Authors: Johnny Long. Jack Wiles.
Paperback, 480 pages
Publisher: Syngress
Publication Date: 2008-02-21


Reviews :

    As the cliché reminds us, information is power. In this age of computer systems and technology, an increasing majority of the world's information is stored electronically. It makes sense then that as an industry we rely on high-tech electronic protection systems to guard that information. As a professional hacker, I get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary. After hundreds of jobs, I discovered the secret to bypassing every conceivable high-tech security system. This book reveals those secrets, and as the title suggests, it has nothing to do with high technology. As it turns out, the secret isn't much of a secret at all. Hackers have known about these techniques for years. Presented in a light, accessible style, you'll get to ride shotgun with the authors on successful real-world break-ins as they share photos, videos and stories that prove how vulnerable the high-tech world is to no-tech attacks.

As you browse this book, you'll hear old familiar terms like "dumpster diving", "social engineering", and "shoulder surfing". Some of these terms have drifted into obscurity to the point of becoming industry folklore; the tactics of the pre-dawn information age. But make no mistake; these and other old-school tactics work with amazing effectiveness today. In fact, there's a very good chance that someone in your organization will fall victim to one or more of these attacks this year. Will they be ready?

. Dumpster Diving
Be a good sport and don't read the two "D" words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny).
. Tailgating
Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows.
. Shoulder Surfing
If you like having a screen on your laptop so you can see what you're working on, don't read this chapter.
. Physical Security
Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity?
. Social Engineering with Jack Wiles
Jack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal "war stories" from the trenches of Information Security and Physical Security.
. Google Hacking
A hacker doesn't even need his own computer to do the necessary research. If he can make it to a public library, Kinko's or Internet cafe, he can use Google to process all that data into something useful.
. P2P Hacking
Let's assume a guy has no budget, no commercial hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself.
. People Watching
Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter we'll take a look at a few examples of the types of things that draws a no-tech hacker's eye.
. Kiosks
What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash?
. Vehicle Surveillance
Most people don't realize that some of the most thrilling vehicular espionage happens when the cars aren't moving at all!...

Authors: Chris Seibold.
Paperback, 640 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2008-04-17


Reviews :

    Bigger in size, longer in length, broader in scope, and even more useful than our original Mac OS X Hacks, the new Big Book of Apple Hacks offers a grab bag of tips, tricks and hacks to get the most out of Mac OS X Leopard, as well as the new line of iPods, iPhone, and Apple TV.

With 125 entirely new hacks presented in step-by-step fashion, this practical book is for serious Apple computer and gadget users who really want to take control of these systems. Many of the hacks take you under the hood and show you how to tweak system preferences, alter or add keyboard shortcuts, mount drives and devices, and generally do things with your operating system and gadgets that Apple doesn't expect you to do. The Big Book of Apple Hacks gives you:

• Hacks for both Mac OS X Leopard and Tiger, their related applications, and the hardware they run on or connect to
• Expanded tutorials and lots of background material, including informative sidebars
• "Quick Hacks" for tweaking system and gadget settings in minutes
• Full-blown hacks for adjusting Mac OS X applications such as Mail, Safari, iCal, Front Row, or the iLife suite
• Plenty of hacks and tips for the Mac mini, the MacBook laptops, and new Intel desktops
• Tricks for running Windows on the Mac, under emulation in Parallels or as a standalone OS with Bootcamp

The Big Book of Apple Hacks is not only perfect for Mac fans and power users, but also for recent -- and aspiring -- "switchers" new to the Apple experience. Hacks are arranged by topic for quick and easy lookup, and each one stands on its own so you can jump around and tweak whatever system or gadget strikes your fancy. Pick up this book and take control of Mac OS X and your favorite Apple gadget today!

...

Authors: Gina Trapani.
Paperback, 336 pages
Publisher: Wiley
Publication Date: 2006-12-18
Edition: 1

Reviews :

    Redefine your personal productivity by tweaking, modding, mashing up, and repurposing Web apps, desktop software, and common everyday objects. The 88 "life hacks" -- clever shortcuts and lesser-known, faster ways to complete a task -- in this book are some of the best in Lifehacker.com's online archive. Every chapter describes an overarching lifehacker principle, then segues into several concrete applications. Each hack includes a step-by-step how-to for setting up and using the solution with cross-platform software, detailed screen shots, and sidebars with additional tips. Order your copy today and increase your productivity!...

Authors: Danny Goodman.
Paperback, 1322 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2006-12-27
Edition: 3

Reviews :

    Packed with information on the latest web specifications and browser features, this new edition is your ultimate one-stop resource for HTML, XHTML, CSS, Document Object Model (DOM), and JavaScript development. Here is the comprehensive reference for designers of Rich Internet Applications who need to operate in all modern browsers, including Internet Explorer 7, Firefox 2, Safari, and Opera.

With this book, you can instantly see browser support for the latest standards-based technologies, including CSS Level 3, DOM Level 3, Web Forms 2.0, XMLHttpRequest for AJAX applications, JavaScript 1.7, and many more. This new edition:

• Provides at-a-glance references for the tags, attributes, objects, properties, methods, and events of HTML, XHTML, CSS, DOM, and core JavaScript. You can quickly look up a particular feature or language term to see if it is available in desired browser brands and versions.
• Includes handy cross referencing that lets you look up an attribute (or object property, method, or event type) to find all the items that recognize it, including interrelated HTML tags, style properties, and document object model methods, properties, and events.
• Offers appendices where you can quickly locate values useful in HTML authoring and scripting. You'll find coverage of commands used across three browsers for user-editable content.
• Includes a glossary that gives you quick explanations of some of the new and potentially confusing terminology of DHTML.

Dynamic HTML: The Definitive Reference speeds the way to adding sophisticated features to your web pages. Indispensable, complete, and succinct, this bestselling guide is the must-have compendium for all web developers involved in creating dynamic web content.

...

    Danny Goodman felt that he couldn't trust any of the documentation on Dynamic HTML (DHTML) that he read (too many contradictions), so he wrote this book as a reference for working with his own clients. After testing tags and techniques on multiple releases of the main browsers, Goodman came up with very practical information--some of which you may not find in any other resource.

Goodman assumes a solid foundation, if not expertise, in basic HTML and an understanding of what DHTML is all about. From those assumptions, he presents a meaty, information-dense volume. The first of the book's four sections discusses industry standards and how to apply the basic principles of DHTML. He emphasizes the differences in Web browsers and discusses how to build pages so that they work well in both Netscape Navigator and Microsoft Internet Explorer. The second section is an extensive, quick reference of all the tags, objects, and properties of HTML, cascading style sheets, Document Object Model, and core JavaScript. A particularly handy cross-reference guide to this information follows, helping you locate it in alternate ways. The final section contains appendices, with useful tables of values and commands. --Elizabeth Lewis...

Authors: Silvia Hagen.
Paperback, 436 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2006-05-17
Edition: 2

Reviews :

    "IPv6 Essentials," Second Edition provides a succinct, in-depth tour of all the new features and functions in IPv6. It guides you through everything you need to know to get started, including how to configure IPv6 on hosts and routers and which applications currently support IPv6. The new IPv6 protocols offers extended address space, scalability, improved support for security, real-time traffic support, and auto-configuration so that even a novice user can connect a machine to the Internet. Aimed at system and network administrators, engineers, network designers, and IT managers, this book will help you understand, plan for, design, and integrate IPv6 into your current IPv4 infrastructure.

Beginning with a short history of IPv6, author Silvia Hagen provides an overview of new functionality and discusses why we need IPv6. Hagen also shares exhaustive discussions of the new IPv6 header format and Extension Headers, IPv6 address and ICMPv6 message format, Security, QoS, Mobility and, last but not least, offers a Quick Start Guide for different operating systems. "IPv6 Essentials," Second Edition also covers: In-depth technical guide to IPv6 Mechanisms and Case Studies that show how to integrate IPv6 into your network without interruption of IPv4 services Routing protocols and upper layer protocols Security in IPv6: concepts and requirements. Includes the IPSEC framework and security elements available for authentication and encryption Quality of Service: covers the elements available for QoS in IPv6 and how they can be implemented Detailed discussion of DHCPv6 and Mobile IPv6 Discussion of migration cost and business case Getting started on different operating systems: Sun Solaris, Linux, BSD, Windows XP, and Cisco routers

Whether you're ready to start implementing IPv6 today or are planning your strategy for the future, "IPv6 Essentials," Second Edition will provide the solid foundation you need to get started.

"Silvia's look at IPv6 is always refreshing as she translates complex technology features into business drivers and genuine end-user benefits to enable building new business concepts based on end to end models." Latif Ladid, President IPv6 Forum, Chair EU IPv6 Task Force...

Authors: Ivan Ristic.
Paperback, 432 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-03-15


Reviews :

    With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

• install and configure Apache
• prevent denial of service (DoS) and other attacks
• securely share servers
• control logging and monitoring
• secure custom-written web applications
• conduct a web security assessment
• use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server....

Authors: Niels Ferguson. Bruce Schneier.
Paperback, 432 pages
Publisher: Wiley
Publication Date: 2003-03-28
Edition: 1st

Reviews :

    Security is the number one concern for businesses worldwide. The gold standard for attaining security is cryptography because it provides the most reliable tools for storing or transmitting digital information. Written by Niels Ferguson, lead cryptographer for Counterpane, Bruce Schneier's security company, and Bruce Schneier himself, this is the much anticipated follow-up book to Schneier's seminal encyclopedic reference, Applied Cryptography, Second Edition (0-471-11709-9), which has sold more than 150,000 copies.
Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off-line payment protocols. He has published numerous scientific papers.
Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed-security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0-471-25311-1)....

Authors: Chris Hurley.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2007-10-12


Reviews :

    Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

. Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
. Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
. Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
. Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
. Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
. Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
. Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
. Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
. Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab....

Authors: Nicolai M. Josuttis.
Paperback, 342 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2007-08-24


Reviews :

    This book demonstrates service-oriented architecture (SOA) as a concrete discipline rather than a hopeful collection of cloud charts. Built upon the author's firsthand experience rolling out a SOA at a major corporation, SOA in Practice explains how SOA can simplify the creation and maintenance of large-scale applications. Whether your project involves a large set of Web Services-based components, or connects legacy applications to modern business processes, this book clarifies how -- and whether -- SOA fits your needs. SOA has been a vision for years. This book brings it down to earth by describing the real-world problems of implementing and running a SOA in practice. After defining SOA's many facets, examining typical use patterns, and exploring how loose coupling helps build stronger applications, SOA in Practice presents a framework to help you determine when to take advantage of SOA. In this book you will: Focus squarely on real deployment and technology, not just standards maps Examine business problems to determine which ones fit a SOA approach before plastering a SOA solution on top of them Find clear paths for building solutions without getting trapped in the mire of changing web services details Gain the experience of a systems analyst intimately involved with SOA "The principles and experiences described in this book played an important role in making SOA at T-Mobile a success story, with more than 10 million service calls per day." --Dr. Steffen Roehn, Member of the Executive Committee T-Mobile International (CIO) "Nicolai Josuttis has produced something that is rare in the over-hyped world of SOA; a thoughtful work with deep insights based on hands-on experiences. This bookis a significant milestone in promoting practical disciplines for all SOA practitioners." --John Schmidt, Chairman, Integration Consortium "The book belongs in the hands of every CIO, IT Director and IT planning manager." --Dr. Richard Mark Soley, Chairman and CEO, Object Management Group; Executive Director, SOA Consortium...

Authors: Johnny Long.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2007-11-02
Edition: 1

Reviews :

    A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.
-Johnny Long

. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more....