5 comments about Digital Evidence and Computer Crime, Second Edition.

1. This text was used for the digital evidence and computer crime class that I just completed. The book is clear and easy to understand. It goes into detail only when needed. I was concerned that this information would quickly become out of date, but the ideas presented are current and provide a solid background for understanding any newer technologies that come down the road. I usually sell my books after the semester ends, but I have decided to keep this one.



2. Sometimes, defense attorneys have it easy: one slip-up by the prosecution and evidence is thrown out. Knowing that, law enforcement goes to great lengths to ensure that evidence is appropriately collected and protected. That works well in the physical world, where law enforcement has many generations' worth of experience. But in the modern world of computers and digital networks, where the simple act of rebooting a computer is enough to wipe out large amounts of evidence, law enforcement clearly needs thorough guidance.

   Such a resource is here: Digital Evidence and Computer Crime, an excellent book that details the elements of digital crime. Author Eoghan Casey does a superb job of applying forensic science to computers. The information presented here is critical to a diverse audience: law enforcement, attorneys, forensic scientists, and systems administrators, for instance.

   While cybercrime law is in some ways similar to other aspects of criminal law, it nonetheless has its own language and categories. For instance, jurisdiction is a key element in both the physical and digital realms, but it is a much trickier concept in the latter. Casey develops this topic and many more. Those new to computers and networks need not worry: the book begins with an explanation of how they function. With the basics out of the way, Casey details how computers can be used in crime and how the evidence created from these activities can be used for later analysis....The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text. In all, the book and CD are an excellent introduction to an increasingly important area of law enforcement.




3. If you are new to this world this is where you should begin. Digital Evidence contains all the knowledge one could amass by obtaining PHD in computing. Especially when you don't have time for a Diploma. I have bought 5 books pertain to digital crime from USA and UK. But this is the one and only book I am recommending to any one in any continent who want to learn or new to this arena. All the other books in this field for Attorneys or with similar requirements are some what academic and may be boring. The CD-ROM accompanying the book gives you much needed hands on training, otherwise which will cost you at least US $ 4000, if you are to go to a training centre to do the same.



4. This is an excellent book from a real expert.

   Everyone and their brother are writing books about computer security and digital forensics.

   The difference here is that Eoghan Casey knows what he is talking about.

   Excellent book!




5. It describe all aspects about digital crimes using a clear language. It's very good for neubies.

5 comments about Real Digital Forensics: Computer Security and Incident Response.

1. There is a real lack of well written books in this category, and this one stands out because it is comprehensive, yet easy to digest and carefully laid out, including case studies to understand data capture and analysis techniques.
   
   The progression of the chapters mirror an investigative process; there is discussion of how to properly handle digital evidence, how to make a duplicate of the source data, and how to make sense of what you have collected. There are many real-world type case studies in the beginning of the book that could easily read off the front of any newspaper, and the captured evidence is on the included DVD for you to search to find the "smoking gun". Very well done.
   
   The book takes the unusual role of discussing not only the more popular commercial tools like EnCase or Forensic Tool Kit, but also all the open source tools available for free, which is a real plus if you don't have the deep pockets required for the retail products. The book also does an excellent job of explaining the advantages and shortcomings of all the products discussed, something not often seen in technical books. Along with the open source discussion are source web sites for downloading the tools. The accompanying DVD is packed with stuff to get you started. The book is filled with well illustrated screen shots to help you orient yourself when trying the programs yourself.
   
   Be forewarned, this book assumes a pretty reasonable amount of technical knowledge and while it addresses the commercial products available on the Win32 platform, a lot of tools and utilities referenced are written for Linux. While a novice investigator can certainly find value in the book, there is a lot of "meat" that even a seasoned professional will find useful.
   
   This is definitely the best book currently available on data forensic investigations.



2. As an author and instructor, I tend to be pretty picky about the books I choose to read and use in my classes. The authors present the material in a good logical progression. I especially like that it also provides sample evidence on the DVD. Most of the computer forensic books that currently exist contain mostly theory. This is the first good hands-on text that I have seen.
   
   The authors have captured a good cross section of scenarios and then guide you through each case in-depth, offering practical solutions when faced with obstacles. The content provides methodologies, techniques, and tools that anyone can use. In addition it covers a variety of media such as USB memory and Palm devices.
   
   This is a book that I will definitely keep. It is one of the best forensic investigations books currently on the market and would be a great asset to anyone wishing to enhance their skills.



3. This book is written in such a style that is easy to understand, yet technical and detailed enough to maintain your interest and attention all the way through.
   
   The book presents several ways of accomplishing the same tasks in a non-biased, non-vendor-specific way. It explores the use of free, open-source tools as well as commercial offerings, and drills down into forensic analysis of both Windows and Unix/Linux Operating Systems.
   
   The included CD contains actual forensic data and a few tools, which is both interesting and exciting to use while following along with the lessons in the book.
   
   After receiving this book and opening it to the first page, I was almost unable to set it down until I finished it. I received it on a Friday afternoon and I had completed reading it by the end of the weekend. I highly recommend this book to anyone with an interest in Computer or Network Security.



4. I took this book because it was told to me by my professor to purchase it.
   But after reading its content I feel its really worth buying this book.



5. Thanks a lot, we are very happy to have this book in our library!

3 comments about Crimeware: Understanding New Attacks and Defenses (Symantec Press).

1. If you are looking for a book to show you what the bad guys are doing with computers to steal data or comprise systems then this is the book for you.
   
   I really enjoyed chapter 7 on Bot Networks. Like most of the other chapters it covers the basics of the topic, then digs deeper into the workings of the subject. And if you really want deep detail the ending sections go into extremely deep details (the book says these sections may only be of interest to security researchers). Some of the ending sections were over my head. But, the ones I did understand opened my eyes to those topics in a different light.
   
   This book will be on my reference shelf for quite sometime due to the detail and range of topics covered.



2. Crimeware by Jakobsson and Ramzan sets a new standard for security books. It is both eminently pragmatic and at the same time, a scholarly work. I thought I knew a bit about malware, but I learned tons from the book. I struggled a bit with 16.2 Crimeware-Resistant Authentication and encourage the authors to take another look at that when they do second edition and this book simply must have a second edition. It will also be interesting to see if the taxonomy, chapter 2 takes hold. It would seem like we need a bit more of a classification system than Joanna Rutkowska's type 1 - 3 for our community.
   
   The book gets right down to it, most authors waste the first few chapters with background information. Now to be sure, this is background, but it is pretty deep background. My favorite chapter is 7, botnets, but 6.3 JavaScript is very well done and immediately useful information to know. For a high speed pass, chapter 8 rootkits will get you up to speed, but that needs a whole lot more material to really cover the topic.
   
   As this is an election year, and a crazy one at that, chapter 10 is a must read, it details a number of ways the election could be impacted, I think a bit about evoting machines might make a scary chapter even scarier. As soon as I finish this review, I need to send a note to a friend of mine concerned about click fraud, the authors do a great job on that in chapter 11.
   
   And the best thing, the authors do not just tell you how bad things are, they spend a lot of time talking about defense. And if I can offer a thank you to the fifty or so researchers that helped with the book, thank you very much, the defensive information community is far better off for your efforts. A must own, must read, must read soon if there ever was such a thing. Order it now!



3. Attackers usually choose the most vulnerable points as their targets. Thus, every computer user should be aware of the common tricks used by attackers. Crimeware investigate the attacks and defenses of malware from a variety of angles. It is the most complete book to introduce malware and the corresponding anti-measures. The first author, Markus Jakobsson, is one of the best researchers I know in cyber-security.

2 comments about The Wall Street Journal. Complete Identity Theft Guidebook: How to Protect Yourself from the Most Pervasive Crime in America (Wall Street Journal Identity Theft Guidebook: How to Protect).

1. *****
   I have read several identity theft books, and this book from the Wall Street Journal is by far the best. For starters, it is short, containing JUST the information you need to know. The first half of the book is about how to prevent identity theft. The second half of the book is about how to recover from identity theft. It is so helpful for me to have everything I need to know collected succinctly all in one place.
   
   The book covers things you can do to prevent identity theft and exactly how the latest scams are perpetrated so that you can be aware (including utility theft, employment identity theft, medical identity theft, and home equity theft). It covers understanding your credit report, including credit monitoring tools and other credit tools (including the differences between a credit alert and a credit freeze, something I had been confused about); the book identifies your credit report as the single most important document for protecting your identity. There are many examples of credit reports and how to interpret them. There is also information about identity theft and technology, made understandable for pretty much anyone.
   
   The second half of the book includes resources for identity theft recovery---numbers to call, sample letters, sample logs, laws, and more. Hopefully, by reading and implementing the first half of the book you will never need the second half of the book. Nothing is ever totally foolproof against identity theft, of course, but there are so many basic things you can do to minimize your risk of becoming a victim.
   
   Despite including all of this information, the book can be read by anyone in 4-5 hours. In my opinion, this is information everyone should be aware of. Law enforcement is overburdened and cannot be relied upon to protection; each person has to take personal responsibility to protect themselves, and this book is all you need to do so. You'll have work to do after reading the book, of course, but it will be worth it. Save you money, and if you want to just buy one book, make it this one.
   
   Highly recommended.
   *****



2. A thorough, easy-to-read depiction of how identities are stolen, how you can protect yourself, and what to do if your efforts fail. Significantly, the book points out that identity theft often is an inside job; i.e., it isn't a hacker in Russia, it is one of your nearest and dearest (?).

5 comments about The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage.

1. Although the event occured some 20 years ago the story is as relevant today as ever. Stoll relates his story well; how an afternoon spent tying up a 75c accounting error in the labs logging software leads him to suspect, and ultimately help catch, a hacker on the KGB payroll. The book is of particular interest to readers in the computing/info technology fields but any reader will find the story interesting. Stoll devotes much of his working day monitoring/logging the hacker's activities, putting aside his regular work. Following the hacker's trail reveals to Stoll how insecure the main US military computer networks are and how easy it is to access sensitive documents. The documents themselves might not be of a classified nature but when they information they contain is combined it provides a major insight in to the activities of the US military. On the way Stoll informs the various US agencies: CIA, NSA, FBI etc. about the hacker to hopefully gain their assistamce. Interesting insight is provided on the internal machinations of the agencies and their seeming reluctance to help. Stoll continues on regardless, tracking the hacker across the US to the European continent. Eventually the govt steps in as they get wind of espionage on a grand scale. The vast majority of the book focuses on Stoll's personal efforts with fairly scant coverage of the international efforts being carried out by the CIA etc. This is a result of Stoll only being able to extract a small amount of info from the CIA about the case. In a way it would have been interesting to have read more about the CIA/KGB end of things but that certainly doesn't detract from the appeal of Stoll's accounts. Well written and recommended.



2. I first read this book as one of the texts that were reviewed during an undergraduate computer security course. I found the book to be entertaining and informative. You won't be a better equipped computer security professional by reading this book; however, I think you will be better for it and hope you enjoy it as much as I did. I still recommend this book to people I talk to that are interested in an introduction to computer security.
   
   My wife also read the book. She knows nothing about computer networking or security, yet she found it to be a great story and was able to follow the storyline pretty easily.



3. The Cuckoo's egg was really a great book to read. It was thrilling and it gave you an insider's look of how computers work, operated and...broke, 40 years ago. Must read for any CS or computer ethusiast :)



4. This book was VERY well written considering it was a reconstruction of a log book....that sounds kind of cheezy but it was an awesome book. Each chapter keeps you digging deeper into how this guy did what he did to catch the hack. Half way through the book it seems like it's over and he has the guy, but a few twists, turns, a visit to NSA and CIA, and your still waiting for the guy to be caught. EXCELLENT play by play, great humor (tire factory in a microwave, HA HA), and all around closure on the last page. 100% recommendation.



5. As you can see from the reviews here, many people also love this book.
   
   I love the trip down memory lane that this book provides. Sure is fun to go back to a more innocent time and remember what it was like before the internet became huge. If you remember archie, gopher, kermit, then this is a book for you.
   
   Even if you're too young to remember this time, it would be quite fun to watch WAR GAMES and then read this book. I love the writing style--this is a real page-turner.

5 comments about Stealing Your Life: The Ultimate Identity Theft Prevention Plan.

1. It's a fallacy that our elected officials take forever to get things done. Two examples where Washington acted with speed are with the National Do Not Call Registry and the Sarbanes-Oxley Act.
   
   The National Do Not Call Registry was slated to take effect on October 1, 2003, but various marketing associations challenged its legitimacy and even if the FTC had the jurisdiction to enforce it. Notwithstanding, President Bush speedily signed the bill authorizing the no-call list to go into effect in September 2003 and the United State Court of Appeals upheld the constitutionality of the registry in February 2004.
   
   On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $7 billion by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 2673 that same day where it passed 97-0 less than three weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 3763) and on July 24, 2002, the Sarbanes-Oxley Act of 2002 was passed.
   
   The bottom line is that when politicians really want votes and PR, they can act swiftly. The frustration is exacerbated when politicians choose to do nothing when it comes to identity theft. In Stealing Your Life: The Ultimate Identity Theft Prevention Plan, Frank Abagnale details the frustration that consumers face (and will face in the years to come) when their identities are stolen, the ease at which the criminals carry out such crimes, and the months and often years of effort required to regain ones identity.
   
   Abagnale's tenure on the criminal side long ago gives him the advantage that he knows firsthand how criminals think and such an outlook is pervasive throughout the book. Looking at the current state of identity protection, he states that he is personally horrified at how easy identity theft is. In fact, he calls it "a crook's dream come true". The book details incident after incident where criminals and criminal gangs obtained credit in someone else's name with ease.
   
   What makes this worse is that the book shows how we haven't even scratched the surface of the identity theft problem. Everyone, including the FTC agrees that current identity theft figures are quite low, due to the fact that so many cases go unreported or undetected.
   
   The book notes that lenders often miscategorize a good deal of identity theft because it looks like delinquent bills, as opposed to a crime. Only later does the victim realize what has been going on and complains, at which time it becomes apparent that fraud was involved. But by that time, the money has been written off as a credit loss and then appears as negative information on the victim's credit report.
   
   Like many other books on the subject of identity theft, Stealing Your Life: The Ultimate Identity Theft Prevention Plan covers the main issues, and makes numerous suggestions on how to control your identity. What is interesting about the book is that Abagnale also focuses on why identity theft is so popular for today's criminals. One of the main reasons it that the person committing the crime has the odds significantly stacked in their favor. The book quotes a Gartner study that found that identity thieves have roughly a 1 in 700 chance of getting caught by law enforcement, which is a figure any criminal would jump at.
   
   The books 13 chapters are written in an easy to read and compelling style. The early chapters detail the prime causes of what makes identity theft such a problem and astutely notes that a large part of the problem is that financial services companies are conducting business today by doling out credit like candy and do almost nothing to ascertain that people really are who they say they are when applying for credit. In addition, issuers of credit in their haste to rack up more business frequently accept a social security number from an applicant at face value, without demanding proof. The book lists many examples of where children and dead people have been given credit.
   
   In chapter 6, the book lists 20 steps one can take in the hope of preventing identify theft. The author notes that since the punishment for identity theft, and the recovery of stolen goods from identity theft are so low, the only viable source of action is prevention by the individual. All 20 steps are fundamental, from protecting your social security number and examining your financial statements, to using a shredder and more.
   
   Chapter 8 lists one of the more important points of the book, in which Abagnale writes that all credit and personal information should be opt-in based, as opposed to the prevalent opt-out requirement. Such an approach is what one would hope Congress would mandate, but does not have the tenacity to do. The problem is that if a consumer does not opt-out, they are giving the financial institution permission to share their personal information with the hundreds and often thousands of affiliates they share data with.
   
   Companies obviously prefer opt-out, which shifts the burden to the consumer to take action to keep their information from being shared. With opt-in, the burden shifts and the financial services company has to prove that consumers granted their consent to have their personal information shared. National opt-in requirements would significant stem the flow of personal information, which is in part why identity theft is so easy to carry out.
   
   Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet and occasionally hawking companies he has financial dealings with, Stealing Your Life: The Ultimate Identity Theft Prevention Plan is an interesting and entertaining book on a subject of the fasting growing crime in the USA.
   
   The book details what happens when an apathetic Congress and financial services industry do almost nothing to protect their constituents, and the thieves who have never had it easier. These identity thieves are able to acquire gigabytes of personal information without ever having to leave their workstations. When you factor in that the odds are in their favor of never being prosecuted, it leaves nearly every individual at risk for identity theft.
   
   With Congress dropping the ball and doing nothing, Abagnale shows that it is up to each individual to take responsibility for protecting their own personal information. Stealing Your Life: The Ultimate Identity Theft Prevention Plan is indeed a great place to start such an approach.



2. The truth is -one can't appreciate the vast amount of time it takes nor the physical and mental angst that comes with finding out you've been violated, and essentially stolen...until it lands in your own life! I applaud Mr. Abagnale for speaking out and using his wealth of knowledge and life experiences to shed light on this growing and alarming crime.
   Typical and common myths that leave many people vulnerable include:
   
   "I don't have to worry about identity theft because I live in a small town like Mayberry, RFD!"
   
   or "I only use one credit card so I don't have to worry about it."
   
   or "I only use cash or my debit card."
   
   Or even... "I don't have to be concerned about my credit -I have excellent credit!"
   
   The reality is -data breaches will continue to happen as "hacking" gets more sophisticated, and criminals will continue to be at least one step ahead of us at all times. Once upon a time, our personal information was just that -ours and personal! Not anymore! Give Me Back My Credit!



3. Got this book from the library, read it and then ordered copies for each of my three grown kids. It's a little scarey at the beginning, makes you wanna crawl in a hole and avoid the world. However, it does give a number of good ideas on ways to protect your indentity later in the book. Enjoy



4. There is excellent knowledge in here. Identity theft feels less likely after we made most of the changes suggested. Highly recommended.



5. Frank offers good practical advice here. This is not an incredible book by any means but more of a guidebook with examples of how to protect yourself. I think Frank a little short with the structure here and could have kept me drawn in a little bit better.

5 comments about Windows Forensic Analysis Including DVD Toolkit.

1. This book is essential for understanding how to analyze memory dumps, albeit many forensic investigators will usually turnoff a computer instead of getting a memory capture to do a more traditional analysis.
   
   The included scripts are very helpful. This book unlike many other books in this genera is designed for the technical professional. Forensic analysis is often like a who done it mystery, and having some more tools in your toolkit will assist you in thinking outside the box. The registry analysis was thorough and essential for a recent project. The memory dump analysis scripts were helpful in a recent Defcon Capture the Flag Competition. A sample chapter is avaliable online.



2. Once again Harlan Carvey has provided a resource worth every penny. The chapters detailing registry and memory analysis alone were extremely valuable to me. The accompanying DVD provides countless Perl scripts to assist in the collection and sorting of data.



3. Harlan poured his clear love of incident response and of the forensic profession into this book. Windows Forensic Analysis dives into many exceptional topics that are routinely overlooked in similar material. The entire book covers many novel analysis techniques and topics, the registry analysis chapter and the file analysis chapter discusses many detailed artifacts and areas of examination during forensics that up until this was published was only discussed deep inside forensic circles or discovered through hard earned on-the-ground experience. The book's only drawback is that it covers too many topics and the chapters do not flow together as well as I would have hoped. A single chapter is excellent, but in many cases it doesn't lead you to the next one. I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell. Finally, the CDROM companion could have had more polish to the file layout as finding some of the tools is slightly confusing upon initial glance. Even with these minor drawbacks, the information in each chapter is phenomenal. I recommend this book to anyone looking to advance their understanding of the Windows analysis environment.



4. Harlan Carvey's book, Windows Forensic Analyisis, is an invaluable resource in any computer forensic examination of a Windows based computer. In real-life experience, I had a case where I had to determine file use by a former employee. The company never took the computer out of service and continued to use the machine after the employee left the company. By using the information in Windows Forensic Analysis on system restore points and MRU registry entries, I was able to determine not only what files were used but on what days. This book is one of the first I look to when I have questions on examining Windows systems. If you only have one reference book for Windows examinations, this should be the one. A must-have for any computer forensic examiners library!!



5. I purchased this book a few days ago, and as soon as I read the first chapter, I realized that I needed to read the entire book as quickly as possible. This is a wonderful book, and parts of it truely invoked a state of "nerdvana" in me!
   
   PRO's:
   
   First, I will say that the information in this book is tightly packed. There is no unnecessary verbage, and the writing is direct, to the point and understandable. There is a high ratio of technical content to noise, and this greatly contributed to my enjoyment of the book. Even in the technical areas that I was already familiar with, I found the summary of the information to be precise, accurate and helpful. I can see keeping the book around as a reference guide for years to come. The general structure of the book, for example the sections in grey boxes with the [!] annotation, works well, and the end-of-chapter summary and review (particularly the Q&A) are good.
   
   There were several sections, ones that I was personally weak in to start with, that I found particularly helpful, such as the sections on analyzing packed or compressed executables and malware. I had just never gotten around to reading the whitepapers on these, and I'm glad I didn't as those chapters of the book summarized in a few pages what would have taken many more to pick up by reading other original sources. I personally thought that the chapter-to-chapter flow of the narrative was fine for anyone who does incident response on a regular basis.
   
   Through the years, Harlan Carvey has developed and made available his tools in an open (perl) format with no need for compensation. The tools on the DVD alone are worth the money of the book, and are a great addition to any IR toolkit. The references to third party tools, many of which I hadn't heard of, were also particularly helpful.
   
   CON's:
   
   If you are not very technical, or not very familiar with the Windows operating system, you may be overwhelmed by the level of technical detail. If you are an experienced administrator, however, you should be able to adapt what you know about other operating systems (e.g. file structures, process execution, etc.) fairly easily. There were a few typographical errors in the book that didn't detract from its readability or technical accuracy.
   
   All in all, and excellent book, and a must-have for ANY windows incident responder.

5 comments about Warcraft: World of Warcraft: Rise of the Horde (World of Warcraft).

1. My feelings were somewhat mixed on this book. What I liked about it was that the author really knew his WoW background. The story presented the history of the Horde and their conflict with the Draenei in a very concise and understandable way. It was an "easy read", and there was little to no confusion about what was happening.
   What I didn't care for was how particularly violent this book was. The author vividly presented the blood and guts of conflict. I'm sure that is what the author intended, but the unintentional consequence was not feeling sorry for the Orcs at all.
   If you are a hard core WoW fan, this book is a must read. Just be prepared for a "D-day" like story.



2. I could not put this book down!
   The author does such a fantastic job in descriptions, details, excitement, and adventure. You really get the feel for each character and can feel their emotions. EXCELLENT read, especially if you love the Warcraft lore!



3. This book is very interesting. I would recomend this book because it is so cool.



4. ... from a WoW novel. It was stunning, really. Okay, maybe that isn't the right word. But if you're a diehard fan of the games like me, you'll find yourself very attached to the storylines, especially if you're an Orc and/or Draenei fan. Some of the scenes near the end of the novel had me very emotional as you watch a genocide, one of a race and another of an ancient culture.
   
   I suggest this to every single WoW player out there who wants to start reading the books.



5. As literature, it isn't one of the best books I have ever read, but as a book based on a game (or RPG) - what usualy results in not very good histories, and I have read many - it's good. It's well written.
   In order to have how to compare my taste would be good to you to know that to me "Tides of darkness" was bad (too descriptive); "Cycle of hatred", tasteless (no emotion, no surprise); "They of the dragon" worse, it's boring; "Of blood and honor" is nice; "The last guardian" is very cool"; and I think that "Lord of the clans is good", but "Rise of the Horde" is a bit better.
   It's very cool to "see" guys like Gul'dan, Ner'Zhul, a young Doomhammer and Hellscream, as well as Kiljaeden and Archimond yet as "normal" people (hahaha).
   The way it's explained why a shamanistic and relatively peacefull race, became engaged in a war with his very tranquil neybohood, was a great idea (demons rules!)
   The rise of the horde (the fact, not the book) is terrifying. Durotan seems a very lucid german, before the second war, seeing the third reich rising and he can't do anything to stop it. Chirstie Golden makes you feel Durotan's pain.
   To finish: the book is worth it's price. Buy it! You will have some fun.

5 comments about Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity.

1. A must-read for anyone interested in keeping their credit record clean. The objective journalism in Zero Day Threat reveals the shoddy state of IT security and how the Internet underworld benefits by robbing people blind, safely and remotely.
   
   Stu Sjouwerman, Founder, Sunbelt Software



2. This is what the Boston Globe's Rob Weisman said about "Zero Day Threat":
   
   A harrowing inside look at the brave new world of cybercrime and identity theft spawned by technology. Acohido and Swartz take us into the shadowy dens of the scammers and call their enablers to task.
   Robert Weisman, Technology Writer, The Boston Globe



3. Technology managers can face a big challenge trying to get senior
   management to understand that effective security is well worth the
   investment. Real-world stories make their job easier. This
   extraordinarily well-written book contains the richest set of stories
   about real cyber attacks ever assembled.



4. The authors have done a superior job in showing how criminal elements combined with loose security in banks have created a serious breach in our own personal and individual privacy. I have spoken and consulted nationally concerning this very issue, very often to deaf ears in the financial industries. They simply do not want to hear of the dangers to their systems and the compromising nature of exposing their customers to easy piracy.
   
   I only hope that the public reads this expose and demands that their information is much better safeguarded. I have spoken to Mr. Acohido on many occasions and he is passionate about this subject and the dangers to every consumer.
   
   Thanks
   
   Jay Morrow



5. I read the book Zero Day Threat (ZDT) by Byron Acohido and Jon Swartz. I really liked the book! Zero Day Threat is about the underground cyber-economy. It makes some surprising points grounded in real truths. I liked that the book paints a complete picture, i.e., how malware,
   identity theft, and "drop off" gangs collaborate to facilitate
   a well oiled cyber-economy. Since my research area is security,
   I was very familiar with the different types of malware brought up in Zero Day Threat. However, this book gave me a complete picture of the problem.
   
   I particularly appreciated two features of the book.
   
   Structure: Each chapter is broken into three sections: exploiters,
   enablers, and expeditors. Exploiter sections focus on crooks (such
   as scam artists and drug addicts) and how they benefit from the
   underground economy. The Enablers sections focus on credit card
   companies, banks, and credit bureaus, and how their current practices
   enable the underground cyber-economy. Expediters
   are guys (good and bad) that allow the cybercrooks to exploit
   vulnerabilities in an expeditious manner. I thought this structure
   was just brilliant! It really brings out the correlation between
   various factors and actors that enable the underground cyber-economy.
   
   Narrative Style: I really enjoyed various anecdotes in the book.
   There are several stories about people being scammed or getting
   lured into the profitable cyber-underground. For example, there is a story of
   a "drop off" gang in Edmonton which is narrated throughout the
   book. These anecdotes makes the book very interesting and provide
   a "human side" to the cyber-underground.
   
   I highly recommend this book.

5 comments about Halting State.

1. This is a near-future novel. It definitely qualifies as SCIENCE fiction. There was nothing fantasy about it. It seems a natural extension of our rapid expansion in a number of areas of IT hardware and software. If you are reasonably familiar with the current state of the art of IT, you'll end up loving Halting State. If you've ever stayed awake until the wee hours pounding out code or playing some computer game, you'll wonder why you didn't write this book.
   
   You'll probably find the book more accessible if you have a bit of computer gaming background. I don't. You also have to get used to some Scottish dialect, some imaginative extensions of today's IT terminology, and some strange applications and hardware. The concept of alternate `spaces' takes a while to get used to so you may get lost at some point. Stay the course. It will be worth it!
   
   You also need to get past a novel written completely in second-person singular. The reasons for that flow from early Dungeons & Dragons scenarios but it took some getting used to, especially since `you' are three characters. Again, stay the course. It all comes clear in the end. I rated it four stars because there's no ramp-up. The author just dumps you into 2018 and turns you loose.
   
   Initially, I found the Halting State difficult to follow and almost put it down on my pile of `mistakes' after reading the prologue and three chapters. That would have been a mistake. It's a learning experience. By the fifth chapter, I was hooked, hated putting it down, and wanted more when I finished the last page. You need to read this book!



2. I'd almost given up on Charles Stross, but HALTING STATE(2007), a very-near future SciFi Tech-Adventure, turned out to be quite good. GLASSHOUSE(2007) had an excessively violent theme, and was too "far out" tech-wise - but HALTING STATE takes the bold step of dabbling in very near future tech trends, and the computer and software-related tech is definitely interesting.
   
   The book is set 10 years in the future, mostly in Scotland, and revolves around on-line gaming that has become so close to real that it blurs the lines with reality - with crimes taking place within games having to be investigated by the police... and the crimes turn out to be intertwined with international terrorism and all the intrigue that entails.
   
   There is also the typical America-Bashing and Catastrophic Global Warming hype that has come to be expected from most modern SciFi writers. But these themes get tossed in almost as an afterthought, as if the writer doesn't really believe in the "agenda" any longer, and is just going thru the motions... it offers little distraction in this otherwise excellent book.



3. I've always tried reading sci-fiction without much success. I picked up Halting State on recommendations from BoingBoing just to give it a look-see and I'm fantastically surprised. I'm not a hacker or gamer but the speculative nature of the book isn't so far fetched as to make it impossible to believe or pin down. Stross also writes a great character-driven story with believable sketches that bring the story to life so you're not tripping over the geekiness of the science that is believable and hopefully, not too far away.



4. One of the best books I have read on what the future will probably be like. A little slow to get started, but after a few chapters you get used to the lingo and it just explodes from there. Great book and great vision!



5. Taggart 2030.
   
   
   Or, it seems a bit like that at times, especially with Sergeant Smith and company.
   
   The second person thing didn't really worry me at all, I had read the first two or three chapters on the web, so once you get used to it after a few pages I found I wasn't really noticing it at all, and just reading it the same as any other novel.
   
   An in-game raid on a bank in a MMORPG leads to an investigation, that has intelligence, financial and communications implications.
   
   A near future setting where people are even more wired, and physical reality has a virtual overlay where things can be tagged, or have information added to them like a wiki, and people use this via mobile phones and glasses. The police, for example, use CopSpace.
   
   Gaming is more prevalent, with people also taking part in large scale LARP and what they call ARG - co-ordinated by computer and phone - one of which, amusinglyg enough, is called 'SPOOKS'. No mention of games of Hustle or Life On Mars though, maybe firing up the Quatro would be frowned upon by law-enforcement. :)
   
   For some of the flavour :
   
   "..They're guarding some loot I need to get my hands on. About a quarter of a million lines of source code, squirreled away among the skeletons and treasures guarded by a fiercely large Shoggoth; if you want to keep your data secure, there's nothing quite like sticking it in a record in a holographic distributed database that's guarded by Lovecraftian horrors."
   
   or
   
   "The traffic looks like game-play to GCHQ or CESG or NSA or whoever's sniffing packets; looking in-game for characters run by Abdullah and Salim holding private chat about blowing up the White House garden gnomes won't get you a handle on what's going on because they're not using the game a sa ludic universe to chat in, they're using it as a transport layer! They're tunnelling TCP/IP over AD&D!"
   
   There are three main characters, a game developer, a forensic accountant, and a police Sergeant, with stories told in three different threads, as their investigation leads into something rather nastier going on in real-life.