks begins your exploration of the mind with a look inside the brain itself, using hacks such as "Transcranial Magnetic Stimulation: Turn On and Off Bits of the Brain" and "Tour the Cortex and the Four Lobes."Also among the 100 hacks in this book, you'll find: Reviews
| |
| 11. Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) | |
 | Hardcover
list price: $69.95 -- our price: $54.71 (price subject to change: see help) Isbn: 1439809593 Publisher: Auerbach Publications Sales Rank: 31453 Average Customer Review: 
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review With each new advance in connectivity and convenience comes a new wave of threats to privacy and security capable of destroying a company’s reputation, violating a consumer’s privacy, compromising intellectual property, and in some cases endangering personal safety. This is why it is essential for information security professionals to stay up to date with the latest advances in technology and the new security threats they create. Recognized as one of the best tools available for the information security professional and especially for candidates studying for the (ISC)2 CISSP examination, the Official (ISC)2® Guide to the CISSP® CBK®, Second Edition has been updated and revised to reflect the latest developments in this ever-changing field. Endorsed by the (ISC)2, this book provides unrivaled preparation for the certification exam that is both up to date and authoritative. Compiled and reviewed by CISSPs and (ISC)2 members, the text provides an exhaustive review of the 10 current domains of the CBK—and the high-level topics contained in each domain. Unique and exceptionally thorough, this edition includes a CD with over 200 sample questions, sample exams, and a full test simulation that provides the same number and types of questions with the same allotment of time allowed in the actual exam. It will even grade the exam, provide the correct answers, and identify areas where more study is needed. Earning your CISSP is a deserving achievement that makes you a member of an elite network of professionals. This book not only provides you with the tools to effectively study for the exam, but also supplies you with ready access to best practices for implementing new technologies, dealing with current threats, incorporating new security tools, and managing the human factor of security—that will serve you well into your career. Reviews
| |
| 12. Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier by Suelette Dreyfus | |
 | Kindle Edition
list price: $2.99 Asin: B003XIIYWW Publisher: Suelette Dreyfus Sales Rank: 8147 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review
Reviews
| |
| 13. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Gordon Fyodor Lyon | |
 | Paperback
list price: $49.95 -- our price: $32.97 (price subject to change: see help) Isbn: 0979958717 Publisher: Nmap Project Sales Rank: 13201 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X. Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http://nmap.org/book for more information and sample chapters. Reviews
| |
| 14. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll | |
 | Paperback
list price: $16.00 -- our price: $10.88 (price subject to change: see help) Isbn: 1416507787 Publisher: Gallery Sales Rank: 14927 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases -- a one-man sting operation that finally gained the attention of the CIA...and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB. Reviews
Dealing with the CCC (Chaos Computer Club), Hunter (the main hacker), and the different networks will really make you think and keep you on your toes. Read it and see for yourself just how intense the experience will be. I advise you to get some sleep before you start because you probably won't be getting any anytime soon.
Science is precise, and therefore Stoll began an investigation that ended up changing the intelligence community. His extensive testing and experiments revealed not only unauthorized access, but also the flaws of computer security. He studied the methods, the data path, and the signals (both false and true) through an electronic maze that eventually led him to "Hunter." Early in his exploration, he discovered a six-second-time delay between transmission and receipt. It took three seconds for the data link from New York to reach Berkeley. What happened to the extra three seconds? Stoll reevaluated his findings, and eventually found the three missing seconds. It was the transmission time from Europe to New York. The Cuckoo's Egg is Stoll's incredible story that eventually led to Hunter, a group of computer hackers and spies who were connected with the KGB and operating out of Germany. They had used our own services to piggyback onto valid signals. They jumped from system to system randomly to meet their goal. They obtained entrance to highly classified government sites. This is the suspenseful, true story of one scientist's ingenious methods that brought down a spy ring. I read this book when it was first released and treasure my copy. Clifford Stoll had included his e-mail address, and graciously responded to my questions. This book is not out-of-date. It opened the door to the world of computer investigations. The story is fascinating, and the writing is excellent. Five stars. Victoria Tarrani
Thanks Gauri dear, for this neat Book.
This is a story of a young astronomer who was ignoring his proper job and playing with computers too much, who discovered some alarming hacking into US defence computers and decided to track down the culprits. Stoll is a persistent thoughful and imaginative investigator and occasionally puts his scientific training to good use, for example when he theorises on the location of the hackers based on their network latency. I found this utterly enthralling, and it is the only book where I have literally read it through from start to finish unable to put it down, which in my case meant getting to bed at 5.30 in the morning. As well as a fascinating story of hacking and detection, the book contains wry anecdotes of the total gulf between Unix, VMS and Apple Mac users. Although the story is 10 years old, these attitudes still prevail to this day. And of course Unix still RULES!!!! The age of the story is revealed when a mini-computer is described as being powerful because it musters 10 MIPS. These days that won't support a mail program :-) The book also relates in intimate detail the dreadful buck-passing that went on for months before the US powers finally did something. Interspersed with the main story are some bits and pieces of Stoll's own life and this reader found it a little sad how he devoted so much time to catching the hackers whilst fully aware that his girlfriend was missing him at home, and then in a wistful series of postscripts we learn they split up - perhaps there was some connection. This is the best of all of these books on computer crime - a must!
| |
| 15. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Bill Blunden | |
 | Paperback
list price: $49.95 -- our price: $29.67 (price subject to change: see help) Isbn: 1598220616 Publisher: Jones & Bartlett Publishers Sales Rank: 43399 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Reviews
| |
| 16. CISSP Practice Exams (All-in-One) by Shon Harris | |
 | Paperback
list price: $39.99 -- our price: $26.39 (price subject to change: see help) Isbn: 0071701397 Publisher: McGraw-Hill Osborne Media Sales Rank: 53634 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Written by the leading expert in IT security certification and training, CISSP Practice Exams is filled with hundreds of realistic practice exam questions based on the latest release of the Certified Information Systems Security Professional (CISSP) exam. To aid in your understanding of the material, in-depth explanations of both the correct and incorrect answers are included for every question. This practical guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2) and is the perfect companion to CISSP All-in-One Exam Guide, Fifth Edition. Covers all 10 CISSP domains: Bonus online practice exams and audio lectures are available with free online registration. Reviews
| |
| 17. Hacking For Dummies by Kevin Beaver | |
 | Paperback
list price: $29.99 -- our price: $19.79 (price subject to change: see help) Isbn: 0470550937 Publisher: For Dummies Sales Rank: 22890 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them! It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist and has been updated to cover the latest hacks for Windows 7 and the newest version of Linux. Offering increased coverage of Web application hacks, database hacks, VoIP hacks, and mobile computing hacks, this guide addresses a wide range of vulnerabilities and how to identify and prevent them. Plus, you'll examine why ethical hacking is oftentimes the only way to find security flaws, which can then prevent any future malicious attacks. Hacking For Dummies, 3rd Edition shows you how to put all the necessary security measures in place so that you avoid becoming a victim of malicious hacking. Reviews
| |
| 18. Hacker's Delight by Henry S. Warren | |
 | Hardcover
list price: $59.99 -- our price: $42.55 (price subject to change: see help) Isbn: 0201914654 Publisher: Addison-Wesley Professional Sales Rank: 30318 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Reviews
This book is a collection of tricks that show the reader better ways to do things they already know how to do. And it's also a book that can give the reader insight into different approaches and mechanisms for solving problems. Computer programmers translate their ideas and requirements into any of several computer languages. Those expressions are limited by the language the programmer is using, and maybe even the machine the programmer is targeting. But there is a wide continum of expressions that result in the same -- hopefully correct -- results. Choosing the most efficient, and most elegant, expression to some is "real" hacking. This book is for real hackers. It's a great collection of tricks for performing usually simple operations in an elegant way. What's elegant? Well, elegant is efficeint. If there's a side-effect of an elegant operation, it turns out that side-effect is probably useful and not simply discarded. This book catalogs insights into concrete binary math, shortcuts derived from different boolean operators, and even approaches some interesting numerical analysis problems. If you already know how to write software, and you already know you want to find faster or more efficient ways to check for overflows on integers, divide nubmers, count bits, search for binary patterns, or do other twiddling, then this book is for you. If the application of such techniques doesn't seem important to you, then this book probably isn't going to be of interest to you.
| |
| 19. Security+ Guide to Network Security Fundamentals by Mark Ciampa | |
 | Paperback
list price: $124.95 -- our price: $81.19 (price subject to change: see help) Isbn: 1428340661 Publisher: Course Technology Sales Rank: 35461 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review Reviews
| |
| 20. Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan Carvey | |
 | Paperback
list price: $69.95 -- our price: $55.31 (price subject to change: see help) Isbn: 1597494224 Publisher: Syngress Sales Rank: 34207 Average Customer Review:
US | Canada | United Kingdom | Germany | France | Japan |
|
Editorial Review "If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis." -Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer "The Registry Analysis chapter alone is worth the price of the book." -Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group"I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell." -Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book's companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author. Reviews
| |
| 1-20 of 100 1 2 3 4 5 Next 20 |
worth reading, but with a big grain of salt, August 6, 2010
Informative but not for the Exam, June 13, 2010