Hacking Books

This book gives you real insight to the Knoppix workings. Be it trying to backup a windows partition or scanning it for viruses. It even teaches you how to remaster Knoppix and do it your way. If you want to get the most out of Knoppix this is the book to look for.

This is the first ExtremeTech title I've ordered - and if this is an example of their overall quality, it will quite likely be the last.

"Hacking Knoppix" is a mediocre rip-off of the much better O'Reilly title Knoppix Hacks: 100 Industrial-Strength Tips and Tools.

Chapter 1, for example, is entitled "Unraveling the Knoppix Toolkit Maze" which is nothing more than an overview of using several common Linux applications such as OpenOffice. Hardly "hacking" in any true sense of the word. From covering total basics, author Granneman then immerses you in "Asessing Security with Knoppix" and "Clustering with Knoppix". Let me see if I can grasp the logic of this: the first chapter is incredibly elementary and deals with the basics of a common application suite and within 150 pages is dealing with clustering and assessing security?

No.

This is simply a rip-off. It's a collection of "wisdom" gleaned from online sources and put between sazzy covers as a guide to "hacking Knoppix".

More like simply a device to separate you from a few of your hard-earned dollars. Leave this one for the dollar remainder table. As well, I would be extremely wary of any ExtremeTech title: judging by this example, it is a series intended only to exploit the O'Reilly hacks series which are far better.

Jerry

...book on linux I have bought in years!

Scott Granneman has written a book that gives you tips you can directly use within knoppix. The information on Helix OS is worth the purchase of the book alone.

It is also written in a very readable way.

I have honestly gained more knowledge from this book that any other on the subject.

A+

I was very disappointed in this book. In each case, there is just enough information, some of which applies to a later version of Knoppix, to turn the package on and then there are references to internet sites which requires hours of searching to find the answers to questions. The author would have done well to explain the function of the commands that he uses. There is an attempt to cover much more material than is possible in a book of this length. The writing style is geared towards an eight grade level with the use of slang and cryptic names. I expect a book to educate the reader, not simply provide a semi-accurate road map to information.

I bought this in conjunction with the knoppix hacks book as it was published more recently than the other book. Like the Hacks book, this has a number of really useful tricks that really show off the use of Linux and Knoppix as a whole. The ability to use Knoppix to cloan PC's and even setup a Master machine to act as a cloan repository on a network is really handy.

I think both this book and knoppix hacks compliment each other very well.

This provides very crucial ideas and the rare how to do them lists that all photographers should read. This is increased my abilities to perform better pictures for my friends and clients.

Here is another benign use of the word "Hack". Meaning to tinker with, or experiment. The authors indulge fully in this meaning of the word, as applied to digital cameras. The activities described are almost all hardware related. That is, hands on, manual tinkering.

Such as making triggers. An entire chapter is devoted to this. You can see that the issues here are not so different from building triggers for analog cameras. A trigger is a basic and important extended functionality for many camera users.

There is much other experimental functionality given. The most interesting seems to be taking infrared photographs. Many digital cameras do respond in the IR. Unlike standard photographic film, which favours the visible spectrum. So whereas with an analog camera, you would need special IR film, if you have a digital camera, it should already have a decent IR sensitivity. For some of you, this may be an unexpected bonus of using a digital camera.

Two chapters do deal mostly with software. One involves getting raw sensor data from Casio or Nikon cameras, and then using some publicly available software to decode these into a more standard graphics format. While the other chapter is about programming a remote control for the camera.

When I see a picture in a camera book illustrating how I can open a digital camera and get at the insides to make modifications, I get scared. The thought of taking the guts out of my camera is like the thought of major surgery to my internal organs. And yet as I read through the "hacks" proposed by the author, I found just reading about them to be fun, even if I wasn't going to undertake any of these projects (or at least not most.)

Years ago a hacker was a person who modified software to adapt it to his or her own purposes. Over time it's also come to mean a malicious person who deliberately attacks the functioning of computers, but the author is using this earlier meaning.

In this book, Cheng tells of a variety of simple modifications that one can make to cameras and other photographic equipment to allow them to be used to extend their capabilities. Some are quite simple like building a remote trigger for a camera, or a battery pack that can be tucked inside the user's jacket for winter shooting. Other projects are more complex, like getting data in the RAW format from cameras that normally only deliver JPEG files. And I wondered why one would want to open up an MP3 player to remove its micro drive. (The answer is because the particular player with micro drive was at one time actually cheaper than a separate micro drive that could be inserted directly in a camera.) The projects are well explained, and illustrated with plenty of photographs. The equipment needed for the hacks is inexpensive, and the tools are readily available in most homes.

Now I have to tell you that if I wanted a camera with a tripod socket on it, I would buy one that was so equipped. But I can see that a certain kind of do-it-yourselfer might have a socketless camera on hand and regard it as a nice challenge. Ditto for a camera that shot RAW files, especially if I would have to learn how to decode the raw file after I had downloaded it. On the other hand, if I had a camera that needed a filter holder but had no provision for the device, I'd certainly consider one of the author's hacks.

Most of the projects are aimed at the modification of specific equipment but they can easily be translated to other cameras. For the more complex hacks, the author can both provide you with an idea for a project and a site on the web where you might be able to find detailed instructions.

Because this book probably only appeals to a small audience, the publisher has probably had to keep the production costs down. The quality of the paper is not high and the photographs of the project steps are of a rudimentary, but sufficient nature.

I have to confess that what this book most reminded me of was the project books that I got for my kids' science fairs. I loved to browse through these books, and I always wondered why my kids never tried any of the cool projects. Maybe now, I can try a project for myself.

If you are consider buying this book, you might as well buy it, look it and give it somebody else for Christmas.
I would Strongly recommend you go to an actual bookshop ,read it quickly and judge it from there.
This may not be suitable for your camera!
Overall the Hacking Digital Cameras idea is pretty sketchy and has a limited range of camera models ,you better use the internet instead.

Want to really live on the edge with your digital camera? Perhaps even void the warranty? Hacking Digital Cameras by Chieh Cheng and Auri Rahimzadeh might be to your liking if you want to build your own add-ons without spending a bundle...

Contents:
Part 1 - Hacking Cameras: Building Triggers; Adding a Tripod Socket to Your Camera; Accessing Raw Sensor Data; Hacking Power; Controlling Your Digital Camera from Afar; Improving Your Canon EOS Digital Rebel
Part 2 - Hacking Lenses: Using Accessory Lenses; Making an Accessory Lens Adapter; Changing the Lens Magnification; Making Your Own Pinhole Lens; Extending the Lens on Canon EOS Cameras; Making Reverse Macro Adapters; Modifying the Canon EF-S Lens for Use on Canon EF Mounts
Part 3 - Create Photography Hacks: Hacking with Filters; Shooting Infrared Pictures with Your Digital Camera; Eliminating the IR Blocking Filter from Your Digital Camera
Part 4 - Building Fun Camera Tools: Building a Car Camera Mount; Building a Headrest Camera Mount; Building a Spycam Mount for Your Bicycle; Building a Camera Stabilizer; Building a Flash Bracket; Building a Monopod; Making a 500-Watt Home Studio Light
Part 5 - Flash Memory Hacks: Modifying the CF Type I to PC Card Type II Adapter; Removing the 4GB Microdrive from the Creative Nomad MuVo2 MP3 Player; Removing the Microdrive from the Rio Carbon 5GB MP3 Player; Removing the 4GB Microdrive from the Apple iPod Mini
Appendixes: Soldering Basics; Circuit Symbols; Glass Cutting Basics; Photographer's Glossary; Index

If you're the tinkering type that loves to take things apart to see how they work, you'll find stuff here that I haven't seen in other photography books. I think this is the first book I've seen with a section on taking your camera apart... literally. Once apart, you can start adding things like shutter triggers to give you more options than a timed 10 second delay. I guess you could also just go out and buy something that already does that, but what's the fun in that? :) But not everything is quite as adventurous as that. If you have a camera with no tripod mount, there's a nice hack that shows you how to add one. You can go big time and actually build a block that you can velcro your camera to, or it can be as simple as gluing on a nut that's the same size as your tripod screw. Something I wouldn't have thought of...

To be honest, I'm not sure I'd have the guts to try a lot of this stuff. I'm not good with tools, and prying open my camera would cause bad things to happen. Maybe not to you, but it would to me. As such, I'm probably not the intended audience for this book. But I was surprised to see what you could do with a little ingenuity and a soldering iron. I can see where this book would offer hours of entertainment for the right type of photographer/geek...

Great Book. I read 2600 and similar. Im not a serious hacker but love to
know the cracks. More armchair than doing . Lot of good stuff in this book.
Started reading in Borders then bought on Amazon for better price.

As an IT professional, I was looking for comprehensive reading to strengthen my network security knowledge. This book fulfilled that goal well. I am very pleased at the value obtained. I would surely recommend this material to those interested. It appears easy enough of a read for a beginner, but even as a seasoned vet I found it very useful.

Aside from any moral qualms about the legitimacy of such a book (of which I remain neutral) this is clearly not written by an 'authority' on this subject, so any serious hacker would find it no more dangerous than halitosis in a gas station.

Lots of waffle and posturing. Not convinced he actually understands the more advanced 'code' snippets he introduces (e.g. he manages to confuse a c 'header' with a 'library', also why would any serious security hacker write a keylogger in pascal!!!? Many parts are REALLY badly explained and have basic errors for a 2nd edition (see p356 - the first Xor table has a basic error in third row). Several bits of the text look suspiciously familiar (i.e. possibly cut and pasted from unacknowledge sources, which might explain the inconsistencies).

I gave two (generous) consolation stars because (a) the breadth is to be commended (at least he tried), and (b) the fact that you can still pick things up interesting snippets from this book; so long as you suspend the urge to yell WRONG! at it, and (c) Contrary to the previous reviewer who gave it 5 stars (a 'friend' no doubt) this book states on the last page that it is aimed at 'beginners'.

Unimpressed...

This book starts with using Windows 98. 4 versions of windows have been released since then it also has crappy exploits that are outdated and do not work. dont waste your money.

As an IT professional, I was looking for comprehensive reading to strenghten my network security knowledge. This book fulfilled that goal well. I am very pleased at the value obtained. I would surely recommend this material to those interested. It appears easy enough of a read for a beginner, but even as a seasoned vet I found it very useful.

Held hostage for ten million dollars - only Alex Bellamy can save the company from giving into the demands and going bankrupt. "Fatal Encryption" is the story of a sudden murder and its strange link to McKinley's department store in which Alex agreed to assist, believing that the murder and the ransom plot against the store's computer information are connected somehow. He must find the connection, the killer, and the extortionist or face unemployment, among other unpleasantness. A riveting mystery, "Fatal Encryption" is highly recommended for community library mystery collections.

This is the second in Purdy Kong's Alex Bellamy mystery series. I always enjoy a well crafted, well written mystery novel and "Fatal Encryption" is one of them. Not only does it have a gripping plot and three dimensional characters, there is a well-woven subtext throughout. See if you can figure that out while you try to identify the killer.

This is the type of book that makes you long for the next in the series as you approach the end - a page turner with more depth than most.

Alex Bellamy, 28-year-old Chartered Accountant and computer geek who had been working as a temp, decides against his better judgment to accept a job as systems analyst for the family-owned McKinleys' Department Stores. Three successive men had left the position or been fired, and the stores' computers have been the target of pranks. Alex decides that virtual vandalism is a worthy objective for his talents and in fact, since normally he merely sets up systems and gets rid of viruses for his clients, thinks it might be an `intriguing challenge.' Little does he know.

No sooner does he accept the job than the family receives threats which escalate from huge ransom demands to promises of retaliation ranging from a fatal encryption of the entire computer system used by all stores in the chain [the main store plus 21 satellite stores], to the burning down of the main store. The stakes are raised when the brother of a man who had been fired from the store is murdered. Could the killer and the hacker be one and the same? The suspects are, among others, "a disgruntled systems analyst, an employer close to bankruptcy, and a controller who couldn't keep his mouth shut."

The book is all about family dysfunction, from the McKinleys themselves to Alex [who had always been made to feel like the family failure when he rejected joining the Bellamy family's successful hotel empire] and various others around whom the plot revolves. Some of the writing felt somewhat stilted, e.g., "Just as I feared. Either the culprit, or his accomplice, works among us." The plot points first to one suspect as the most likely, then to another, then to another, and so on. After a while this began to feel repetitious, and the book might have benefited from some judicious editing. But the suspense builds to an exciting conclusion.

Among other unknown-to-me facts I picked up from the novel were the distinction between a "hack" and a "cracker," the former being someone who just wants to learn, the latter someone who wants to harm, and the definition of `encryption," i.e., converting data into code which makes it inaccessible.

Reviewed By Debra Gaynor for ReviewYourBook.com


Debra Purdy Kong reprises her lead character, Alex Bellamy, in her book Fatal Encryption. This book begins with a murder and Alex in a frog costume. Alex takes a job at McKinleys' Department Stores as a system analyst. Someone is threatening to encrypt their system permanently. Alex delights in a challenge, but is he up to this one?
Debra Purdy Kong writes with a flair for technology. Fatal Encryption has a timely plot. The thought of Alex in a frog costume brings humor and depth to his character. This is an entertaining read. Mystery readers will love it.

Fatal Encryption is a corporate caper with plenty of twists and turns, and an assortment of appealing characters that will keep you guessing.

Debra Purdy-Kong's newest novel offers a well-plotted modern day mystery that is reminiscent of the classic whodunnits, and her amateur sleuth Alex Bellamy makes for an interesting, yet flawed, hero.

A great beach read!"

--Cheryl Kaye Tardif,
bestselling author of Divine Intervention

I found they print of the book isn't practical, pages too closed to each other. It speaks about Windows2000 exploits and tools used to hack into it, while Windows2003 is out from a while; but no one can deny the book had usefull things in it.

"The Hacker's Handbook" is a comprehensive and entertaining volume on security. It has most of the defining traits of a great book, such as clearly stated goal (authors realize that lots of security books are out there and one needs to differentiate) as well as some unique content on application attacks.

The book is a technically sound volume, I found very few factual mistakes. I found some interesting content on central auth servers such as radius, which I haven't seen described well elsewhere. Defensive tool info is a bit jumbled and not new. For example, IDS coverage is too non-specific to be useful. I also found a couple of other chapters a bit weak on interesting content.

The book covers the security field on many levels - from concepts to scripts - and can be successfully used by entry-level people as well as experts. The book is better suited for technologists rather than managers. Security analysts/admins, hands-on security managers, security savvy system and network admins, students of computer security can benefuit from a book.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

I am a computer security consultant and I think this book is great. I found it complete and through. I would highly recommend it. It is like 800 plus pages. I wonder how many keyboards got worn out authoring this outstanding work.

Susan has presented a thorough guide to computer security and how to guard against internal and external vulnerabilities. She allows the reader to get inside the mind of both the nefarious hacker and the seasoned defender.

Recommended for the beginner through the advanced security consultant.....

...This book covers a wide array of topics, focusing on three aspects of each topic: technical background, hacking, and security. The coverage is both comprehensive and practical. The book explains the technical and conceptual foundations of computer security. Its information is organized in a way that makes it easy to find material relevant to any questions you may have regarding hacking and security. And every chapter points to additional materials if you want to investigate further.

You'll learn all about the anatomy of various types of attacks, including the five elements of attack strategy: reconnaissance, mapping targets, system or network penetration, denial-of-service, and consolidation. You'll also learn about the tools you'll need to defend your network, how they all work within a security framework, and the strengths and weaknesses of each. Included are tools for the purposes of access control, authentication, auditing, privacy, intrusion detection, data integrity, and more.

If you are a network or security administrator, protecting your network's integrity is one of your most important tasks. Before you begin your chess match with the world's hackers, make sure you know the rules, the tools, and the possibilities of the game. Make sure you understand the strategies that will be used against you and that you can use against your opponents. Make sure you have a copy of The Hacker's Handbook close at hand. Hey, I do! - Raffiudeen Illahideen, IL, USA

This is the first serious study I have seen of a generally media sensationalised area. Being straight from the hackers' mouths, the source material gives a more balanced view than those given by previous authors who tend to be overly moralistic and prejudiced in their approach to the subject. True impartiality is on display as well as meticulous research. Well done Dr. Taylor. I found the grammatically ludicrous, error strewn review of Mr. Yamane particularly unhelpful and inaccurate. People in grass houses shouldn't throw stones.

Author Paul A. Taylor writes about the issues of security breaching between the hacker and the computer security industry in his book Hackers: Crime in the Digital Sublime. Taylor begins the first half of the book giving the definition of a hacker, walking the reader through the evolution of hacking and describing the Hacking culture. His point being, to look past the stereotypical label of hackers being criminals. Using interviews of well-known hackers, in the hacking community, and elite hackers, Taylor provides his audience with a perspective of the positive moral and ethical values most hackers inhibit. This reinforcement helps balance the arguments between the computer underground (hackers) and the computer security industry.
The issues that Taylor concentrates on are about hackers' intrusion on big business systems opposed to an individual's personal records. The main argument that consistently appears throughout the book is whether hackers who intrude on big business systems should be punished and how society can determine how they should be punished. Although Taylor leans toward the side of the computer underground, he mediates the arguments throughout the book with a balanced amount of interviews from both sides of the argument.
In today's society, Taylor states that cyberspace laws are compared to those that exist in a physical space, the "real world". By providing the point of view of the hacker, Taylor is able to contend that in order to develop a more legitimate law against the intrusion of secured computer systems, society will have to define whether cyberspace is comparable to the real world or if a new set of rules should be developed to aid the regulation of cyberspace.
The way in which Taylor structures his book, Hackers: Crime in the Digital Sublime, is comparable to the structure of the MSNBC news program, Hardball with Chris Matthews. During the show Chris Matthews proposes an issue or argument and brings in specialists from each side to debate it. Taylor follows this structure by interviewing people from the computer underground and people from the computer security industry about where laws should be placed or not be placed in cyberspace. Of course, many books have been written giving both sides of an argument, but what separates Taylor's writing from the rest is how the interviews are separated structurally from Taylor's own opinions. The book reminds me of a TV news program transcription. For instance, the interviews are always separated from Taylor's writing by a line space and indented from the left side by five spaces. This structure gave me the feeling that he was not confident enough in writing his argument in his own words or maybe he did not have that much to say about it. Only half of the 176 pages were actually written in his own words. I was very interested to learn about hackers through the eyes of someone who knows some of them personally and favors their point of view, but given his lack of interpretation on the arguments between the underground and security industry, I find him not very convincing.
It is apparent that Taylor favors the side of the hackers. Although Taylor equally balances the time spent on each viewpoint, he sometimes uses quotes that make the other side, the computer security industry, seem hostile and unintelligent. For example, Taylor argues about how hackers violate laws and professional codes of ethics but he does not believe that hackers are liars, cheaters, or stealers. His reason being that there are no allegations held against them. After stating that all of the hackers he has met seem to be decent people, he then strings five quotes together about how deviant the computer security industry thinks hackers are. For instance, one quote read, "Somewhere near vermin i.e. possibly unavoidable, maybe even necessary pests that can be destructive and disruptive if not mentioned." (107). This quote is taken out of its original context and put into one of which would persuade his audience to believe his opinion. Taylor does not give the information about what kind of argument the person was having when that statement was made. For all we know this could have been a CEO speaking about a hacker who infiltrated the company's system and did so much damage that it to cost the company millions of dollars to repair.
Despite the lack of trust I have for the author, Taylor put together a great understanding of the hacker, the history of hacking, the hacker culture and their motivations. I now denounce the stereotypical negative connotation that the word hacker possesses. The similarities between the book and Hardball would be effective if both parties were given an equal opportunity to share legitimate information about their viewpoint. Unfortunately, since both parties were not presented in the exact space and time like a news show, Taylor is able to edit the information he collected and skew it to benefit his own opinion.

I enjoyed many quotes of the media hype on hackers, but I do not agree that this book is ``the first major intellectually rigorous study of hacking'' as another reader reviewed.

Steven Levy's _Hackers_(It had criticized the Weizenbaum's view that the author depended.), Eric Raymond's _Cathedral and the Bazaar_, and _The New Hacker's Dictionary_ by many contributors had already researched and provided exciting resources on the hacker's culture and sociology. I cannot find the reason that they are not so intellectually rigorous. (Though Levy had made some mistakes, he tried to collect the mistakes in later edition.)

The author understand the hacker in the filed of the counter culture, rather than the serious computer development. That's the why the author ignore the both study of _Cathedral and the Bazaar_ and _The New Hacker's Dictionary_. So he failed to cover the hackers' most succeed and international part.

I fond some bibliographic mistakes in this book.

_The Cyberthief and the Samurai_ is by Jeff Goodell, not Godell.

_Wargames_ is the movie in 1983, not in 1989.

As URLs in the reference had already expired(maybe before this book is published), the date information or mirroring service might be helpful.

Salem revisited

Twenty five years ago when I was starting out in my career as a computer barrister I ran into an elderly Queen's Counsel and got chatting. "I'll have none of your computery Kelman" he replied when I started talking about technology. 'Computery' was a word the QC made up on the spot which exactly matched his way of thinking - computers were magical and "computery" was like sorcery - a black art perpetrated by young dangerous wizards who did not know they place.

Dr Taylor's book takes the reader into this world where the establishment were frightened and yet fascinated by the 'computery', where young immature men (for it was mainly men) sought to use hacking to raise their social prestige and where hysteria and hype created a modern day Salem with show trials on both sides of the Atlantic. But while some of the hackers deserve to be considered young investigative journalists a large number engaged in primitive tribal rituals using their technical abilities in arcane coding for the pursuit of power without responsibility.

Dr Taylor documents this phenomenon and a revealing picture of the late twentieth century "new barbarian" culture (to use a phrase popularised by Professor Ian Angell of the London School of Academics). How society will embrace and extend its power over hackers with share options, main board directorships and new academic posts instead of punitive sanctions is the unwritten text of a latent follow-up volume.

This book on hackers is the first major intellectually rigorous study of this social phenomenon. I can commend it as required reading for anyone who is interested in the way society approaches threats which undermine the pecking order of society. Filled with quotes from the hackers themselves and visionary authors it is a mind expanding piece of literature which teaches while it entertains. Buy it.

Alistair Kelman Barrister and Visiting Research Fellow LSE Computer Security Research Centre The London School of Economics

Taylor's Hackers is anextended and rigorous analyses of hacking as illicit computer intrusion (or cracking as some insist it should be called. Taylor explores in detail the nature of hacking from every angle. His book is based on over 60 in-depth interviews and is written sympathetically, treating hackers as human rather than as pathological teenagers. It is essential reading for anyone interested in Hackers. There are only two extended, academic pieces on hacking, this book and the complementary statistical analysis by John Howard (available at http://www.cert.org/research/JHThesis/index.html).Hackers also has the advantage of being accessible and well-written. Perhaps the best way to look at this book is as an encyclopaedia of hacking, because it provides extended quotes from hackers, computer security personnel and interested others (journalists, academics, etc.) on all relevant topics. An excellent piece of work.

I love clever tips, and Scott Knaster delivers a ton of them here, many seen nowhere else. But this tome goes way beyond tips, diving into the gnarly details of Tiger that others have glossed over, such as application internals, Widget construction, and Unix command language. So many Mac books are just a rehash of the surface of the user interface. Scott's book is way ahead of the pack.

I was looking for a book with medium to advanced info on Tiger and this one seemed to fit the bill. I was a little concerned at first when it started off with user tips which were handy, but I wanted more technical stuff. The latter parts of the book really delivered. There's well done sections on Automator and Quartz Composer. The best part is the last chapters which have programs with source for Dashboard, Spotlight, dock badging, and a few more. My advice is skim the first few chapters and pay attention to the rest.

This book is most effective if you are sitting in front of your Mac system whether it's a laptop or desktop. Work your way through the examples from start to finish, reading the chapter introduction before embarking on each adventure. While hacking is generally viewed as a more skilled or extremely geeky term, this book is clearly useful to experienced beginners who want to gain expertise in the functionality/usability of their Mac (as well as those who want to explore modifying their Mac more extensively).

Part I of the book is dedicated to a gentle introduction to the components that make up Mac OS: the finder, dashboard, dock, preferences, user interface, startup, iTunes, utilities, unix applications, terminal, and shell commands.

Part II is strictly for those ready for the "Advanced Mac" training.

Although most people see the GUI portion of the OS, keep in mind that the "engine" underlying the GUI is Unix and 'hacking' the Mac will at some point descend into command line editing. Rather than be daunted by exposure to typing in your commands instead of having your desires constrained by what some application interface designer decided you could change with a GUI, embrace the power of the OS. Knaster slowly prepares the reader for the more advanced adventures as he introduces the Terminal in the "Quit the Finder" example. Seeing each following example you can build an idea of what you are doing by looking at the similarities of the commands. Rather than just limiting you to what he knows, Knaster is building up your understanding of how the underlying secret functionality works. For example if you look at the first few examples in Chapter 1 you will see the following pattern:

defaults write com.apple.finder Function optional flag yes|no
(for non geeks the | stands for OR ..)

If we translate this to English, defaults is clearly talking about the "default way I want this done", com.apple.finder is how to refer to the finder application, and then it finishes with a toggle for turning the function on or off. We see that this formula is consistent as we follow through with the next chapter with

"defaults write com.apple.Dock function toggle"

Part II of this book may be too advanced for beginners, but gives expert users exposure to more of these building blocks to understanding the power of the OS.

Overall, a very well written book with great introductions to topics and well thought out examples to modifying the Mac from beginner to advanced techniques. I highly recommend it to individuals who are interested in becoming more Mac proficient. At a bargain price of ~$17 on Amazon, compared to many technical books that sell at over $30 a piece this is a must have.

I found the first two sections of this book very useful. ie, I have come to LOVE Mac OS's zoom feature, which I use all the time now to make small video boxes 'fill' my 17" screen. There are other fun trick and tips in those first two sections.
It's the third section that bewilders me. Without any transition, the book goes right hardcore into coding. I ended up having to use the 'help' menu in Apple's XCode developer application just to understand how to do some of the things the book instructs you to do. Then I spend all this time entering a bunch of tedious, rote code. Then what do I do? I don't know. The book doesn't tell you how to actually turn all that code you wrote in XCode into a useful application. Is there some icon I'm supposed to double-click now? I don't know and the book doesn't tell me.
Blah... Even in those first two sections, come to think of it, I would have been totally lost if I did not already read the "Missing Manual" guide to MacOSX and get an understanding of Terminal and Unix. Geez, would it have killed the author to have taken just a little bit of time and offered readers an explanation of what Terminal is, what Unix is, and how to use those to follow the instructions given in the book?
That's my take and I'm sticking with it.

I had to return this book, only because of my unfamiliarity with UNIX. Long gone are the days when I used to knock out code. I've been spoiled (ruined some might say) by years of GUI and the heavy use of utility programs.

If you like using Console on your MAC you'd probably get a kick from using this book.

I wanted to leave my review 'unrated' because I consider myself unqualified to judge its utility, not because it is necessarily a poor manual, but the Review form required I supply some rating so I chose 'middle of the road' 3 stars.

The development of web services is growing, along with security issues relating to web sites and their management - and HACKING WEB SERVICES is a recommended pick for any concerned with ongoing security issues. Intermediate to advanced security pros and developers receive a detailed look at the foundations and tools for web services security, from the evolution and historical background of their development to using the latest open source tools and techniques. From common vulnerabilities and built-in problems to handling commercial loss, HACKING WEB SERVICES also includes a cd-rom for maximum detail.

Diane C. Donovan
California Bookwatch

Although I dont agree that it is anything more than a minor quibble, I do agree with the other reviewer who said that the book could've used a bit more grammatical editing.

Despte that, its a very good book. Its still a very real-world, informative book on web services, very indepth, and stuff I could apply to work right away.

My edition, which is also a first edition, must be a later printing because Ive found NO typos that are actually content-related, just some clumsy sentences here and there.

Web Services is one of the fastest growing parts of the web. It is the standard format that allows computers to communicate with computers using the web as the communications medium. Being used largely in a business to business environment, the need for security is very high. And of course the efforts of the bad guys to break that security is also high.

This book is intended for the intermediate to advanced security managers and for system developers. It provides a detailed look at web services including it's concepts, protocols, and components. This takes about one quarter of the book. It's necessary to provide the background of the web services concept upon which is built the security systems.

The remainder of the book is on security. It includes known holes in the system, approaches the bad guys use, and of course mostly information that you can use to block them from getting into your system. This includes security tools that have been developed.

There is a CD with the book that has demos on the tools, the working of Web Services, audit and defense methodologies.

This is a book that in a good world you would never need, but if you're running web services sooner or later you'll need this information.

I have never paid this much for a book with poor grammer and editing in nearly every page. Perhaps because the material is cutting edge they chose to rush this book to print. Not only is the copy bad, there are many places (like the entire appendix) where figures are referenced but do not exist. Despite this, the book contains some great information about the emerging security threats to web services and some measures you can take to preempt them. I applaud the author for his technical content, but the book itself needs a lot of work before you should pay this much for it.

Pros

On the good side, the author (Shreeraj Shah) does a good job of establishing the foundations. He covers all the concepts, the alphabet soup (SOAP, WSDL,UDDI, etc.. There's plenty of real, live XML in the text. Although it sometimes feels like fluff, most of the time I find it helpful. Since I'm pretty unfamiliar with this subject, it was handy to have some of the examples written out. I have to perform software assessments for a living, and sometimes I run across web services. I'm better armed for those services having read this book.

Cons

There's a lot to be said that is negative about this book.

* It's very "hack" focused. Duh, that's the title of the book. But at the same time, I don't find it that useful to have yet another book that shows you how to break an application. What about fixing them? He has some suggestions there. I'll get to that.

* Everything is Microsoft and .NET focused. He makes mention of J2EE-based web services, and Perl and Python based scripts, but no significant part of the book is built on those things. If you're totally Windows-centric, this book will be fine. If you're on another platform, it's up to you to adapt what you learn here.

* He has a suite of tools that look to be really useful for monkeying around with web services. They're written in .NET, but unfortunately, they're closed-source. Even though lots of .NET apps run on MacOS and Linux under Mono and other emulations, he hasn't released his tools that way. One tool is released in a "Linux" binary that runs under mono. What about the rest of us?

* The text is poorly typeset. This isn't a nit picking criticism. When you're displaying lots of XML or .NET code, indentation is important. Some specifics:

* o Most of the XML is indented well when it shows up in the text, but if it has to wrap from one line to the next, the indentation is usually poor. The second line might begin right at the left margin.

* o The .NET code is almost always not indented at all. That is, everything is lined up on the left margin. That makes reading example code harder than necessary.

* o Some line breaks are just handled badly. In the chapter where he introduces HTTP headers, one of his example HTTP headers is too long to fit on a line, so it wraps to the next line. This, of course, is not what it really would look like.

* He gets definitions and word usage wrong in a few places. For example, his definition of a web service is really awkward and needlessly complex. He calls hashing a value with SHA1 "encryption" in at least one place.

* There's a lot of motherhood-and-apple-pie security in here. It's the same old tired advice like "developers need to code securely" (whatever that means) and "go build a threat model." These are not new ideas, they're not specific to web services, and they're a waste of paper in this book. It's not this book's job to teach those things, so just don't bother mentioning them in an impotent way.

* His example code for using WSEsecurity (p.277, Chapter 11) is vulnerable to SQL injection, a hack he has been demonstrating over and over and over. This just goes to show how (a) it's not easy to get it right, and (b) when authors focus on demonstrating one piece of functionality, they can overlook another. It's just especially unfortunate in this book, since he's theoretically telling you how to be more secure. Woe to the developer who simply copies and pastes this code and doesn't realize the SQL injection error lurking in it.

* Finally, there are lots of little places where it's clear that the editors were asleep at the wheel. The author has written at least one other book, but his vocabulary and grammar are awkward sometimes.

So, the final analysis is: I like it as a starting point, but I found myself mentally noting a lot of flaws as I went. Since I'm not a Windows user, I also found it a lot less relevant than I had hoped. Web services are not .NET or Windows specific, but this book really is.

High-tech crime remains a rapidly growing global menace. Read this book if you are interested in learning the basics of this type of crime and the professional tools and techniques used against it. Written by security professionals, federal/local government and corporate managers should read this book to understand strategies and methods needed to protect public and private resources from high-tech attacks. I especially would expect federal and local managers to be familiar with and following the principles described in this book to protect taxpayer resources - and be aware of deficiencies and taking corrective action. Other readers will gain better security awareness and the steps businesses are taking (or should be taking!) to protect user/customer resources. After reading this book, I certainly have a better understanding of the difficulties my bank and credit union, for example, are facing to protect my money.

Whether you're a law enforcement or corporate security professional, this book is one you should not just read but thoroughly digest before stepping off the ledge into high tech crime investigation. I've had both the satisfaction and frustration of managing investigations in both worlds over the last 16 years and have experienced, first hand, the hazards and consequences that await the uninformed. If resources such as the High Technology Crime Investigators Handbook had been available when I first began working high tech crimes in 1981, I would have gratefully traded the experience for the knowledge. The book is invaluable in educating law enforcement in the interests and philosophy of private industry as well as educating corporate security professionals in meeting the litmus tests for law enforcement involvement and successful prosecution. If you could only choose one book on high-tech crime investigations, this is it. Whether you are a private investigator, in law enforcement, corporate security, criminal justice student or just interested in the topic, this book is the book to read first, a must read.

What a practical and informative book. It's about time a book has been written that is not interwoven with conjecture and idealistic gibberish. This book has substance and is very relevant to the real world of crime in the technological environment. The authors' ability to provide such a broad perspective about the subject in such an understandable fashion is appreciated and refreshing. The authors provide a precise overview of the entire high-technology crime investigatory process. This book not only deals with a myriad of important issues but also offers viable solutions and prevention programs which have already been tested. It contains information that is applicable, not only to security professionals, but to law enforcement as well. Let's face it, "high-tech" crime will undoubtedly flourish in the next century. Managers and investigators from law enforcement and industry must have - at least - a basic understanding of the implications of this type of crime and the global information environment before they can effectively react to it. Protecting the assets of the public and private sectors will become higher priorities because the stakes are becoming higher and thieves will continually attempt to take advantage of new and existing technology to commit their crimes. As we move into the next century, the challenge will be to understand and aggressively respond to high-technology crime.

If you are wanting to learning the principles of investing computer crime then this book is a must.

After reading the reviews of the book, I was really looking forward for receiving it. However, it turned out to be a big disappointment. It may improve towards the end, but the first chapters were of so bad standard I gave up reading it.

Don't have the book here right now so I can't tell the pages, but in the first few chapters I was told that acceptable use of fire arms (authors claim IT is just like fire arms as it can be used for good and bad) is a police killing an offender that might kill someone else (ever heard of the theory of deterrence?), that phreakers (i.e. those hacking telephone systems for free calls) are the major threat for global information infrastructure security, CERT archives are the major source of information for hackers, SATAN etc. (including outdated Crack) are significant hacker tools, WWW is just a number of screens connected to each other, being given only ping attack as an example of denial of service, spent pages on calculating how many books fit into hard drives of different sizes (Assumption was that a book contains almost 1000 pages, then it was reduced 500 pages, this book is around 300 pages), and was generally being subjected to a number of unjustified claims about computer crime and computer criminals that seem to be if not all wrong, at least so simple unlikely to educate anyone to understand crime in GII.

As I said, the book may improve but I am not intending on finding out. The US centricity doesn't help, either. I'd rather get back to other sources of computer crime information that are more accurate and comprehensive.

Luckily, there are a number of good books around. For an introduction to computer crime, I recommend Icove, Seger and VonStorch: Computer Crime, A Crime Fighter's handbook (O'Reilly and Associates 1995). For a number of case studies and examples of computer crime, get Denning's Information Warfare and Security (Addison-Wesley 1999). For the scope of economical espionage and information warfare capacities of countries other than US Check Adams's The Next World War (Arrow Books Limited, 1998). To properly understand that national information infrastructure, nations' dependence on it and inherent vulnerabilities, get your hands on to Schneider's (ed.) Trust in Cyberspace (National Academy Press, 1999). If you want to know the extent of computer crime, go to CSI/FBI computer crime survey online.

It is widely assumed that law enforcement personnel is not properly educated to handling computer crime. If this is the case, authors should be especially carefull to treat security technology and vulnerabilities appropriately. Simplifications and unjustified assumptions don't help much. Therefore, it's better spend time on the above books and WWW site and get a more comprehensive picture of computer crime.

Information security policies and all of in this book. This is a great advice for business to start, continue, follow on their journey. Thomas has captured the essence of what the business of all levels want to know when it comes to developing IT policies and systems. This book is must read for all of business executive.

I just started developing InfoSec policies for my company, and was having a hard time getting started. The Web is filled with sample documents and articles for specific documents, but I needed a resource that assumed I was starting from scratch and would help me build up a good library of content to satisfy our auditors.

So I was a little excited to stumble across this book. It lays a good foundation for what's needed in a security policy library, and steps through the development of the major document types: policies, procedures, standards, and guidelines. It's filled with lots of samples, checklists, templates, and other starting points for everything I was looking for.

One glaring problem, though, which by itself drops the rating 1-2 stars: there is an embarrasingly high number of grammar, syntax, and occassionally even semantic, mistakes. Even though these kind of problems are one of my biggest pet peeves, I might overlook them ... except the author makes multiple statements about proofreading your work before submitting to management!! It seems pretty clear that the book was rushed to publication without a serious round of review (I wonder if I put more editorial time into this review than they did into the book...). Even though the book was written for techno-types, there is no excuse for such egregious errors.

Overall, though, this is a decent resource to help with infosec policy development. Just make sure it's not the only book you use. If they would issue an update, this would become a valuable addition to your library. However, the edition I purchased in Feb 2005 was released in 2002, so I wouldn't expect any updates soon.

Really good for anyone doing infosec policy dev.

this will save you a ton of time.

If you want to find out the relation between Policies, Procedures and Standards buy this book. Although the flow of text is somewhat discontinuous but the author clearly explains the underlying concepts. The examples are very illustrative and have a real world feel. The author has been on the frontlines (clearly evident throughout the text) and this distinguishes the book from rest in the pack. Very few books talk about ISO 17799 and BS7799 in detail. This book goes beyond just reproducing the standard and explains the positioning of such guidelines. The tables and checklists found in the appendices alone are worth many times the cost of the book.

This is the best book I've seen (so far!) about writing infosec policies and associated materials. Tom Peltier refers directly to the ISO 17799 structure and gives helpful advice on what to include under the ten sections. More than that, he guides the reader through the *process* of writing and implementing policies, even including a brief chapter on my own specialism, security awareness, and suggestions on writing style.

My main quibble with the book is its inconsistency in the level of detail e.g. 41 of the 191 main text pages are devoted to information classification. There are perhaps too many lists and tables for my liking, but these may be useful as reminders of things to include.

Overall, the book is helpful if you are about to write infosec policies and want to avoid some of the more common pitfalls.