Authors: DerEngel.
Paperback, 320 pages
Publisher: No Starch Press
Publication Date: 2006-09-10


Reviews :

    Take control of your cable modem...

Authors: Joel Scambray. Mike Shema. Caleb Sima.
Paperback, 520 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2006-06-05
Edition: 2

Reviews :

   

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

...

Authors: Shon Harris. Allen Harper. Chris Eagle. Jonathan Ness. Michael Lester.
Paperback, 434 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2004-11-09
Edition: 1

Reviews :

    Analyze your company’s vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker’s Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position....

Authors: Terri Cullen.
Paperback, 224 pages
Publisher: Three Rivers Press
Publication Date: 2007-07-10


Reviews :

    It could happen when you make a routine withdrawal from an ATM, respond to an e-mail asking for information about an online account, or leave a new box of checks unattended in your mailbox. Identity theft is one of the easiest crimes to commit in America—and one of the hardest to prosecute. As thieves become increasingly clever, Americans have more reasons than ever to fear this elusive, ubiquitous crime. Now there’s a book to help you beat it.

In two easy-to-understand sections, Terri Cullen, The Wall Street Journal’s expert on identity theft, first walks you through the most common types of identity theft and how to arm yourself against them, and then leads victims step-by-step through the process of reclaiming a stolen identity. The average victim loses more than $6,000 and spends approximately 600 hours negotiating the complex bureaucracies and paperwork—this book will help save time and effort by laying out the process. And by following the advice in the first half, you may never need the second!

You’ll learn:
• how to avoid the most common scams, from “phishing” to “dumpster diving”
• why children under eighteen are the fastest-growing target, and how you can protect your family
• why your credit report is the single most important document for protecting your identity
• how to use the sample letters, forms, and other useful tools inside for recovering from identity theft

In today’s marketplace, your two most valuable assets are your credit and your identity. No one should be without this vital guide to protecting them....

Authors: Greg Hoglund. Gary McGraw.
Paperback, 512 pages
Publisher: Addison-Wesley Professional
Publication Date: 2004-02-27


Reviews :

    Praise for Exploiting Software "Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design--a key change from where we are today!" --Tony Scott Chief Technology Officer, IS&S General Motors Corporation "It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play."--Bruce Schneier Chief Technology Officer Counterpane Author of Beyond Fear and Secrets and Lies "Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the 'worm of the day' phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security." --Elinor Mills Abreu Reuters' correspondent "Police investigators study how criminals think and act. Military strategists learn about the enemy's tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Through extensive examples and 'attack patterns,' this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems.Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security." --Jeremy Epstein Director, Product Security & Performance webMethods, Inc. "A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment--that is, everyone who writes or installs programs that run on the Internet." --Dave Evans, Ph.D.Associate Professor of Computer Science University of Virginia "The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere." --Ken Cutler, CISSP, CISA Vice President, Curriculum Development & Professional Services, MIS Training Institute "This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer's and security person's library!" --Matt Bishop, Ph.D.Professor of Computer Science University of California at Davis Author of Computer Security: Art and Science "Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can't afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild." --Ron Moritz, CISSP Senior Vice President, Chief Security Strategist Computer Associates "Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way.Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle." --George Cybenko, Ph.D. Dorothy and Walter Gramm Professor of Engineering, Dartmouth Founding Editor-in-Chief, IEEE Security and Privacy "This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a few chapters you find yourself deep in the intimate details of software security. It is the rare technical book that is a readable and enjoyable primer but has the substance to remain on your shelf as a reference. Wonderful stuff." --Craig Miller, Ph.D. Chief Technology Officer for North America Dimension Data "It's hard to protect yourself if you don't know what you're up against. This book has the details you need to know about how attackers find software holes and exploit them--details that will help you secure your own systems." --Ed Felten, Ph.D. Professor of Computer Science Princeton University "If you worry about software and application vulnerability, Exploiting Software is a must-read.This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging way." --George Cybenko, Ph.D. Dorothy and Walter Gramm Professor of Engineering, Dartmouth Founding Editor-in-Chief, IEEE Security and Privacy Magazine "Exploiting Software is the best treatment of any kind that I have seen on the topic of software vulnerabilities." --From the Foreword by Aviel D. Rubin Associate Professor, Computer Science Technical Director, Information Security Institute, Johns Hopkins University How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you--and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about *Why software exploit will continue to be a serious problem *When network security mechanisms do not work *Attack patterns *Reverse engineering *Classic attacks against server software *Surprising attacks against client software *Techniques for crafting malicious input *The technical details of buffer overflows *Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software....

    Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation.

PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall

Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening....

Authors: Susan Snedaker.
Paperback, 576 pages
Publisher: Syngress
Publication Date: 2005-09-01
Edition: 1

Reviews :

    Most IT projects fail to deliver, on average, all IT projects run over schedule by 82%, run over cost by 43% and deliver only 52% of the desired functionality. Pretty dismal statistics. Using the proven methods in this book, every IT project you work on from here on out will have a much higher likelihood of being on time, on budget and higher quality.

This book provides clear, concise, information and hands-on training to give you immediate results. And, the companion Web site provides dozens of templates for managing IT projects. You don't need an advanced degree in project management or a black belt in Six Sigma methodologies to improve your IT project results. What you need is a clear, concise and easy-to-implement system for managing all IT projects.

This book will teach you how to improve your IT project results from start to finish without bogging you down in complex project management jargon or systems. This book provides hands-on training to help you get immediate results. You can read the book straight through or work through it chapter by chapter--either way, you'll pick up invaluable tools to help you on your next (or current) IT project. From idea to implementation, any IT project you work on will benefit immediately from applying the concepts in this book. If you could increase your project's ROI by 80%, reduce your project's schedule by 20% and increase your project success rate by 35%, wouldn't you do that? These statistics are the average improvements seen after implementing IT project management. This book will assist you in improving every aspect of your IT projects and you'll learn to develop the right size plan for your project-- not a one size fits all approach.

...

Authors: Ira Winkler.
Hardcover, 346 pages
Publisher: Wiley
Publication Date: 2005-04-08
Edition: 1

Reviews :

    Ira Winkler has been dubbed "A Modern Day James Bond" by CNN and other media outlets for his ability to simulate espionage attacks against many of the top companies in the world, showing how billions of dollars can disappear. This unique book is packed with the riveting, true stories and case studies of how he did it-and how people and companies can avoid falling victim to the spies among us.

American corporations now lose as much as $300 billion a year to hacking, cracking, physical security breaches, and other criminal activity. Millions of people a year have their identities stolen or fall victim to other scams. In Spies Among Us, Ira Winkler reveals his security secrets, disclosing how companies and individuals can protect themselves from even the most diabolical criminals. He goes into the mindset of everyone from small-time hackers to foreign intelligence agencies to disclose cost-effective countermeasures for all types of attacks.

In Spies Among Us, readers learn:
* Why James Bond and Sydney Bristow are terrible spies
* How a team was able to infiltrate an airport in a post-9/11 world and plant a bomb
* How Ira and his team were able to steal nuclear reactor designs in three hours
* The real risks that individuals face from the spies that they unknowingly meet on a daily basis
* Recommendations for how companies and individuals can secure themselves against the spies, criminals, and terrorists who regularly cross their path...

Authors: Frank W. Abagnale.
Paperback, 256 pages
Publisher: Broadway
Publication Date: 2008-05-13


Reviews :

   

The charismatic forger immortalized in the film Catch Me If You Can exposes the astonishing tactics of today’s identity theft criminals and offers powerful strategies to thwart them based on his second career as an acclaimed fraud-fighting consultant.
Consider these sobering facts:

        *Six out of ten American companies and government agencies have already been hacked.

        *An estimated 80 percent of birth certificate requests are fulfilled through the mail for people using only a name and a return address. So I could take your name and use my address, and get your birth certificate. From there I’m off to the races.

        *Americans write 39 billion checks a year, and half of these folks never reconcile their bank statements.

        *A Social Security number costs $49 on the black market. A driver’s license goes for $90. A birth certificate will set you back $79.


When Frank Abagnale trains law enforcement officers around the country about identity theft, he asks officers for their names and addresses and nothing more. In a matter of hours he can obtain everything he would need to steal their lives: Social Security numbers, dates of birth, current salaries, checking account numbers, the names of everyone in their families, and more. This illustrates how easy it is for anyone from anywhere in the world to assume our identities and in a matter of hours devastate our lives in ways that can take years to recover from. Considering that a fresh victim is hit every four seconds, Stealing Your Life is the reference everyone needs by an unsurpassed authority on the latest identity theft schemes.

Abagnale offers dozens of concrete steps to transform anyone from an easy mark into a hard case that criminals are likely to bypass:

• Don’t allow your kids to use the computer on which you do online banking and store financial records (children are apt to download games and attachments that host damaging viruses or attract spyware).

• Beware of offers that appeal to greed or fear in exchange for personal data.

• Monitor your credit report regularly and know if anyone’s been “knocking on your door.”

• Read privacy statements carefully and choose to opt out of sharing information whenever possible.


Brimming with anecdotes of creative criminality that are as entertaining as they are enlightening, Stealing Your Life is the practical way to shield yourself from one of today’s most nefarious and common crimes.

...

Authors: Ryan Russell. Ido Dubrawsky. FX. Joe Grand. Tim Mullen.
Paperback, 330 pages
Publisher: Syngress
Publication Date: 2003-04-01
Edition: 1

Reviews :

    "Stealing the Network: How to Own the Box is a unique book in the fiction department. It combines stories that are false, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else; it provides a glimpse into the creative minds of some of today’s best hackers, and even the best hackers will tell you that the game is a mental one." - from the foreword by Jeff Moss, President & CEO, BlackHat, Inc....

    Stealing the Network is a book of science fiction. It's a series of short stories about characters who gain unauthorized access to equipment and information, or deny use of those resources to the people who are meant to have access to them. The characters, though sometimes well described, are not the stars of these stories. That honor belongs to the tools that the black-hat hackers use in their attacks, and also to the defensive measures arrayed against them by the hapless sysadmins who, in this volume, always lose. Consider this book, with its plentiful detail, the answer to every pretty but functionally half-baked user interface ever shown in a feature film.

One can read this book for entertainment, though its writing falls well short of cyberpunk classics like Burning Chrome and Snow Crash. Its value is in its explicit references to current technologies--Cisco routers, OpenSSH, Windows 2000--and specific techniques for hacking them (the heroes and heroines of this book are always generous with command-history dumps). The specific detail may open your eyes to weaknesses in your own systems (or give you some ideas for, ahem, looking around on the network). Alternately, you can just enjoy the extra realism that the detail adds to these stories of packetized adventure. --David Wall...

Authors:
Paperback, 276 pages
Publisher: Silver Lake Publishing
Publication Date: 2006-05-30


Reviews :

    Phishing. Spoofing. Spyware. Swoop and squat. Malicious spam. Chain letters. Ponzi schemes. ID theft. The Internet Era has created a whole class of frauds and schemes that separate people from their money. It's also given new life to older cons and scams. This book organizes various rip-offs by type and severity. Then it explains how each type of scam works -- and how an ordinary person can recognize it before getting taken in. Drawing on interviews with law enforcement experts, victims and even crooks, this book gives readers a state-of-the-art primer on financial crimes and the sleazy dealings that fall slightly short of illegal. It also uses real-life case studies of frauds, to show how they start and how they end -- all in a plain-English style that everyone can enjoy. And this book does more than just tell stories; it gives readers questions, checklists, worksheets and other tools to make sure they're not being scammed -- or to take the right actions if they have been....