Hackers Books

excellent reference material has been invaluable to me in the last week and has steered me into making some difficult choices easily

This book, especially if used in conjunction with the author's web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I've read. My reasons for making this bold statement include:

- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I've read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.

- By separating the process into three distinct domains (referred to as 'stacks') you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.

- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.

The planning approach set forth in the book is straightforward and realistic - you're led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.

Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.

In Mission-Critical Security Planner, Greenberg lays out all the security elements that should concern you and what questions you should ask about them. With this book, half the battle is won because you at least know how to do the planning. You still have to do the planning, but with the worksheets and tips provided in the book, that will be much easier than it used to be.

I read the book twice: once to get an idea of what all the worksheets were about and once to really read them with all the technical and practical details provided by Greenberg.

Greenberg identifies 28 security elements, including 15 fundamental elements, (six of which are core elements), and 13 wrap-up elements. Core elements include things like authorization and access control, authentication, encryption, integrity, nonrepudiation, and privacy. Those may seem obvious, but Greenberg has a lot of useful things to say about them that others haven't said.

Perhaps the most valuable part of the book is all the other elements, which we tend to forget, including addressing and routing (with tips on how to get those right from a security point of view), configuration management, directory services, time services, staff management, legal issues, and so on.

I'd be interested to see some projects get implemented with Greenberg's methods. I think it should work quite well, although due to entropy, laziness, over-worked engineers, and other such factors, I would guess that some of the numerous worksheets will fall by the wayside. But I think Greenberg would be OK with that as long as most of the worksheets are maintained and the company adopts security as a way of thinking.

In summary, this book is definitely worth reading, probably numerous times!

The truth is, hackers and other attackers won't take no for an answer, and while there is absolutely no way to stop attackers from trying; there are ways to stop them in their tracks.

With that, Mission-Critical Security Planner is a surprisingly good book, aimed at someone looking to start developing their information security infrastructure. Rather than having to reinvent the wheel, the book provides planners with the framework and tools they need to create their information security infrastructure.

One good feature of the book it is large collection of templates and worksheets on various security elements. .../

The book is not overly technical and is quite good for those who need to get their security group up and running in a short timeframe.

For those that are serious about security, they will find that Mission-Critical Security Planner is like a cookbook. They can use it to prepare their security as needed.

Overall, Mission-Critical Security Planner is a very readable and useful book. Those who have an imperative to get their security groups up and running will find huge value in the book immediately.

It is very rarely, that you'd see a good high-level security book nowadays. There are lots of great "worm-eye view" books with nice detailed descriptions of attacks, defenses, secure configuration options, tools and tricks. However, many of the high-level books resolve to quoting some outdated CSI/FBI survey, blabbering about security policy and giving out piles of outworldly advice on how to "mitigate risks".

This visionary book proves the opposite: you can have a high-level security book, which is not just practical, but actionable. "Mission Critical Security Planner" delivers a portion of the security process, packed into one toolkit. Make no mistake - this book is about planning how to do security, not how to tweak your scanner or configure a firewall. However, planning is indeed a critical (and, as the author points out, often missing) piece of security conundrum, and the book delivers on that.

An awesome component of the book is a large collection of templates and worksheets on "selling" security measures, planning the implementations, organizing security team, dealing with various business people and many other occasions. The book has the printed versions while its companion website criticalsecurity.com has the download.

The main part of the book is organized around "security fundamentals", large domains of security (such as authentication, encryption, integrity, privacy, etc), which are used to structure the security planning process, described by the author. For each of the fundamentals, the content is organized in sections: summary, security stack (covering various aspects from physical to application level), life-cycle management (from technology selection to response), business (on dealing with various categories of business people, such as suppliers and customers) and selling security (to execs, managers and staff). All of the above contain various templates.

Among the more fun parts, the section on negotiating with hackers is just exclusive and of the never-seen-before kind. Section in hacker profiling is also of interest, since it seems to originate from author's experiences (and not in just reading about it on the news). The book also demystifies such elusive notions as "impact analysis", "security ROI". PKI also has a prominent role in the book. While PKI (as it is defined today) might or might not fly, the book gives a great example of large-scale production implementation, running for many years. Another great feature of the book is author's "future 10 attacks list" with his predictions on threat landscape.

Overall, the book seems indispensable to those responsible for securing networks. Security managers and CSOs will likely gain maximum benefits from using it (due to the book targeting), but other security professionals will benefit as well. Notice, that the benefits can be derived from "using" it as opposed to just "reading" it, although even the latter will prove highly enlightening. The "selling security" templates alone are likely worth their weigh in gold. The book is well-written and, while not possessing the lively style of some recent security books, will beat some of them hands down in real-world applicability. After all, even if you very well know that IDS is valuable, who will help you to "sell" it to the CIO? This book just might!

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Caryn was a keynote speaker at our annual School Nurse conference in Kansas City. She was captivating. I took the book home to read to my grandson who is in Kindergarden. He rides the bus and is on the playground with older children. Bullying was a concern to him. This book gave the concept of bullying an understandable fare even he could understand. This book assists both the bully and the bully target in offering tips the parent and child can use. The amazing illustrations helped provide interest far beyond the written word.

Caryn has delighted us with a children's program that is imagery, adventurous and researched based.

The book is a learning tool for young people and a must for classrooms, teachers, schools and parents.

Ms. Hacker not only brings her expertise as a psychotherapist to the plate with her strategies on how to develop positive character in today's youth, but also guides adults on how to teach and nurture healthier compassionate behaviors.

I highly recommend this book and program for parents, youth, teachers and schools.

Deb Landry, Author
Sticks Stones and Stumped!
Yankee Go Home

If you saw your child or any child in danger you would not hesitate to rush to there aid. Seeing a child struggling in the surf or swimming pool, falling from their bike in traffic, again there would be no hesitation. How can we be prepared for problems and dangers when they are not at our side. Bullying is one danger that is far reaching that we cannot iqnore. Lack of knowledge about the problem is no longer acceptable. Every parent, grandparent, teacher and caregiver must read, "A Bully Grows Up, Erik Meets the Wizard" adult eddition and consider giving a copy of the children's edition for that child you love. They will love the story and it will help them understand that it is not an acceptable behavior. Silence is not the answer and this has had tragic results. Both editions have merit in providing understanding and activities to stop the behavior; building pride, self confidence and compassion. An easy must read for good parenting skills.
ROBERT DEAN BAIR, AUTHOR: THE CLOISTERS OF CANTERBURY and PEACE AT LAMBETH BRIDGE

A Bully Grows Up: Erik Meets the Wizard is a "must have" in a teacher's bag of tricks! Prevention is the key to dealing with the epidemic of peer abuse in our classrooms, and Caryn Hacker's book skillfully guides young listeners through this dilemma by generating conversations that allows children to examine these behaviors without shame or guilt. Storytelling as a way to impart a moral lesson to children is a true art form, and in Erik Meets the Wizard, the author has woven a masterpiece.
When parents neglect to teach children that bullying is wrong, it is virtually the same thing as saying its okay; and this lapse is what leads to tragedy. As a teacher, I have fought this battle too many times to count. As a mother, who lost a beloved child to suicide as a result of bullying, I cannot urge parents and educators strongly enough to take a stand against bullying. Let their be no mistake that bullying behavior is NOT a normal part of childhood. It does NOT build character. It is NOT a rite of passage. Bullying hurts, humiliates, and destroys the soul of a child. Kudos to Caryn Hacker for creating this great tool for ending the cycle of abuse.

I heard the author of Erik meets the Wizard on NPR discussing bullying behavior. She was a compelling speaker which prompted me to buy this book. I read it with my children and found it was a story that helped them to better understand bullies. It was also the catalyst for a conversation about how they might deal with a bullying situation within their own peer groups.

I owned the previous edition -- I bought this version because it promised new utilties -- intrusion detection, admin tools, ... for the most part, I have been happy. [The old edition provided the tools on a CD -- the new book has a companion Web site] -- trying to download the tools through my firewall can be challenging -- especially anything that has to do with viruses ...

That said, however, the new content is good.

The book has a definite slant towards Windows. But then ...

I have been building lots of Web clippings for the Palm environment. I needed a way to authenticate users. The book's discussion on Wireless protocols helped me implement a solution that works for the Palm and Web phones.

The book does a fair job of covering OS issues -- I recommend getting a book specific to an OS (such as Linux Exposed) if you need to protect a specific type of server.

The discussion on protecting ASP scripts was pretty good.

Over all -- worth the investment of money and time.

Very up to date book. Excellent reading (even though this is a text book for me~ Not boring text material). Great book

If there is a hacker-related book -- I have it ... compared to others, this book was easy to follow.

My Web site must support secure credit card transactions. The book's chapters on digital certificates, SSL, and e-commerce made the process almost cut and paste.

I also like and recommend Hacking Exposed.

Overall, this is a pretty good, general, beginner's book to network security.

For me, my main goal was to learn more about the OSI Model and how it relates to various security solutions I am investigating. The book does a pretty good job with the OSI Model and it explains pretty well the various technologies and techniques out there.

The fly in the ointment for this book is the fact that it has VERY little on wireless security. In fact, it only has one chapter and this one chapter dealt with all the different flavors of wireless technology. I was particularly interested in security solutions for wireless LANs and this book only had a page on WLANs.

This book did not mention WEP or 802.11b or any of the 802.11x flavors out there. I had to glance at the copyright date in order to make sure that it was published in 2002! I find this omission very strange but at the same time network security is network security.

I am going to stick with my four-star rating because it is a good general book but don't expect much depth.

On another note, does anyone else but me find it suspicious that this book got 3 positive reviews in the space of a week and then little else over the last few months? :-)

In Hacker's introduction, she states that Khoury-Ghata has said, (in reference to her own writing) "the rhythms and tropes of her poetic line are as much influenced by the sound of spoken Arabic and Arabic poetry as they are by the comparative austerity of French verse". (x) The catch is that the poems are translated into English, so in my reading of the book, I can almost guarantee that certain rhythms were lost that may have contributed to certain emphasis that I missed. However, that being said, the poetry was well written and made wonderful points about people's speech in general and then specifically for and about women. The first section's translation was probably the most on target in the translation, given that the focus was on words and could be applied to all languages. However, the poetry has now been, in a sense, through two translations, one direct and one indirect. My small amount of knowledge about the French language compared to English is the consonant values, so, as I said before, the emphasis was probably lost. The second section, "she says" is more focused on women with references to "sex, grief and death." One intriguing repetition is that of "she says", "she understands", because regardless of a language barrier, or things lost in translation, or any other barrier, many women and even men can play the role of the aforementioned "she", so the book opens itself to a larger audience, even to men. One of the best sets of lines is on page 89: "She taught it the twenty-one ways to walk against the wind / and how to get up before the lamp without offending it // It kept a sorrowful silence confronted by the first snow/ and the woman's first white hairs / convinced that God was wasting his stock of chalk". "It" being a traveler and painting a picture of saving a woman, which "it" may not even be. She presents the grief of aging, of fear, of waste, of worth. Lastly, the continuing words with absolutely no punctuation bring forth the common theme that the battles with sex grief love and hurt are interminable.

On first reading of Vénus Khoury-Ghata's She Says I feared that I must somehow be intellectually stunted. I didn't get it and I mean that in the worse sense of the phrase. I found myself reading page after page wondering when I would get it. I then became angry at her for writing an entire collection of poems that I, an MFA student, did not get. I thought perhaps something crucial had been lost in the in the transition between Khoury-Ghata's maternal Arabic thoughts, her school-bred French écriture and Hacker's English. So I read the poems backwards, read the original French texts (I'm mostly bilingual) and still I was lost. So I had an herbal remedy. and a bubble bath. My mind began following the archipelago of bubbles floating in my tub water and I had an epiphany. I grabbed the book again. My mind had been tight, constricted and rigid, a state not conducive to playfulness. My very being had worked against the poet. This time I let her words play with me, rearrange me. And I got it.
Her poetry rests in a sacred place where words do not wish to be disturbed into order, where chaos reigns. And yet each poem resonates with a concreteness, a sadness. a stream draws a closed circle around her house/once stepped across the water turns like bad milk. (p. 73) I feel a sense of regret and mortality in her final lines. It's as if she knows the potentialities in our self-expression. The sadness I feel is our knowing that it can only exist here, confined within these pages.
At times I considered that English is too limiting a language to ever convey Khoury-Ghata's thoughts. This seams certainly true with the poem that begins "Les morts dit-elle/sont clos sur eux-mêmes comme le sang." (p. 64) "Morts" could easily be read as "mots" the French word for "Word," so that the English translation would read, " The words she says/are closed in upon themselves like blood," instead of "The dead she says." And yet there are places where the English translations resonate more strongly. On pgs 16-17, the sounds in "letters buried in their silicate vestments/become silenced sounds in the silenced silt" reveals more than in "des lettres enfouies dans leur vêtement de silice/devenues sons éteints dans la vase éteinte."
I envy Khoury-Ghata. Living in the space between two languages is in many ways a literary blessing. Her natural detachment from the French language allows her to play with words in a way that most of never could. I am reminded of Natalie Goldberg's thoughts on writing in her book Writing Down the Bones. She says that if we think "cut the daisy from my throat," then that is precisely what we should write down. But we censor ourselves, and in doing so we limit ourselves. Khoury-Ghata is consciously fighting against our urge to order and make sense of our words. She writes "One marries the words of one's own language/to settle down/ traveling is for the others/who borrow lines the way they take the train." It is this traveling that I envy, her ability to stay "single" when we are pressured to settle down with our language. Only through de(con)struction of our own language can we rebuild it in our own image, which might be feminine, androgynous, hyper-sexualized, depending on the creator. The idea is that it becomes our own and frees us. I realize now my anger was envy...of her ability and willingness to (re)construct herself.

I thought this book was fabulous! It is not often that we encounter, either in literature or in art, a marriage of surrealistic imagery with sincere emotion. Frequently, it seems that when surrealism becomes a major component in a literary work, the result is a barrage of strange and disconnected images holding little meaning beyond the apparent. few writers are able to instill such works with true heart and soul as does Venus-Khoury-Gata. The fantastic images that fill the pages of her book are rich in layers of metaphorical meaning, vibrant with the feeling she attaches to each. She thereby miraculously transforms these unexpected and dislocted objects--a "drainpipe" connecting the mouth of the petitioner to the ear of God, the "toe's" of apple trees--into vehicles of the soul which she definitely bares here. Much is to be said, as well, for the undoubtedly challenging job of translation completed here by poet Marilyn Hacker. The effort involved in such a feat, not to mention the result, dazzles the mind.

Venus Khoury-Ghata exemplifies a true denizen of a multilingual and polyphonic world with her ability to swing back and forth between languages and, thus, disparate modes of thought to establish a new and unique manner in utilizing language. Marilyn Hacker shares a similar space by being Khoury-Ghata's translator in She Says. As a renown poet, herself, Hacker is able to also inhabit a transliminal lingual and literary area by moving from American English to French to read Khoury-Ghata, but has to return to English with her subsequent translation of Khoury-Ghata's verse. She seems to do this seamlessly as her translations of the French follow as comfortably as possible and Hacker's voice remains a whisper in those transliterations.

In She Says, Khoury-Ghata moves in between languages and worlds, the real and the surreal, and she uses words and phrases that spark the imagination and disrupt our usual tropes. On p. 67, she writes -
"Because there's no shortage of summers
the days are like conceited generals
the nights like flashy women
the moon is the tool they work with
it regulates their urges and their blood"

"But it sometimes happens that they dream a bit of widowhood and darknesses
The sesame seeds sewn in their skirts weigh down their shadows
the lampposts bow gently as they pass by
and the fireflies part the air with their two hands"

Khoury-Ghata's lack of punctuation in She Says helps her verse to flow like billowing clouds. Her use of negative space is sparse and purposeful and serves as her only actual punctuation. I found her economic use of verse to be both fascinating and inspiring.

As Khoury-Ghata states in the proceeding section titled "Why I Write in French," she quotes Andre Brincourt who says that "`the Francophone culture is rich in the diversity of the tongues which nourish it.'" She is staggering in her ability to flow between languages and modes of thought and this I believe will help to strengthen the French language overall. She Says is a good portent for those of us who are still trying to deal with the imposition of colonizing languages and the resulting trauma in trying to reconcile maternal and former tongues with the new dominant language. Language must be dynamic to mutate and evolve, otherwise it becomes stagnant and dies. And along the lines of Brincourt and Khoury-Ghata, I believe that such tension between dominant and non-dominant languages can only serve to strengthen language in general and increase the level of communication among the human species. As Khoury-Ghata writes, "Writing in Arabic by means of French doesn't prevent me from listening attentively to the latter..." These are words to live by as someone who also seeks to broadcast the different cultural signals that every individual receives.

Venus Khoury-Ghata is a master of words. She swims in language, dives in her alphabet soup, and splashes us until we drip. She Says is a compilation of poems that converse with each other, wink at each other. Each poem bursts as you read it, like bubble wrap, when you squeeze one of its tight bulbs.

Before I started reading She Says, I skimmed the book, and was struck by the fact that the poems do not have titles. Well, the first line of each poem serves as a title. In the table of contents, these lines stand under each other, and read as a poem:

Words
-In those days I know now words declaimed the wind
-Words
-Where do words come from?
-How to find the name of the fisherman who hooked the first word
-The prudent man looped his family to his belt
-Language at that time opened fire on every noise
-What do we know about the alphabets which didn't survive the rising of waters
-The words which spring up on the borders of lips retain their terrors
-Words, she says, used to be wolves
-Words, she says, are like the rain everyone knows how to make them
-It was there and nowhere else
-The rain had few followers at that time
-Guilty of repeated forgetfulness
-There are words from poor peoples' gardens that crossbreed iron and thorns

Before I actually started reading the book, I was reading it.

Though some have mentioned that She Says lacks punctuation, or that Khoury-Ghata's use of negative space is her only punctuation, I noticed the use of question marks. This fact begs the question-why question marks, and not periods? Perhaps because periods seal declarative sentences, and Khoury-Ghata does not want to seal the issue of language--its potential and transcendence; she wants to unfold it. She is not declaring, she is asking.

Why not use commas (they do not seal)? Commas make a reader pause, and Khoury-Ghata is working with impulse. She Says cannot have commas, like a rollercoaster cannot have commas. The lack of punctuation also makes words, thoughts, and ideas bleed into each other, much like our thinking process. Khoury-Ghata is thinking on paper.

She Says is a book you have to read and reread. The images are exquisitely chosen and precisely placed, yet it appears effortless. These poems feed you. After reading them, you are full, satisfied, like a three year old after eating a bowl of alphabet soup the size of its head.

Wow - I had to have this book. They are right, he explains everything wrong with Oracle and all about vulnerabilities and exploits.

So, there I was. I was about to buy a new book and I really had to think hard about what to buy - after reading The Shellcoders Handbook, I was really interested in grabbing a copy of this book, in the end, that's exactly what I did.

I am happy with my decision to the fullest extent. Not only was it a great brother to The Shellcoders Handbook, but it was also just good reading in general. It covers seven of the most popular databases around, and each section of the book goes over it's history, it's flaws, how to propogate after a successful exploit, and finally how to lock down your database. You'd be suprised at how easily and how asinine some of the flaws found in database servers are - it's almost laughable, some of the flaws that many servers have been prone to are ridiculous.

The book, like it's brother, covers information that is somewhat dependent on context, but the general concepts you will see and learn are going to remain relevent to all types of research related to the topic at hand for a long time to come.

If you own the Shellcoders Handbook -- or even if you don't --, you should not at all miss on this, The Database Hacker's Handbook: Defending Database Servers is something security enthusiasts everywhere should have on their shelfs.

My review relates only to the Oracle chapters.

This is the first book to actually expose real Oracle hacks. Most security books are just glorified papers on Oracle security, written by people in grey suits with image consultants.

The real fun of this book is in the "Attacking Oracle" chapter. These guys gave the phrase "thinking outside of the box" real meaning. They look for a feature or bug open to the security attack, then they shake it until it breaks. You will see exploits of AUTHID, PL/SQL injections, app. server, dbms_sql.parse bug,... most of them relevant to 9i and 10g versions.

The hacks are mainly in the sections called "Real-World Examples". Most of the exploits are already patched by Oracle and they are also available on hacking forums, but there were some new ones that were quite a revelation.

The security recommendations in the "Securing Oracle" chapter were too general, you can probably find Internet white papers on hardening Oracle that give more details. But, this book is not really about hardening Oracle, even if it says "Defending Database Servers" with small, blue letters on the front cover. This book is about attacking database servers.

I have seen David Litchfield's previous work and I am sure he knows (and has tried) more than what is written here. Can we expect to see that in "The Hacker's Handbook" part II?

The Database Hacker's Handbook (TDHH) is unique for two reasons. First, it is written by experts who spend their lives breaking database systems. Their depth of knowledge is unparalleled. Second, TDHH addresses security for Oracle, IBM DB2, IBM Informix, Sybase ASE, MySQL, Microsoft SQL Server, and PostgreSQL. No other database security book discusses as many products. For this reason, TDHH merits four stars. If a second edition of the book addresses some of my later suggestions, five stars should be easy to achieve.

The first issue I would like to see addressed in a second edition of TDHH is the removal of the 60 pages of C code scattered throughout the book. The code is already provided on the publisher's Web site, and its appearance in a 500 page book adds little. The three pages of characters (that's the best way to describe it) on pages 313-315 in Ch 19 are really beyond what any person should be expected to type.

The second issue involves general presentation. Many chapters end abruptly with no conclusion or summary. Several times I thought "Is that it?" Chapters 2, 5, 7, 10, 13, 15, 18, 21 and 22 all end suddenly. The editor should have told the authors to end those chapters with summaries, as appear in other chapters. On a related note, some of the "chapters" are exceptionally short; Ch 9 and 12 are each 3 pages, for example. Chapters that short are an indication the book is not organized well.

The final issue involves discussion of various databases. I preferred the "Hacking Exposed" style of the 2003 book SQL Server Security, which included Dave Litchfield and Bill Grindlay as co-authors. That book spent more time introducing the fundamentals of database functions before explaining how to break them. For example, more background on PL/SQL would be helpful. With 60 pages of code removed, that leaves plenty of room for such discussion in the second edition.

On the positive side, I thought TDHH started strong with Ch 1. The Oracle security advice was very strong. I thought the time delay tactic for extracting bit-by-bit information from the database was also exceptionally clever.

Although I have not read it, I believe Implementing Database Security and Auditing by Ron Ben Natan might be a good complement to TDHH. Natan's book appears to take a functional approach, whereas TDHH takes a product-specific approach. The drawback of the product-centric approach is repetition of general security advice, such as enabling encryption, disabling default accounts, etc.

At the end of the day TDHH is still a revealing and powerful book. Anyone responsible for database security should refer to the sections of the book covering their database. I also recommend keeping an eye on the Next Generation Security Software Web site for the latest on database security issues. You should also see the authors speak at security conferences whenever possible.

David Litchfield is arguably the foremost expert and evangelist when it comes to database security. He, and his team of compatriots from Next Generation Security Software, have written a book that any database or security administrator should be familiar with.

Even if some of the attacks or exploits described in the book were previously obscure or unknown, the fact that they have been outlined in this book means that administrators need to know about them and defend against them before the "bad guys" read this book and take advantage of them.

One of the best aspects of this book is the way it is organized. Splitting the book into sections devoted to specific database systems makes it exceptionally simple and convenient to use. If you only use MySQL, you can skip all of the information regarding Oracle or Microsoft SQL Server, and just focus on the section of the book that applies to you.

Within each section, the authors provide a tremendous wealth of knowledge. Aside from describing weaknesses, potential exploits and protective measures to defend against them, they also look at the general architecture and the methods of authentication used by the database.

Any database admin should have a copy of this on their desk.

I learned alot from this book and I have been programing foxpro from the dark ages in 1991! These guys know their stuff. If you program foxpro for money you need this book.

Granor and Roche do an excellent job of explaining the treasures and pitfalls of VFP3. I found this book after I had been banging my head against a particular problem for several days, and was able to find the answer immediately, where no other book I had checked gave the answer. They document both how VFP3 works, and how it _should_ work. Most of the book still applies to VFP5, and presumably it will still be good under Tahoe.

Even though this isn't out yet for V5.0, it's still worth the freight. In-depth discussions of each command, property, event, method, etc. It's saved me hours of aggrevation, and I even curl up with it in my spare time!

FoxPro is both wonderfully powerful and maddeningly quirky, as is well documented in this excellent volume. Having used FoxPro to develop and support commercial software products for many years, I have a large library of FoxPro books, and this one is by far the best. It is exhaustive in its coverage of concepts, features, bugs, and documentation errors, and includes many excellent examples. If you are serious about FoxPro, buy it.

Although the book was intended for VFP 3.0, it is an excellent introduction to FoxPro Object Oriented Programming. It is intended as a short introduction and command reference and it does that well.

In this book Carol Hacker has given the job hunter a powerful tool - true knowledge. Unlike many dense books on job search, she made the book easy to read and to understand. It's very much like sitting down over a cup of coffee with a senior executive and finding out what's REALLY going on. Whether you are an experienced executive or entry level newcomer, there is a lot you don't really know about job hunting and won't until you read this superb book!

I lost my job and found this book to be invaluable in helping me figure out what I wanted to do from this point on. It's practical and filled with lots of information that I could put to use immediately. Now my wife is using it in her job search.

This book gets to the heart of what it takes to get the best job available. I was enouraged by the information offered to the reader. I don't read a lot because I don't like to read, but this book was recommended to me by my brother and I found it to be very valuable.

I recently purchased this book and found it to be well-written. The author appears to know what she's talking about. I got some valuable ideas that helped me in my job search. I started a new job 3 months ago and attribute some of the good decision-making I made, especially in the area of negotiating salary and benefits, to Job Hunting in the 21st Century. Happy reading!

I bought this book and several others on this subject as I'm looking for a new job. This book is by far the most comprehensive and useful. It's easy to read and has a lot of ideas that I hadn't thought about. I know that my college-age children will benefit from this book as well. I'm happy to have it as part of my personal library.

The book is great for the experts, geeks, average user and the inexperienced newbie who just went "online" and started using email.

It goes into details but yet explains things in a way that can be understood by anybody. The power of metaphors and examples from the offline world from everyday life do the trick.

This book is the most comprehensive book to the subject of email spam, its various forms, its purpose and why it is so hard to stop it.

If you already receive a lot of spam an wonder why you got it, even though you did everything correctly and protected your email like you protect your credit card numbers, read the book. Even if you did not receive a lot of spam, read the book, no, YOU have to read the book.

I would also suggest it to anybody who just went online and thus is vulnerable to phishing and 419 fraud due to the lack of experience.

You are reading this review, which means that you are online. Don't browse away without buying this book!

How do spammers select their targets, make money on gaining email addresses, and gain information just from a preview of a spam message? How spammers and hackers work is revealed by veteran technology interpreter Danny Goodman in SPAM WARS: OUR LAST BEST CHANCE TO DEFEAT SPAMMERS, SCAMMERS, AND HACKERS. Chapters tell how criminals and scammers operate, how they use the email system, and when anti-spam technology and laws can't help. It also provides tips on how users can protect themselves and their email against attack. An invaluable, important guide.

Spam Wars is truly a computer book for the twenty-first century. Award-winning technology interpreter Danny Goodman teaches readers Spam 101 followed by an intermediate course in Spam, including how to recognize spam, the importance of firewalls, spam, virus, spyware and malware filters that should be installed on every computer, and much more. In a day and age where the worst possible spam can lead to identity theft and worse, Spam Wars is much-needed reading for every small business and household that relies heavily upon computers and the internet. The basics for protecting oneself from attack are presented in plain terms that even the technologically clueless can quickly grasp, and special attention is given to the exploitable flaws in Microsoft Windows and the Outlook email program. Highly recommended.

I was recently sent a review copy of the book Spam Wars by Danny Goodman. This is an excellent read for anyone wanting to understand where spam comes from and how the whole "spamonomy" operates...

Contents: Introduction; Email Predators, Guardians, and Victims; Grasping Spam (not SPAM); How We Got into This Mess; Behind the Curtain: How Email Works; It's the Spamonomy, Stupid!; How Spammers Get Your Email Address; Meet the Spammers and Scammers; The Spammer's View of the World; How Spam Differs from Junk Mail; The Antispammer's View of the World; Spammer Tricks Part 1: Headers; Spammer Tricks Part 2: Messages; Beware Geeks Bearing Gifts; Rule #3: Spammers Are Stupid; Technology as a Partial Solution; The Law as a Partial Solution; An Email Manifesto and To-do List; All about Email Message Headers; An Introduction to Span Sleuthing; Online Resources; Glossary; Index

Unlike books that offer purely technical solutions to reduce the amount of spam you receive, Goodman takes a step back and lays the groundwork for how we found ourselves in the current environment. Any reasonably intelligent person will be able to take this book and begin to understand just how much of a problem this is. It's not just the 50 (or 500) emails you have to delete every day. It's the billions that get sent out continuously by spammers and scammers who don't deliver on their offers. And because there are people dumb enough to respond, it's a very lucrative business that has no regard for the victims... those of us who don't want to increase certain body parts or meet girls who are hot for us. Please!

Goodman has a very irreverent style of writing in this particular work, and it's fun to read. He has no qualms to call spammers "stupid" and then back it up with examples that are far too numerous. I also appreciate that he doesn't attempt to offer some "silver bullet" that will magically take care of all your issues. There isn't one, and he openly acknowledges that. Technology can fix part of the problem, and laws can somewhat address another small segment. But in his final chapter, the "manifesto", he offers a series of steps and actions that each of us can take to start reclaiming our rightful possession that the spammer has stolen from us... our email address.

I highly recommend this book to anyone who doesn't understand what the fuss is, or to those who have reached the end of their rope with spam. You don't have to be a techno-geek to read and understand the material, and you can start to make a difference in your little corner of the internet. And if enough people take the same steps, perhaps things will become better for everyone...

There is one classic book that sits on my bookshelf and shows the wear and tear of repeated use and that book is the JavaScript Bible by Danny Goodman. So when I found that Goodman had written a book about the eternal struggle against spam and phishing scams, I really wanted to get my hands on a copy of Spam Wars: Our Last Best Chance to Defeat Spammers, Scammers, and Hackers (Select Books, 2004, ISBN 1-59079-063-4, 330 pages) to see his take on this subject.

In a writing style that would make "Dr. Phil" proud, Goodman pulls no punches in providing a tough love narrative weaving history, challenges, and opportunities to attack this enemy head on and win the war. At US$12.21 a copy on Amazon, there is no reason potential readers should hesitate to buy a copy for themselves and copies for all their well meaning friends and relatives who do the stupid behaviors that spammers more than profit from.

Goodman makes no apologies for his approach to the topic and the fact that it is driven by his personal philosophies, but unlike the author of another spam title I recently reviewed, he gets his research and facts right, not only providing citations but links to source documents. From his "outing" of the first commercial spam from Digital Equipment Corporation (DEC) on ARPANET in 1978, to his plain English explanations of how email is routed, to his line by line explanations of what is contained in email headers, Goodman undertakes and successfully delivers content for the lay audience, as well as technical readers.

In some ways, Goodman may be overly optimistic that if the economic vitality that fuels spam is cut off, then the problem will go away. I myself have fought too many unsuccessful uphill battles with family and friends to either not forward mass e-mails or learn the simple BCC concept. But there is much more likelihood of success if we do this. Why? Because as Goodman illustrates very well, lobbyists and special interests have very successfully watered down any attempts at real legislation with teeth, and even the most rigid laws stop at our borders. He also shows how the original developers of the Internet are the real root cause of the problem, regardless of how good their intentions were.

And his book also educates beyond technology and spam/scams. He teaches you about things like the fact that you do not have to return a warranty card to a manufacturer to have protections of the warranty. He talks about elements of social engineering not often discussed: the use of certain words and phrases to exploit the god-fearing, the bleeding hearts, and the lonely.

So if you want yet another great reference book from Danny Goodman, then this book fits the bill. The only fault I have with the book and hopefully the publisher can address this is that this book was not released under a Creative Commons License like "We The Media". The reason for this is that Goodman wants the content and "gospel" passed onto as many people as possible. Creative Commons licensing would have definitely jumpstarted this effort, since there are no handy download documents or information sheets that can easily be distributed to others. However, I view this as gravy and in no way detracts from this book.

Who Should Read This Book?

Everybody. This includes you, your significant other, your grandmother, your neighbor, and/or anybody else who uses the Internet and really needs to understand the consequences of their behaviours.

The Scorecard

Double Eagle on a Par 5

Oliver asks Roy to come with him on a trip to recover some things, after he finds out Catman was at his funeral. Roy is shocked when he finds out Oliver asked Shade to clean up, as his 'porn buddy', as Meltzer explains. Oliver points out Shade is immortal, and everybody else around him will eventually die.

An interesting look at what a long established superhero's will might include. Brad Meltzer has again handled the transition to comics very well. Don't know how good his novels are, but he has a good thing going here, and being able to do both makes him a rare talent, and worth following.

He even tracks down the truck from Hard Travelin' Heroes.

This was a great read and is part of a great series. Ollie Queen is one of the most interesting characters in the DC universe and his relationships are what make his stories so appealing. I recommend getting volumes 1-3 first.

This is one of the best Green Arrow stories to date. Brad Meltzer really shows that he can write comics with the best of them and creates a great run of Green Arrow, which is collected here. A really fast read, as I read it in one sitting. Very good stuff.

I had read the two previous Green Arrow trades, "Quiver" and "Sounds of Violence" written by Kevin Smith, and I enjoyed them both immensely, Kevin Smith left the book after issue number 15.

Which from #16 to #21 Brad Meltzer takes over the writing duties.

I didn't know anything about Brad's storytelling other than his current "Identity Crisis" arc for DC. so I was very skeptical about buying this 3rd in the series Green Arrow trade "Archer's Quest", since I had enjoyed Kevin Smiths prior work on Green Arrow so much.

but....BOY, AM I GLAD I BOUGHT IT !!

It's really good, and keeps you interested throughout the entire book, and the ending revelation ! wow !

And it is in NO way a ripp off of the road trip that Ollie took with Hal (Green Lantern) in the 70's. it's more of an ohmage to those classic stories.

Brad writes a Green Arrow story every bit as good as Kevin Smith's run on the book. plus there is none of the "beavis and butthead" type adolescent humor that Kevin Smith peppered throughout his story. (which was my only beef about Kevin's run)

If you don't know anything about the Green Arrow, you will still enjoy this book, but if you know alot about his history or even an adaquete amount (like me) you will LOVE it !!

Kevin Smith brought Oliver Queen back from the dead in "Quiver" and "Sounds of Violence". Brad Meltzer, in his first comic work to date, picks up the book where Smith left off and gives us the best character-driven Green Arrow story ever - a story that brings Ollie back to LIFE!

The premise of the story is simple - Ollie and his long-time ward, Roy Harper (aka "Speedy" aka "Arsenal) goes on the road to find pieces of Ollie's life. Brad Meltzer gives us a story reminiscent of the classic "Hard Travellin' Heroes" on-the-road stories of Ollie and Hal Jordan, but with a twist! While those classic stories showed the duo in search of the true heart of a nation, this story is the search for Ollie's true heart. That makes this story intensely personal and refreshingly sentimental.

It is ultimately an introspective look into who and what is Oliver Queen, a man with ties to almost every important person in the DC Universe, who has more heart than almost anyone and at the same time harbors some of the darkest secrets - and by the end of the book, we see some of those secrets surfacing and the gnawing effect it has on the man. But this book is never pessimistic or bleak. In fact, ever since the beginning of this new series (with Smith's "Quiver"), there is an overwhelming sense of triumphant joy displayed throughout the storytelling. Perhaps this has to do with the very expressive art of Phil Hester and Ande Parks - who are soon turning to be the definitive G.A. artists of our generation. I admit that I wasn't immediately taken to their more "cartoonish" style since most of the great G.A. artists of the past employ a far more realistic art style; e.g. Neal Adams and Mike Grell.

The book also includes the full script to chapter one, a foreword by some senator and afterwords by Brad Meltzer and Greg Rucka along with the reproduced covers and some notes about the creation of those Matt Wagner painted covers.

Lastly, I'd like to say something about the current trends in comics-storytelling. In recent years, there seems to be a general aversion towards stories built over decades of continuity. The clearest representation of this are works of the Nu-Marvel folks - especially those involve in the "Ultimate" books. The reason is simple - books not-mired by continuity make easier "jump-on" points and thus the possibility of hooking new readers. Well, this Green Arrow story, along with those by Kevin Smith, are rooted in DECADES of continuity. And that's why is works! The storytelling acknowledges everything that came before - giving the characters of Oliver Queen, Roy Harper, Dinah Lance, Connor Hawke, etc a surprising amount of depth and emotional realism - while reinterpreting these Silver Age characters with the more-informed complexities of our age. In my book, that's the meaning of "Ultimate" - not rootless but the genuine and best version of something. Take my challenge - give this book, "Green Arrow: The Archer's Quest" to anyone, any non-comic reader, and see his/her reaction. The high chance is that he/she may soon become a fan and start digging deeper to understand the history and background of it all. This is the Ultimate Green Arrow.

One of the best political satires ever written. This is Book Two regarding the political career of Jim Hacker. Have you every wondered why political schemes never seem to have any practical value? You simply must read this book and find out why that is. Some of the outstanding short stories have been mentioned by other reviewers here, but the Athiest Bishop simply cannot be recommended enough. However, the diplomatic incident over the puppy is probably my favorite. I also loved how a chain smoker becomes Minister of Health. Also, pay attention to Bernard's character thoughout the stories, as one can never be sure what side he'll be on from beginning to end. Cheers to the authors! It doesn't get any better than this!

If you enjoyed the "Yes Minister" and "Yes Prime Minister" books, be sure to read John Mortimer's "Rumpole of the Bailey" series.

It is suitable for both popular and fine taste. I'm sure you'll have a more-than-pleasant reading experience and a more-than-enough understanding of the hypotetical political leader's hypotetical idiotic behavior in a hypothetical political system of a real English-speaking country. Although it is seemingly a novelized British drama, the printed version of "Yes Prime Minister" makes excellent use of the edge of novel to tell the story. The expression of individual's opinion of a event surely presents how single-minded or even absent-minded the characters are. Even more interesting, there are handwritten notes of the subjects, newspaper cutting of their events, and script of media interview which fully demonstrates the moronic ideas and performances of James Hacker as well as the tactical handling of his boss by Sir Humphrey Appleby. And the intervention, most of the time in a literary perspective and untimely, by Benard Wooley further makes the team more a laughing stock.

If you ask my opinion, in the fullest of time, by means of thorough investigation of both the pros and cons, and not to put too fine a point, it is justifiable to a certain extent to consume a certain amount of time to literally, if not semanticaly to digest the information and mark the word by a person who is in this review using the perpendicular pronoun, I.

Were the "Yes Minister" and "Yes Prime Minister" series NOT part of television immortality, this book would STILL succeed, stand out in its own right as one of the classic political satires.

The authors' conceit is that we are in the year 2050 (or so), and Sir Humphrey's dithering protege, the ineffectual Bernard, is now an eminence grise who has taken it upon himself to compile the diaries of the legendary PM Jim Hacker. Hacker, whose populist, extreme-middle-of-the-road politics make him more a John McCain figure than a Tony Blair, does score the odd coup, as when he foils a nasty invasion of a former British colony. But by and large he is at the mercy of Humphrey Appleby and his bureacratic machine. As he tells he diary, Government has the engine of a Volkswagen and the brakes of a Rolls-Royce. This and other universal truths ensure "Yes Prime Minister" will endure for the ages, and it is a pity this work is out of print. My favorite moment is where Hacker, on the verge of ascending the "greasy pole" of parliamentary politics to become PM, campaigns against a European directive seeking to standardize the recipe for sausages. "I am up to my neck in this Euro-sausage business," he remarks. "Not literally, we hope - Ed" is the parenthetical aside.

Just when I had given up on finding anything to equal YM in style, humour and class, Messrs Lynn and Jay have outdone themselves. They know all the traps - millions have watched the shows, the characters are familiar and the plots well-known. But these writers, once again, have managed to outdo their creations, using humour like rarely done before (or, I suspect, since). Buy it, read it, and reread it.

And then read it again. It is the book that keeps on giving.

Like many tie-ins with British television shows,_YPM Diaries_ is a print version of the show, written in the voice of the characters. And , as is also the apparent British custom, it includes material previously aired. In fact, its chapters are the televised episodes themselves.

But this book goes well beyond the scripts of the shows. It definitely recognizes the difference in the two media and comes up with a lot of new material unique to the book itself. One of the cleverest inclusions is that of handwritten notes between principle characters. For instance, there are whole dialogues in this correspondence format between Humphrey and the Prime Minister which haven't appeared in any other media. Also, the diaries themselves include a lot of original material which amplify points made in the televised versions.

Aside from being an absolutely smashing read, this is an excellent resource for the student of British politics. From this book I got a lot of ideas for term papers which impressed my British politics professor.

I think, though, that the most valuable thing this book will impart is a kind of lens through which to view British politics. I don't mean to oversell the utility of the work, but especially for the American viewer uninitiated in the ways of the parliamentary form of government, YM/YPM truly helps one see how things get done--or undone--in Her Majesty's Government.