Authors: IOActive.
Paperback, 316 pages
Publisher: Syngress
Publication Date: 2008-03-12
Edition: 1st

Reviews :

    If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pro's interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the world's most powerful and popular took for reverse engineering code.

*Reverse Engineer REAL Hostile Code
To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!... 'nuff said.
*Download the Code!
The companion Web site to this book offers up really evil code for you to reverse engineer and really nice code for you to automate tasks with the IDC Scripting Language.
*Portable Executable (PE) and Executable and Linking Formats (ELF)
Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering.
*Break Hostile Code Armor and Write your own Exploits
Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow.
*Master Debugging
Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers.
*Stop Anti-Reversing
Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how!
*Track a Protocol through a Binary and Recover its Message Structure
Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message.
*Develop IDA Scripts and Plug-ins
Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks....

Authors: Joel McNamara.
Paperback, 408 pages
Publisher: Wiley
Publication Date: 2003-06-02
Edition: 1st

Reviews :

    * Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government
* Author shares easily-implemented countermeasures against spying to detect and defeat eavesdroppers and other hostile individuals
* Addresses legal issues, including the U.S. Patriot Act, legal spying in the workplace, and computer fraud crimes
* Companion Web site contains links to security tools and useful security information resources...

Authors: Eric Seagren.
Paperback, 480 pages
Publisher: Syngress
Publication Date: 2007-01-26


Reviews :

    If you believe that an intrusion detection system, regular vulnerability scanning, automated network device inventory, or firewall usage statistics are not in the IT budget, they are. All of these features and many more are available for free. A wide variety of quality security products are out there and available for use absolutely free of charge. All one needs is a little know how, some helpful examples like the ones in this book, and a desire to have a secure network.

This book shows you how to secure your network from top to bottom without spending a penny on security software using best of breed open source software including Snort, Nessus, and Ethereal. This book is a comprehensive step-by-step guide to securing your network using freely available software. It discusses the pros and cons of using some of the free software and also demonstrate the installation, configuration, and use of the software to secure your network. It is intended as a one-stop manual for network security for those on a budget, or those simply wanting to increase their network knowledge. This book covers all aspects of securing your network. It discusses the business case for using open source and free software security solutions. It also touches upon the various free options to cover a given security concern, and then walk through an actual implementation using the best of breed product, providing actual real-world examples.

...

Authors: Tony Steidler-Dennison.
Paperback, 329 pages
Publisher: SitePoint
Publication Date: 2005-12-15


Reviews :

    This book is for Web Developers who want to learn how to use Linux & Apache for Website Hosting. The first chapters will teach you how to install Linux and Apache 2.0 on a home or office machine for testing purposes. Then you'll learn how to perform dozens of common tasks including:

• Updating server software
• Setting up new Websites, Email Accounts and Subdomains
• Configuring various Linux & Apache files related to performance and security
• Install spam filtering software
• Perform automatic backups and crash recoveries

And much more.

This is the ideal book for anyone who wants to run Websites using a leased or co-located Linux server, without having to spends thousands of dollars annually on third party support and management.

...

Authors: Jonathan Zdziarski.
Paperback, 312 pages
Publisher: No Starch Press
Publication Date: 2005-07-01


Reviews :

    Join author John Zdziarski for a look inside the brilliant minds that have conceived clever new ways to fight spam in all its nefarious forms. This landmark title describes, in-depth, how statistical filtering is being used by next-generation spam filters to identify and filter unwanted messages, how spam filtering works and how language classification and machine learning combine to produce remarkably accurate spam filters.

After reading Ending Spam, you'll have a complete understanding of the mathematical approaches used by today's spam filters as well as decoding, tokenization, various algorithms (including Bayesian analysis and Markovian discrimination) and the benefits of using open-source solutions to end spam. Zdziarski interviewed creators of many of the best spam filters and has included their insights in this revealing examination of the anti-spam crusade.

If you're a programmer designing a new spam filter, a network admin implementing a spam-filtering solution, or just someone who's curious about how spam filters work and the tactics spammers use to evade them, Ending Spam will serve as an informative analysis of the war against spammers.

TOC Introduction

PART I: An Introduction to Spam Filtering Chapter 1: The History of Spam Chapter 2: Historical Approaches to Fighting Spam Chapter 3: Language Classification Concepts Chapter 4: Statistical Filtering Fundamentals

PART II: Fundamentals of Statistical Filtering Chapter 5: Decoding: Uncombobulating Messages Chapter 6: Tokenization: The Building Blocks of Spam Chapter 7: The Low-Down Dirty Tricks of Spammers Chapter 8: Data Storage for a Zillion Records Chapter 9: Scaling in Large Environments

PART III: Advanced Concepts of Statistical Filtering Chapter 10: Testing Theory Chapter 11: Concept Identification: Advanced Tokenization Chapter 12: Fifth-Order Markovian Discrimination Chapter 13: Intelligent Feature Set Reduction Chapter 14: Collaborative Algorithms

Appendix: Shining Examples of Filtering

Index

...

Authors: Ian H. Witten. David Bainbridge.
Paperback, 552 pages
Publisher: Morgan Kaufmann
Publication Date: 2002-07-15
Edition: 1st

Reviews :

   

Given modern society's need to control its ever-increasing body of information, digital libraries will be among the most important and influential institutions of this century. With their versatility, accessibility, and economy, these focused collections of everything digital are fast becoming the "banks" in which the world's wealth of information is stored.

How to Build a Digital Library is the only book that offers all the knowledge and tools needed to construct and maintain a digital library-no matter how large or small. Two internationally recognized experts provide a fully developed, step-by-step method, as well as the software that makes it all possible. How to Build a Digital Library is the perfectly self-contained resource for individuals, agencies, and institutions wishing to put this powerful tool to work in their burgeoning information treasuries.

* Sketches the history of libraries-both traditional and digital-and their impact on present practices and future directions
* Offers in-depth coverage of today's practical standards used to represent and store information digitally
* Uses Greenstone, freely accessible open-source software-available with interfaces in the world's major languages (including Spanish, Chinese, and Arabic)
* Written for both technical and non-technical audiences
* Web-enhanced with software documentation, color illustrations, full-text index, source code, and more...

Authors: Patrick Park.
Paperback, 384 pages
Publisher: Cisco Press
Publication Date: 2008-09-19
Edition: 1

Reviews :

   

Voice over IP Security

 

Security best practices derived from deep analysis of the latest VoIP network threats

 

Patrick Park

 

VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements.

 

Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence.

 

Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents.

 

Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco® as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering.

 

Understand the current and emerging threats to VoIP networks

Learn about the security profiles of VoIP protocols, including SIP, H.323, and MGCP

Evaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC)

Analyze and simulate threats with negative testing tools

Secure VoIP services with SIP and other supplementary protocols

Eliminate security issues on the VoIP network border by deploying an SBC

Configure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network traffic

Implement lawful interception into VoIP service environments

 

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged

networks, and implement network

solutions for increased productivity.

 

Category: Networking—IP Communication

Covers: VoIP Security

...

Authors: David Pollino. Bill Pennington. Tony Bradley. Himanshu Dwivedi.
Paperback, 400 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2006-04-25
Edition: 3

Reviews :

   

The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.

...

Authors: Brian S. McWilliams.
Hardcover, 256 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2004-09
Edition: 1st

Reviews :

    More than sixty percent of today's email traffic is spam, according to email filtering firm Brightmail. This year alone, five trillion spam messages will clog Internet users in-boxes, costing society an estimated $10-billion in lost productivity, filtering software, and other expenses. Spam Kings: The Real Story behind the High-Rolling Hucksters Pushing Porn, Pills, and %*@)# Enlargements is the first book to expose the shadowy world of the people responsible for the junk email problem. Author and veteran investigative journalist Brian S. McWilliams delivers a compelling account of the cat-and-mouse game played by spam entrepreneurs in search of easy fortunes and those who are trying to stop them. Spam Kings chronicles the evolution of Davis Wolfgang Hawke, a notorious neo-Nazi leader (Jewish-born) who got into junk email in 1999. Using Hawke as a case study, Spam Kings traces the twenty-year-old neophyte's rise in the spam trade to his emergence as a major player in the lucrative penis pill market--a business that would eventually make him a millionaire and the target of lawsuits from AOL and others. Spam Kings also tells the parallel story of Susan Gunn, a computer novice in California who is reluctantly drawn into the spam wars and eventually joins a group of anti-spam activists. Her volunteer sleuth work puts her on a collision course with Hawke and other spammers, who try to wreak revenge on the antis. You'll also meet other cyber-vigilantes who have taken up the fight against spammers as well as the cast of quirky characters who comprise Hawke's business associates. The book sheds light on the technical sleight-of-hand--forged headers, open relays, harvesting tools, and bulletproof hosting--and other sleazy business practices that spammers use; the work of top anti-spam attorneys; the surprising new partnership developing between spammers and computer hackers; and the rise of a new breed of computer viruses designed to turn the PCs of innocent bystanders into secret spam factories....

Authors: Mel Reyes.
Paperback, 430 pages
Publisher: Wiley
Publication Date: 2005-08-05


Reviews :

    They dreamed of a better browser . . . and before you could say "explore no more," Firefox was born. But already you want more. Tighter security, greater functionality. A custom installation for Linux. Maybe even that unique extension you've always dreamed of creating. Well, if you want to tweak the Fox, here are over 400 pages of ways to do it. From hacking profile settings to cracking links and cleaning out the cookie jar, this is the stuff that puts you in control.

Step-by-step instructions for these hacks and dozens more

• Settings, content, and extension hacks
• Hacking the interface and themes
• Performance boosters
• Anti-phishing and security hacks
• Toolbar and status bar tweaks
• Navigation, download, and search hacks
• Hacks for common plugins
• Extension and theme creation

...