3 comments about Information Warfare: How to Survive Cyber Attacks.

1. This analysis of information warfare goes far beyond the writers in the 1990s and it is the first book that digs into the potential economic impact of cyber attacks. The author also gives solid recommendations on how private companies and the government can work together, some of which may be rather alarming to the faint at heart.



2. This is an excellent book for the skeptic who thinks that "it can't happen to us!" I think many different companies (government and private sector alike) will be amazed at how comparitively little it actually costs to prevent a corporate disaster. Ever wish to go inside the mind of a good hacker and learn how he does it? This is the book for you!



3. As an information security professional, I take an extreme interest in information warfare, as it is closely connected to the infosec field. Thus, I was excited to read Information Warfare: How to Survive Cyber Attacks, and see what it offered from the information security point of view.

   However, author Michael Erbschloe seems to imply that readers who will benefit most from his book have a whole country under their command - that is the extremely high level at which it's aimed. People running companies will also benefit from Erbschloe's guidelines. Filled with exciting statistics, such as how many "cyberwarriors" the US will have by the year 2005 (the answer: triple the current amount), the book provides a fine-grained description of the cyberwarfare of the near future. While its style is reminiscent of an official government document, the book raises issues that might become important in the future, since our reliance on computers is constantly increasing. The book also provides the "big picture" of information warfare, a taxonomy of infowar strategies and a potential threat landscape with damage evaluation.

   The most exciting chapter is a description of a fictitious "Trillion dollar cyberwar" waged by a band of 10 malicious hackers against the world. Combining email viruses, hacking and disclosure of sensitive information with physical attacks on phone company switches and computer installations, the group causes almost a month of trouble, triggering extensive panic, armed conflicts and other doomsday events. This Perl Harbor 2 (PH2) scenario is an example of "sustained terrorist information warfare," according to Erbschloe.

   Information Warfare also sheds light on the motivations of those who become cyberwarriors - or cyberterrorists (the latter are described as "curious nerds moving to the dark side"). Erbschloe then ponders questions such as "Will Americans make good terrorists?"

   Every chapter is concluded by a high-level agenda for action, mostly targeted to government and big business. The book suggests that the best way to prevent future "ruinous" cyberattacks is to establish a "super cyber patrol" for the Internet. Another suggestion is that computer users maintain constant battle readiness, a scenario analogous to the Cold War, in order to thwart potential attacks.

   Overall, Information Warfare satisfied my curiosity on this exciting subject, providing enlightenment on what the future could bring to the field of information warfare.

5 comments about Handbook of Computer Crime Investigation: Forensic Tools & Technology.

1. Capably edited by Eoghan Casey (System Security Administrator, Yale University), Handbook Of Computer Crime Investigation: Forensic Tools And Technology is a fascinating guide to the software and hardware tools necessary for collecting digital evidence of cyber crimes ranging from cyberstalking and child pornography to financial fraud, espionage, or terrorism. Essays by a variety of learned and experienced authors present the latest means of forensic analysis for Windows, Unix, and more systems. Sample code, charts, and appropriate case examples pepper this amazing, cutting-edge criminology reference. Handbook Of Computer Crime Investigation is an invaluable and "user friendly" contribution to the field of computer and Internet security.



2. The 'Handbook of Computer Crime Investigation' follows on well from Eoghan Casey's previous title, 'Digital Evidence and Computer Crime' which I found to be a sound introduction to the subject. This latest book is targeted at those already proficient in Computer Forensics and provides in depth detail of techniques essential to any computer related investigation. Also included are sections specific to examining various operating systems. As someone who both works in information security and has a particular interest in computer forensics I can thoroughly recommend this book!



3. The book reviews different tools and techniques for a forensic investigation by experts in the field. Very good reference manual for new and experienced investigators.



4. This is an excellent book from a real expert.

   Everyone and their brother are writing books about computer security and digital forensics.

   The difference here is that Eoghan Casey knows what he is talking about.

   Excellent book!




5. Eoghan Casey's text is immediately useful. It's not theory, it's practical. It's not biased to one operating system, but covers several technologies. Finally, Eoghan and the book's contributors do not gloss over today's most offensive topics, they address them with vigor and solutions.
   
   I would share one concern: the chapter-long product/vendor discussion. Some reviewers label it marketing; other reviewers don't mention it at all. I'll just forewarn you that you will learn much more about EnCase or NFR than about their competitors.
   
   As a security consultant for Hewlett-Packard, it seems my bookshelf fills up entirely too easily, especially as of the last few years. Therefore, I've gotten fairly selective with new book purchases (until I can get a new bookshelf). However, Casey's text is DEFINITELY worth getting - worth knocking another book off to make room. :)
   
   I hope you enjoy this comprehensive text at least half as much as I do.

5 comments about Hack Attacks Revealed: A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit, Second Edition.

1. Reviewed: Hack Attacks Revealed, 2nd Edition, 2002

   I must say I am thoroughly disappointed with this book. The book's description, as well as other readers' comments led me to believe that this book would have been more than just a compilation of information that could be freely obtained at the dozens of security related web sites. Sadly, this was not the case.

   The bulk of the book merely describes (mostly outdated) common
   attacks/vulnerabilities, without getting into much detail why they exist and the underlying explanations on how they are exploited. As such the book reads like "For Vulnerability X, Install patch Y" without getting into more detail. Heck, even Microsoft's Security Bulletins give more info that this!

   Many of the "75 Top Hack Attacks" that the book promises can be freely found online (check CERT's site).

   The general impression I get from reading this book is that the author tried his best to fill up space in order to deliver an impressively thick book. Was it a requirement that he include SCREENSHOTS of various hacking tools/trojans, including step-by-step INSTALL SCREENSHOTS for the included TigerSuite software? (If you don't know how to install software then you need to develop more skills before learning about hacking!). Did he HAVE to include the useless 10 year old 'how to build a modem filter' BBS textfile (which by the way doesn't filter noise on modern modems)? Did the publisher mandate that he include 9 PAGES of Decimal-to-Hex conversion tables when you could use, say, Windows Calculator to do any needed conversions?

   Another thing I disliked was that Windows XP as well as Wireless networks (802.11/WEP were glossed over) were not really covered in the sort of detail that I desired.

   And, although I appreciate that a basic understanding of the x86 instruction set is required for better understanding low level security issues, I really don't see the point to Chapter 13's discussion on programming "How to Draw Circles in DOS mode" using the VESA bios interface. This is, in my opinion, not relevant considering the book's topic, so why include it? (A better choice would be explaining how the stack is used in high level languages (C, C++) and how buffer overrun hacks work). If you want to learn C, Assembly, or graphics programming buy a book dedicated to these topics. I think it's safe to say that the average reader will NOT become a programmer after reading the "Crash course in C" - it's an unreaslistic expectation.

   And to top it all off, the final insult to readers is the interruption of the author's hacking experience "Intuitive Intermission" with the phrase "... to be continued in: Hack Attacks Denied, 2nd Edition". I guess both the author and publisher want you to buy both books!

   My chief complaint with the book is that it doesn't seem to know who the reader is. In some areas the author gets down-and-dirty technical (x86 assembly/C programming) while in others he doesn't really explain details or just mentions things in passing (case in point: nowhere does he explain workings of a typical buffer overrun exploit, etc). Also, the author really does not give advice on how to secure or harden systems, aside from "install the update patch". For a book whose focus is security/hacking that's a pretty fatal flaw.

   Like I said earlier, this book really seems to me like the author just threw any material that he could find that was remotely related to hacking and presto, one hacking book ready to ship!

   If you are new to either the computer or security-related fields then perhaps this book may be of some value to you. If you are not an absolute beginner and know how to search the web, then I'd say that you probably don't need this book. Even if you do buy this book, it, like any security related book, will become technically obsolete as new software/exploits/patches are found.

   Quote: (under "Who should read this book?")

   "The hacking enthusiast and admirer of such films as Sneakers, The Matrix, Hackers, and Swordfish"

   If you still need another reason not to purchase this book, the above quote says it all!




2. I bought the 4th edition of Hack Attacks Revealed. This whole genre seems to be drenched in hyperbole and once again the marketing machine seems to have invaded these pages. The book does have copious basic information. The Tiger Tools are a very sick joke with barely any functionality or worth. Someone really should sue. The exploit code, which is unusually copious for a work of this ilk, does not of course in the main part work and I found only a very few of the very most mundane code would compile under MinGW, Cygwin or Linux, even after downloading the libraries specifically recommended by the online support team at tigertools.com who, to be fair, were prompt in their reply. No manner or library-jiggling and simple repairs sufficed: you've really got to understand programming sockets in C or perl to fix the average exploit. The hype of the titles and cover blurbs for this kind of book increases every season but the delivery remains as lame as it always has been. For anyone serious about taking a practical look at hacking time spent at securityfocus.org, neworder.box.sk or similar is in my opinion much more rewarding.



3. I was relieved to read that this isn't considered a very useful reference on How to Hack. Certainly Ch. seems at his most enthusiastic, frothiest, even foamiest, in talking about the wonderful world of hacking. Yeah, he repeatedly trots out the line about having to know how to attack to know how to defend, time after time, but ya' gotta' wonder where his heart lies (Okay, even Milton had this problem.)
   
   And that certainly is irksome if you, like me, are one of the growing number of people who have reluctantly become 'security amateurs,' and find ourselves reading 900+ page books, due to invasion of our privacy by amateur criminals. Whatever its merits for security professionals, this is probably not the book for you. It assumes too much technical background and doesn't provide sufficient detail on implementing various solutions. True, this may be covered in more detail in his other book, but including that we're talking 1800 pages...
   
   Editing would have helped, certainly. The 75 basic hack attacks are a useful overview on just how paranoid you should be, but the basic information about some of them is repeated up to 4 times, sometimes as boilerplate.
   
   I have seen a few books more suitable for amateurs, but the truth is that they aren't detailed enough to be helpful. I think that the only real solution to the security problem in the IT industry is to wake up to the fact that caveat emptor, 'professional ethics,' and self-regulation isn't working any better there than in health and safety, restaurant sanitation, the stock market or...well, you work it out. As long as it is only sort of illegal to break into someone's house as long as you use a computer, most geeks will do it.
   
   The ISPs aren't taking this seriously because they know people aren't much more likely to stop using e-mail than to stop using the phone, and most companiues were only kidding when they said they were interested in your problems.
   
   Once there are some laws with real teeth and real fines and real jail time, those who aspire to the appearance of respectability will go back to their regularly scheduled activities including tale bearing, beating the old lady, bothering the women (men) at work just enough to stay on the right side of the law, bitching about how the old lady (old man) doesn't want to screw, kicking the dog, pulling the wings off flies, and complaining how much better everything was in the good old days.



4. This book has done nothing to dispell my theory that the information
   content of a book is often inversely proportional to the number of pages
   in the book. I'm 200 pages into it and that's as far as I'm
   going to get. I expected some basic filler/theory in the first few
   pages, but plowed on in the hopes that the author understood
   the theory he was presenting and would use it later to explain security
   exploits. However, I lost all confidence in the book when
   I reached page 167, where the author demonstrates that he doesn't
   understand ping and/or DNS. I don't bring this up to nitpick. I bring it up
   because I think that anybody with pretensions to
   being a security expert had better know the basics of how the
   Internet works. How is anybody to make sense of, say, DNS spoofing,
   without knowing how DNS works?
   
   In case it's not obvious, the author confuses and muddles together
   the actions of resolving a DNS domain name to an IP
   address, and then using that IP address to send an ICMP echo
   request to the destination. This may seem like a minor thing,
   but its not just a typo (he makes the same mistake in three
   different places on page 167), and security is a confusing
   enough business without muddled descriptions like these.
   
   On a more minor note, I do not see the point in filling page
   after page with pretty pictures of the GUIs that hackers use
   at their end. The publishers probably know better than I do
   what sells today, but I don't understand why they and/or the
   authors apparently feel that the thicker a book is, the better.



5. John Chirillo has made a career of hacking. As a hacking consultant to Fortune 1000 companies part of his job is to break in to corporate networks to expose their holes and help his clients secure their networks. In Hack Attacks Revealed, he shares his knowledge of how hackers gain the information necessary to break into your systems.
   
   The book begins with a basic history and understanding of computer and networking technology. Mr. Chirillo covers the the protocols used and the purpose of the various ports used. The book also provides information on the scanning and network discovery tools used by hackers.
   
   (...)

4 comments about Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves.

1. The recent Denial of Service (DoS) attacks that crippled AMAZON.com, eBay, CNN and other major sites highlights the need for a concerted effort to protect our networked data. "Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves" recognizes the value of network data in our public and private sectors and presents a blueprint for its defense against attacks effecting availability, confidentiality, integrity and authenticity. It advocates twelve building blocks to improve security: building the right organization, performing risk analyses, evaluating levels of impact, applying practical countermeasures, mandating vital backups, using anti-virus / intrusion detection software, establishing employee training and security programs, performing audits and continuously monitoring operations, staying on top of and reporting incidents, developing an alert system and triage responses, and finally launching a DoS attack on our own computers to determine the level of damage and potential loss of customers or revenue.

   "Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves" is unique in its coverage of the growing vulnerabilities due to interconnectivity and the importance of protecting digital information. It offers the responsible security manager detailed explanations of who does it, how and why attacks occur and gives due diligence advice on how to prevent future attacks, detect attacks in progress, and quickly recover business operations. Although NO data is 100% safe, the authors' recommendations will help organizations to maintain appropriate security levels, to provide resistance to penetration and ultimately to mitigate damage from attacks.




2. As a neophyte I am tangentially aware of the importance of computer security, but reading "Defending Your Digital Assets" really brought the message home. As our world becomes more "wired", and our reliance on the information we receive through computers increases exponentially, the importance of computer security cannot be overstated.

   This book is very approachable for the layperson and is an excellent primer for computer/information security overall. It was the only book I could find that that covered the topic so completely.

   In addition, the book is very readable. The authors did a very commendable job in writing the book, i.e., it doesn't read like a text book.

   Also, the book offers a large number of references/resources the reader can refer to for further study...as well as a glossary and a thorough appendix.

   In sum, if you have a scintilla of interest in computer security, pick up this book. If you're a manager and concerned with computer security in your organization, pick up this book. If you are a student, pick up this book. In fact, if you use a computer at all, you should get this book.

   The better informed we are, the harder it will be for hackers and crackers to wreak havoc on our computer systems and the information we rely on.

   Thank you --Sean




3. This book does not live up to its title and subtitle. Very general material. For example, Denial of Service Attacks are in the news these days. Looking through the index, I find four references to DOS attacks. The first on page 45 tells me that DOS attacks can be costly. The second on page 85 describes some previous DOS attacks, including one that took place 12 years ago. The next reference is on page 304 and is a historical description of DOS attacks over the past three years. The last reference on page 452 tells me that I should conduct DOS testing for my web server. Most of the book's content is similar. If this is useful to you, please buy this book. For specific help in hardening your network, please look elsewhere.



4. I am a relative newcomer to the security field. I have been adding books to my library to help me in my job. I picked up Defending your Digital Assets and was pleasantly surprised. The sections on Security Verification of Systems and Networks and Cryptography were a rare read, and very enjoyable.

   I also found the chapter on Biometric Countermeasures one of the clearest presentations on the subject, that I have found in print.

   The authors clearly understand the INFOSEC field and their writing shows it. They make difficult concepts interesting. Too many books on this subject read like swiss cheese or with too much useless detail. Defending is the exception. I liked it. I recommend it.

No comments about Superhighway Robbery: Preventing E-Commerce Crime (Crime Science).

No comments about Foundations of Computer Security.

2 comments about Criminal Justice (with Casebook Plus) (MyCrimeLab Series).

1. This is a great book. I had to purchase it for my intro to criminal justice class. It is very useful if you want to learn a great deal about the system. I read almost all the chapters in the book before i was supposed to.



2. This book was in excellent condition, arrived quickly and was better
   than the one the college offered. Will be buying next semester from
   Amazon!

1 comments about Identity Murder.

1. Jean Sheldon presently hails from Albuquerque, New Mexico. She is the author of poetry and drawings; a book on car repair; a "how to" on the subject of cats; and most recently, her Chicago Police Detective Kerry Grant mysteries. Sheldon has actually published two additional Kerry Grant mysteries, entitled SHOULD OLD ACQUAINTANCE BE DEAD and A CHILLING GOODBYE.
   
   Kerry Grant is a Chicago Police Detective who has a dark secret. She lost her entire family in a RV accident three years before. When her old childhood friend, Jennifer Kincaid, comes back into her life (with another 78 year old friend who has suffered from identity theft), Kerry's sad life begins to turn around. Because of her computer savvy, Kerry is asked to join an undercover agent who has been embedded with the Chicago mob scene for a number of years in order to train him. Little does she know that love will find her, and that a little Chicago Cubs teddy bear will symbolize a new start to her life:
   
   "'I understand not sleeping with anyone for a while, but I figured that was life after forty.' Jennifer stopped herself and remembered there wasn't anyone else for Kerry to share her great news. She couldn't talk about it with Mike, or her sisters and mom. 'I do understand, Kerry, and it's wonderful. What I don't understand is why Marty turned Chubby Bear around, or why Cubby Bear watched you to begin with. By the way, the Cubby Bear we're talking about is the little stuffed bear they sell at Wrigley Field with the Cubs hat and shirt, right?'"
   
   Not only does Jean Sheldon write against the backdrop of Chicago and the Eastern border of Wisconsin up to Fond du Lac, she has an excellent knowledge of police procedural in Chicago. Her writing is infused with a sense of humor; a fanciful take on romance; characters that share comradery in the midst of danger; and an excellent view of the mob. IDENTITY MURDER is a wonderful first effort in what will become a beloved series about plucky Kerry Grant, her best friend Jennifer Kinkaid; Kerry's partner Mike; and the inimitable Veronica Cooke. Sheldon includes a mini-course on computer fraud and identity theft that will give readers much needed information on how to avoid cyber-crooks. She also writes a darn good mystery yarn.
   
   Shelley Glodowski
   Senior Reviewer

No comments about The Encyclopedia of High-Tech Crime and Crime-Fighting (Facts on File Crime Library).

5 comments about Scamorama: Turning the Tables on Email Scammers.

1. What a crack up! At one level this book is pure comedy. Pour yourself a nice glass of red, put your feet up and enjoy! It is extraordinary to see the lengths that small time stupid criminals will go to try to extract money, and the convoluted comic situations that the counter scammers embroil them in. Yet at another level, this book is a sober reminder to all those that may have spent a few moments wondering if those letters really were real, a reminder that indeed there are some truly unscrupulous individuals in this world who would sell their grandmother if it made them money. Buy this book as a reality check for the way the world really works. It might stop you falling for a scam. It might help you through negotiating buying that second-hand car. And, at the very least, it will give you a great laugh!



2. Everyone who has an email account has received missives from Nigerian scammers. This book is about attempts to deal with this nuisance. It is by turns screamingly funny and deadly serious. Read this and learn.



3. Eve Edelson's new compendium of the best exchanges between 419 scam artists (who bilked Americans out of more than $250,000 last year) and those who bait them is jaw-droppingly funny, and important on several levels.
   
   First, it's all about making life difficult for criminals. 419ers make their living preying off the elderly, the naive, the weak-minded, and those who just generally shouldn't be online. They are also dangerous, having killed before. The baiters, a fine and crreative possel of virtual vigilantes who waste the scammers' time, their money, their resources, and their patience are worthy of our admiration for that reason alone.
   
   But secondly, and perhaps more importantly, this book is a harbinger of a new kind of humor. Scambaiting is a humor genre that couldn't exist without the 'net, and there is already a huge and growing crop of artists (yep, I call them artists) who are exploiting this new medium and making us laugh as they do it.
   
   Ms. Edelson, the doyenne of scambaiting, has culled, nurtured, edited, and generally midwifed this vibrant new form of humor. This book is a collection of the best of the best of the new masters of the form. I'll be watching to see where the medium goes from here.
   
   So there you are. Three reasons to buy it. One, it's your civic duty. Two, it's your chance to get in on the ground floor of a completely new kind of humor. And three, you'll laugh your socks off.



4. This book is so fun and funny for folks that are well versed in the scam, and a fortune-saver for those who aren't. I ended up laughing aloud (in public no less) but also felt chagrined as I recognized the scams Ive almost fallen for in the past.
   
   Read it for fun, but then pass it on to someone less scam savvy!



5. i mean come on be honest i mean i really have to inquestion my saneness if everyone find the stuff interesting, funny and worth the time. i mean not only is a waste of time and complete nonsense i really have to wonder whats it good for no its even boring as hell i mean i cant believe why people want to read this book. before buying this book think about the subject i mean seriously if after that you still want to buy this book, this book, it will suit your perfect. scams are such an interesting topic i have no clue why people have to come up with such ....
   
   by the way if anyone knows how i can change my handle to i love neda hajizadeh 30 iranian hh please put it on thanks in advance