Hacking Books

I'm technically not finished reading this book yet and probably never will be until they update it again and still it will be a good reference manual for several years anyway. Skoudis and Liston do have a way of making complex issues seem to make sense. I thank them for writing it and thank Amazon for making it available to me.

It was an easy read, as far as the writing itself. It wasn't too dry, but in some places there was too much information all at once. I've only read the first 350 pages or so, but I can say for sure that Chapter 6 should have been cut into 2 or 3 chapters. The sheer ammount of material covered in those 100 pages or so was too much to be taken all at once.

Most of the tools in this book are widely used and known, but the reason that this book is so interesting is that it describes how you can defend yourself from attacks with such tools.

Therefore this is a very good reference book.

I can't argue with the fact that this is a great book to learn security. It also serves as a fantastic intro to networking with some really good insight into the interworkings of TCP/IP. One thing that is great about this book is the detail that the author goes into on each section. This should be required reading for all new security/network professionals. Its funny but the things that people take for granted that they know (foundational knowledge)are the very things that not many people in the field truly understand at a deep level. This book will help you to not be one of those people.

Only one real gripe - I know typos happen and errors are common in technical books BUT... in a chapter about TCP/IP to misspell the late Jon Postel's name is just unbelievable -- Wow. (p.32)

This book has done a great job at informing readers of network security. After supplying a little OS and networking background information the author composes the information in a way that an attacker would view it so the reader can get inside the mind of an intruder. I would highly recommend this book to anyone interested in how attacks are executed.

I just finished going through the entire book line by line. I am extreemly new to Linux and security, and this book made it all very clear. I only wish I realized that there was a second edition out when I bought this one. Everything in this original edition was still completely correct and appropriate, three years later.

I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.

The best way to learn while reading HE:L2E is to try the sample commands. I also recommend visiting the links mentioned and installing many of the tools described by the authors. I found programs like raccess, nsat (ch. 3), sslsniff (ch. 7), nstx, and httptunnel (ch. 15) particularly interesting from an attacker's point of view. From a system administration standpoint, coverage of passlogd (ch. 2), lilo and grub (ch. 5), and X (ch. 6) were very helpful.

The authors share many novel ways to abuse Linux systems, but counter those exploits with little-known features or third-party tools. I never knew I could use bash's HISTCONTROL feature to selectively remove entries from shell history files. HE:L2E goes the extra mile to help secure your system, such as including sample C code in ch. 13 to allow one to compile TCP Wrappers support into one's own programs. Other clear, concise defensive measures were introduced in excellent chapters on keeping the kernel and packages current (appendix B) and pro-active security measures (ch. 2). The last appendix gives a short yet powerful description of the damage an intruder can perform, showing how he hid unauthorized programs and how those programs were discovered.

If you use Linux, you'll find HE:L2E indispensable. I even applied many of the tools and techniques to my FreeBSD system, showing that that good security advice can be a cross-platform endeavor.

The Hacking Exposed books have set the bar for this genre of security book. Hacking Linux Exposed - 2nd Edition doesn't fail in meeting that bar as well. If you've read Hacking Exposed - 4th Edition and think this book can't tell you anything you don't already know- think again. For those who administer Linux boxes this book provides an in-depth look at specific hacks and vulnerabilities unique to the Linux operating system and the accompanying fixes and workarounds to protect yourself. The book is overflowing with examples and sample commands that users can immediately put to use to better understand the risks and how to mitigate them. Hacking Exposed is a must-read for security- this book is a must-read for Linux security.

(...)

First, this book does _NOT_ have a installation walk through...YES!!!

You will not find another book this comprehensive in the length in HLE has accomplished. i found the book to be on point, and not overdrawn on any specific topic. The authors usage of gender is something of a mystery aswell. For the first 10 chapters or so the cracker is a woman, then in later chapters it becomes a man, then in even later chapters a woman, then back to a man :-).

i found the book to be very well written, it feels like a very good naration. There is only a few plugs of direct humor (1 about using word for the publisher, another about the shortest sentence using all letters) but these few are lightening.

Technically this book is sound. it does very good in keeping the basics of security alive through the book (chattr +i, only use what you need, upgrade, etc...). This is very helpful to a beginer for reinforced learning. The software packages it mentions for firewalls, logging, etc. are very nice and descriptive.

All around great book. BTW, did i mention that is does _NOT_ cover a Linux installation from CD/DVD? That alone should be enough to buy it.

When I first starting using Linux systems and putting them online I had NO idea what sort of grief I was in for. The reason for that grief: I had NO clue how to 'harden' a system or what that term even meant. By not knowing that I put up systems that were quickly exploited by script kiddies and SPAM houses looking for open relays to use for SPAM and for 'zombies' to use in Distributed Denial of Service (DDoS) attacks. I bought this book, read it, and haven't had those problems since. If you are going to do *anything* with Linux on the internet then GET THIS BOOK NOW. Unless, of course, you *want* to have your computers destroyed on a weekly basis...

this book is culled from sources across the internet, almost all of the information is freely available somewhere. in most cases the author has not even bothered to change the filenames or unique file extensions. the book itself is barely an index of the cd-rom, with the first paragraph of a file serving as a description. there is some (un)original writing done by the author himself, comprising a miniscule amount of the actual text. if you would like to learn what these files are actually about, you would be much better served by going to the sites they were taken from

This book is trash. This is just a printed version of textfiles.com that gives you all of the "lost" files for free. This is just a horrible book that takes advantage of people not using google first to find free information.

I think this book is equivalent to somebody filling up a bottle with tap water and selling it for 20 dollars as pure water found in the most secret places.

The widespread availability of computers and access to telephone and Internet technologies has contributed to the sharp rise in the number of people going online over the years. Unfortunately, many of these people found their way online through less-than-honest means, and once online, they would set out to perform a great deal of mischief and damage to various computers and computer information systems.

Hack Attacks Encyclopedia edited by John Chirillo serves as the ultimate source for collected information on the history of hacking, cracking, and phreaking. The book features nearly 2,000 text and HTML document extracts that includes news articles, online postings, and other snippets of insightful information. Some of the accounts are startling. Readers will quickly pick up just how clever some hackers, crackers, and phreakers really are. The following snippet exemplifies available talent in Northern America:

"Silver Spy has everything going for him - comfortable surroundings, a father who is an engineer. He ranks in the top 3 percent of his high-school class. His SAT scores for college admission totaled 1,400 of a possible 1,600. He wants to attend Stanford or the Massachusetts Institute of Technology. But in the eyes of the phone companies he is a thief, and in the eyes of the law he's a criminal. Such is the portrait of this 17-year-old computer "hacker" and "phone phreaker" who lives about 20 miles outside Boston. He spoke with U.S. News & World report on the condition that neither his real name nor home town be revealed."

The Hack Attack Encyclopedia is broken up into major sections by decade - the 70's, the 80's, the 90's, the Millennium, and a special historical synopsis. From beginning to end, readers will be able to follow the history of mischievous behavior. It will be an eye-opening experience for anyone to follow the advancements made in communications technologies and how they can be easily circumvented and otherwise compromised to carryout further activities. Although some of the technologies disclosed in the book are outdated and have been replaced, readers will still gain helpful insight of the mindset of hackers, crackers, and phreakers operating today. They are a force to be taken very seriously.

An extensive 217-page glossary of terms will enlighten readers about the slang talk used in the hacking, cracking, and phreaking communities. As a special bonus, the CD accompanying the book features full-length editions of the article and snippet extracts included in the book, hundreds of computing and Internet exploits, and a sampling of useful utility programs.

Hacking, cracking, phreaking, and virus infection still poses problems for many people today. This book will open the eyes of many people - including business people, IT managers, and law enforcement officials. It will serve as an excellent starting point for taking necessary corrective action to prevent further mischief and harm caused to personal and company computer systems. I can't wait to see an updated edition. Highly recommended reading.

this book is culled from sources across the internet, almost all of the information is freely available somewhere. in most cases the author has not even bothered to change the filenames or unique file extensions. the book itself is barely an index of the cd-rom, with the first paragraph of a file serving as a description. there is some (un)original writing done by the author himself, comprising a miniscule amount of the actual text. if you would like to learn what these files are actually about, you would be much better served by going to the sites they were taken from

The book looks damned impressive from the outside; it's 960 pages! Surely, this must be the most complete discussion of the hacking and phreaking subculture ever published! The cover, a sunset-colored affair with barbed wire and neat lettering, tells you it'll have a more up-to-date sensibility. Everything said this would be my next purchase.

My heart sank as I read through the book.

The vast, vast, VAST (over two-thirds) majority of the book consists of the first paragraph of BBS textfiles, with a line telling you the filename included on the CD that comes with the book. In some cases, Chirillo deigns to visit upon you a single-line description, but many don't even have that. So now, imagine this: page after page of filenames, then descriptions, then the first paragraph, of files located on a CD that's in the back of a book. What a horrible waste! There's a computer "glossary" in the back which looks suspiciously like similar documents available on the web, although I can't be sure. Also, there are a few tiny chapters giving general descriptions of the hacker and phreaking subculture. If you were to remove the filenames and descriptions and paragraphs, I doubt this book could get past 100 pages, if that.

This is a general comment regarding Hacking Exposed series. I owned Hacking Exposed (first edition) and then I moved to the more specific Hacking Exposed books, so now I've got Hacking Linux Exposed, Hacking Windows 2000 Exposed and hacking web Applications exposed. All those books absolutely worth it, do not hesitate to buy any of them.

Don't run Windows without it. An in-depth windows security book written for those who do not understand geek. Easy to read and chocked full of info provided to save you from common (and not so common) windows sins. Definitely for the home and enterprise network user/admin.

If you are responsible for a Windows 2000 server and do not have this book, you are asking for trouble. Get it today!!!!

Excellent book which helps you secure your system from the attacker's point of view. It makes you think as a hacker to be able to find the vulnerabilities in your machine/network.

My security officer loves this book because it allows him to send me emails guaranteed to keep me up at night. ;-)

In this world where unexpected suprises are not always welcome - and if your thoughts lean toward keeping an eye on things, this publication will certainly help. There are chapters the younger set would appreciate as well the seasoned info gatherer will not hesitate to start putting something together.
Not electronic savvy? Not a concern. Just a few of the ideas presented here will get you headed in the right direction with property protection, keeping tabs, and real time viewing scenarios.

Before reading this I thought; "Get a camera, put it up, check it once in awhile." Wrong. This easy reading material will get you thinking in important directions about surveilance you probably haven't thought of previously, unless you were a professional.

This is a fun book, with lots of great ideas. However, it really needed tighter editing. There are several instances where the text did not agree with the schematics (schematic has 50K ohm pot, text discusses 50 ohm, etc). This is unfortunate, since novice readers may not spot the problems, and end up with circuits which don't work.

I'd also recommend a more traditional, left-to-right layout of the schematics. Some are left-right top-down, others are right-left. This makes it more difficult to follow the "flow" through the circuits.

Regardless of these hiccups, I'd recommend this book to those who'd like to tinker with "spy gear" or who are looking for simplier project ideas.

I got this for my friend's 16 year old son and he LOVES it! He is so excited about just knowing how all these things work, even though his mother refuses to let him into a Radio Shack in case he tries to build some of it! I've made him promise not to use any of his evil knowledge against our family and in return, I'll get him book 2 for his birthday! Great fun!

One will need an electronics background to understand this book. The author has some amazingly great ideas, I just wish I could understand half of what he wrote! I persuaded my uncle, who is an engineer, to explain them to me. This book is not meant for laymen. The series needs a prequel teaching the basics of electronics, and the parts the book that try to explain electronic basics is still too advanced for us regular people. So either take a class in 'electronics 101' or have an electronic engineer tutor you in this book. Too demanding for my intellect. However, it still deserves 5 stars for innovation.

Great book most of the projects cost under $30 (which would have been nice to know before I bought the book cuz I'm BROKE :( )also do not buy this book if you do not own a soldering iron or have a bad education with electronics But anyways Great Book and detailed instructions that even I can follow ;)

I bought this to help perform research on a security course that I'm preparing. Even though the information on some of the honeypot programs is a bit outdated, I still found the book very helpful. It's well-written, and gives a very good explanation of how to implement honeypots. It was a tremendous help in my research.

This book is written with obvious passion towards honeypots as the author obviously believes in the power of honeypots in making the corporate network a safe place. The discussion cover simple and advanced topics in honeypot motives, creation and trapping hacker information. In all, a well researched book that evangelises the use of honeypot intrusion detection

This book did a great job of presenting the concepts of modern honeypot technology. It begins by covering the basic concepts of what the different types of honeypots can do, the different design concepts of production honeypots vs. research honeypots and how honeypots can be an aid to network security in any organization. The one thing I did'nt like was the "flow" of the book and the way some chapters were written. There was an exessive amount of fluff, some topics were beat like a dead horse. The book could easily have shaved off 50 pages making it a better read. Overall, it was a great book, I learned a lot, and would recomend it to anyone looking for an intro to honeypots. The included CD was a plus as well.

Honeypots is an excellent introduction to the subject of honeypots, useful as a reference for experts as well as for beginners to the subject. It is written very clearly and provides step-by-step instructions with plenty of examples and screenshots. It covers commercial, open source, and do-it-yourself solutions, from very simple low-interaction detection honeypots to very high-interaction research honeypots. A CD-ROM is included with software and example data collected by honeypots. One defect is a fairly large number of typos.

Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.

Secrets of Computer Espionage: by Joel McNamara is a must for any PC user. Staffed with so many examples (with a conversational funny tone) the book does a really good job. The book stresses the vulnerabilities and threats, explains in details the evolution of spy tactics, network eavesdropping and provide countermeasures as well.

It's good to know what's around us and be in the know!

Recommend ****
Guzman, Dror

Judging from the title, Secrets of Computer Espionage: Tactics and Countermeasures would appear to be geared to governments, security agencies, or high-level corporations. In fact, as the author makes clear, anyone with an Internet connection is a potential target of online espionage-even by such "mundane" means as viruses, worms, and phishing attacks-and this book is addressed to that huge audience.

Just who is spying on whom? The author explains that the typical person might be a target of bosses, friends, family members, hackers, and many others. Even people with nothing confidential or of value on their computers risk getting caught up in espionage and other cyber capers. For instance, hackers can use their computers as vehicles for staging attacks or as a location for storing illicit files, such as child pornography. And as more cell phones and PDAs connect to the Internet, the risks multiply.

What may be disturbing to some readers is that every computer device and peripheral provides at least one avenue of attack. The author explains many of these schemes, such as keystroke loggers and cleartext file transfers via file transfer protocol (FTP). In addition, operating-system and application-level vulnerabilities constitute even more ways that systems can be compromised.

Despite the grim picture painted by the author, the book isn't intended to make readers paranoid, but rather to acquaint them with the many risks posed by the Internet. This excellent book shows that someone quite possibly is out to get you, but it provides the tools to protect yourself.

The "Secrets of Computer Espionage" by Joel McNamara unveils what every PC user should know before they hop on to the internet Bandwagon. If you can read this review, then you need to purchase this book. Cyber Crime is the number one precursor to identity theft and the simple thruth is -- Internet Security is YOUR responsibility.

Joel McNamara makes you walk a mile in the bad guys shoes, forcing you to see both sides of the story. You will learn the real threats behind internet worms (such as Sasser) and trojan horses (like MyDoom). Discover why Windows(tm) isn't safe and learn who's after your PII (Personally Identifiable Information).

View the world through the eyes of an internet private eye and see that everything really is an open book, it just depends on where you look. Let Joel be your guide. Buy the ticket, take the ride... then go to www.pcpitbull.com and see what's really inside.

Joel McNamara's book is one of the very, very, few books that I classify as a "Must Read" for anyone involved in business or technology. This book does an amazing job of avoiding the "paranoia for paranoia's sake" tone seen so often in computer security books while still taking the issues seriously and discussing them intellegently.

The conversational tone is fun and often quite funny while not making the user feel talked down to. And Mr. McNamara does an equally great job of explaining very complex topics in way that works for both extremely sophisticated computer technology professionals and non-techies alike. I've brought this book around for side-discussions in the seminars I've given since it came out and my students, ranging from small business owners to 30+ year professional tech veterans in Fortune 50s have learned new and important lessons from it. For a book to address all these audiences is rare. For a book to succeed and be invaluable for all of them is virtually unheard of. This book succeeds amazingly well.

I've not only read the book through in one sitting, I keep referring back to it and it's incredibly useful web site on a regular basis.

Joel, thank you for writing one of the key books of the year!

You and your computer face a dizzying array of security threats, writes tech consultant Joel McNamara. Competitors, cops, crooks and even disgruntled kin would love a peek at your hard drive. But don't hyperventilate just yet. If you calmly analyze the desirability and vulnerability of your secrets, you can figure out how to protect yourself. McNamara's prose is surprisingly clear given the degree of difficulty of his topic, and he offers a number of useful sidebars, charts and examples from inside the tech business to juice up his instructional tome. We suggest this practical book to managers charged with protecting corporate data, and to people who are unsure just how safe their computers are.

This book is a complete guide and very easy to read. Simple said it's GOOD.

Mauri

This is an excellent book. Many books of this nature leave you wanting. They talk in complicated jargon, excite you about learning new concepts, and then leave you hanging with no real application of what you are learning. This is not the case with This book.

This book is excellent for both the beginner and the advanced! Plenty of real examples! Walks the beginner through the concepts of foot printing. It explains the technologies and then for the advanced it talks about creating custom code for each vulnerability.

This is a must have for any security professional's library! it was worth every penny!

If you do any type of professional Web Application Assessments then this is your bible. I have read many books on web app assessments and perform many Web Application Assessments for many large companies and government agencies and this is an excellent resource. I use Dafydd's Burp Suite and I can not say enough about it. If you are serious about Web Application security then this is a must read. Thanks to Dafydd and Marcus for a great book.

Kevin

This is a great read for anyone interested in the security of modern web applications. It covers the hacking process from mapping the attack surface to exploiting input validation, access control, session management, and authentication vulnerabilities using real-world examples and diagrams. There is an in-depth 100pg chapter on injecting code(e.g. SQL, OS, script, etc injection) and a 95pg chapter on attacking other users(e.g. XSS, request forgery, etc attacks). There is information about bypassing common sanitization techniques in cases where user input is sanitized. The book also covers how to write your own scripts to automate complex attacks. At the end of each section are the steps necessary to defend your application against the attacks that were described with an emphasis on "defense-in-depth"; an approach where one tries to prevent the compromise of the whole application even if one component of it is already compromised.

This book is extremely up to date with its coverage of new AJAX and XSS-type attacks while still covering the relatively old vulnerabilities like buffer overflows and sql injections.

The authors are both professional penetration testers which gives them credibility over the information they provide in this book, and one of them is the author of the excellent free web application hacking tool called Burp Suite.

I would recommend this book to anyone that has a basic knowledge of how the Web works (http, javascript, cookies, html, and basics of a programming language like php or java) although you could learn these technologies as you are reading the book which would take some more time.

This is the most important IT security title written in the past year or more. Why? Custom web applications offer more opportunities for exploitation than all of the publicized vulnerabilities your hear about combined. This book gives expert treatment to the subject. I found the writing to be very clear and concise in this 727 page volume. There is minimal fluff. While everything is clearly explained, this is not a beginners book. The authors assume that you can read html, JavaScript, etc... Usually with a book like this there are a few really good chapters and some so-so chapters, but that's not the case here. Chapters 3-18 in this book rock all the way through. Another huge plus is the tools in this book are free.

The first few chapters provide context and background information. Chapter 3 on Web Application Technologies provides particularly useful background info. The next 666 pages of the book are all about attacking the applications.

There next five chapters cover mapping application functionality, client side controls, authentication, sessions, and access controls. The coverage is comprehensive. I'm not new to these topics, but I learned so much in every chapter. The depth of coverage is amazing.

The next six chapters are the heart of this book. They cover injection, path traversal, application logic, XSS and related attacks, automating attacks, and information disclosure. You'll find full treatment of attacks we're all familiar with like SQL injection and cross site scripting as well as many that most of us haven't heard of before. The danger is real and these chapters need to be read.

The final next four chapters cover attacks against compiled applications, application architecture, web servers, and source code. The final two chapters are more useful as a quick reference. They provide an overview of the tools covered throughout the book and describe attack methodology discussed throughout the book for exploiting each technology.

This book scores five easily based on the relevance and value of the information.

excellent reference material has been invaluable to me in the last week and has steered me into making some difficult choices easily

This book, especially if used in conjunction with the author's web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I've read. My reasons for making this bold statement include:

- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I've read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.

- By separating the process into three distinct domains (referred to as 'stacks') you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.

- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.

The planning approach set forth in the book is straightforward and realistic - you're led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.

Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.

In Mission-Critical Security Planner, Greenberg lays out all the security elements that should concern you and what questions you should ask about them. With this book, half the battle is won because you at least know how to do the planning. You still have to do the planning, but with the worksheets and tips provided in the book, that will be much easier than it used to be.

I read the book twice: once to get an idea of what all the worksheets were about and once to really read them with all the technical and practical details provided by Greenberg.

Greenberg identifies 28 security elements, including 15 fundamental elements, (six of which are core elements), and 13 wrap-up elements. Core elements include things like authorization and access control, authentication, encryption, integrity, nonrepudiation, and privacy. Those may seem obvious, but Greenberg has a lot of useful things to say about them that others haven't said.

Perhaps the most valuable part of the book is all the other elements, which we tend to forget, including addressing and routing (with tips on how to get those right from a security point of view), configuration management, directory services, time services, staff management, legal issues, and so on.

I'd be interested to see some projects get implemented with Greenberg's methods. I think it should work quite well, although due to entropy, laziness, over-worked engineers, and other such factors, I would guess that some of the numerous worksheets will fall by the wayside. But I think Greenberg would be OK with that as long as most of the worksheets are maintained and the company adopts security as a way of thinking.

In summary, this book is definitely worth reading, probably numerous times!

The truth is, hackers and other attackers won't take no for an answer, and while there is absolutely no way to stop attackers from trying; there are ways to stop them in their tracks.

With that, Mission-Critical Security Planner is a surprisingly good book, aimed at someone looking to start developing their information security infrastructure. Rather than having to reinvent the wheel, the book provides planners with the framework and tools they need to create their information security infrastructure.

One good feature of the book it is large collection of templates and worksheets on various security elements. .../

The book is not overly technical and is quite good for those who need to get their security group up and running in a short timeframe.

For those that are serious about security, they will find that Mission-Critical Security Planner is like a cookbook. They can use it to prepare their security as needed.

Overall, Mission-Critical Security Planner is a very readable and useful book. Those who have an imperative to get their security groups up and running will find huge value in the book immediately.

It is very rarely, that you'd see a good high-level security book nowadays. There are lots of great "worm-eye view" books with nice detailed descriptions of attacks, defenses, secure configuration options, tools and tricks. However, many of the high-level books resolve to quoting some outdated CSI/FBI survey, blabbering about security policy and giving out piles of outworldly advice on how to "mitigate risks".

This visionary book proves the opposite: you can have a high-level security book, which is not just practical, but actionable. "Mission Critical Security Planner" delivers a portion of the security process, packed into one toolkit. Make no mistake - this book is about planning how to do security, not how to tweak your scanner or configure a firewall. However, planning is indeed a critical (and, as the author points out, often missing) piece of security conundrum, and the book delivers on that.

An awesome component of the book is a large collection of templates and worksheets on "selling" security measures, planning the implementations, organizing security team, dealing with various business people and many other occasions. The book has the printed versions while its companion website criticalsecurity.com has the download.

The main part of the book is organized around "security fundamentals", large domains of security (such as authentication, encryption, integrity, privacy, etc), which are used to structure the security planning process, described by the author. For each of the fundamentals, the content is organized in sections: summary, security stack (covering various aspects from physical to application level), life-cycle management (from technology selection to response), business (on dealing with various categories of business people, such as suppliers and customers) and selling security (to execs, managers and staff). All of the above contain various templates.

Among the more fun parts, the section on negotiating with hackers is just exclusive and of the never-seen-before kind. Section in hacker profiling is also of interest, since it seems to originate from author's experiences (and not in just reading about it on the news). The book also demystifies such elusive notions as "impact analysis", "security ROI". PKI also has a prominent role in the book. While PKI (as it is defined today) might or might not fly, the book gives a great example of large-scale production implementation, running for many years. Another great feature of the book is author's "future 10 attacks list" with his predictions on threat landscape.

Overall, the book seems indispensable to those responsible for securing networks. Security managers and CSOs will likely gain maximum benefits from using it (due to the book targeting), but other security professionals will benefit as well. Notice, that the benefits can be derived from "using" it as opposed to just "reading" it, although even the latter will prove highly enlightening. The "selling security" templates alone are likely worth their weigh in gold. The book is well-written and, while not possessing the lively style of some recent security books, will beat some of them hands down in real-world applicability. After all, even if you very well know that IDS is valuable, who will help you to "sell" it to the CIO? This book just might!

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

This is a really fun book, with lots of projects for budding electronic musicians. But it goes beyond that: It's a solid intro to electronics and CMOS components. I went into this book thinking it might be too basic, yet I walked away with a lot of ideas, and some interesting new techniquess.

I wish that more electronics writers would cover the material with this author's style and accuracy. Also, kudos for providing parts sources and for using easy to find and inexpensive components. (I've seen many people, myself included, become frustrated by hard-to-find parts lists or the use of discontinued items. These projects suffer from neither of those problems.)

In the end, you'll be left wanting to know more about the components and techniques you've picked up. (You'll probably want to add Don Lancaster's classic CMOS Cookbook to your shopping cart. It will give you the details about many of these components.) Highly recommended. I'm looking forward to other books by this author.

Ah ! this book is one of the best i bought.
I just love it !!

Great great book - covers a lot of ground and is very accessible for someone with a fairly technical mind. Just enough information to spark some ideas of what could be done with this technology.

Ever since products such as GarageBand took over the low-level tasks of producing electronic music and turned us all into application users, much has been forgotten about making music with low-level electronic components. In the case of younger electronic musicians, this may be an art form they never even knew in the first place. Although there is an advantage is computer musicians speaking a common language through a common application, something fascinating in the realm of experimentation has been largely lost. This book returns to the days of yesteryear with some projects in making your own electronic music with basic devices.

The book starts with some brief information on the tools you'll need plus the author's seven rules for experimentation. Part two is dedicated to listening. He shows you how to use radios and coils to find hidden electronic music, how to use the speaker as a microphone and vice versa, and how to use piezo disks to pick up tiny sounds, among other topics. Part three, on touching, shows you how to transform a portable radio into a synthesizer, change the clock circuit in toys to produce new sounds, and use photocells and pressure pads to "play" the modified toy. Part four, Building, shows the reader how to breadboard up some oscillators along with some controlling circuitry and produce gating, ducking, tremolo and panning effects. Part five, Looking, concerns translating video to audio using commonly found devices. The final section goes into depth on mixing circuits, how to build a good but cheap amplifier, connecting sensors to computers via game controllers, and a section on power supplies.

The book is written such that you should proceed from beginning to end, since the devices in earlier sections are used to assemble the devices in later chapters. By the time you finish you should have entire experimental musical instruments that you have assembled yourself.

This is a great book if you are a electroacoustic composer, you can make cheap sensors and rare instruments... ready - if you want - to plug to Max/MSP or Ethersense...or Teabox... Thanks to Gregory Taylor from Cyclin'74.