No comments about Cybercrime and Jurisdiction: Volume 11: A global survey (Information Technology and Law).

3 comments about Max Unlocks the Universe (Five Star Mystery Series).

1. In a snow storm in the Midwest, Carl and Bones wait for the target to emerge from a house. When "Blue Jacket" does, Bones fires a dart that hits the victim in the neck. The young man collapses instantly as the two hit men drive away.
   
   Local Detective Bagley asks friend former FBI Agent turned private sleuth Max Austin to investigate the homicide of Kyle Mossler as his son David is the prime suspect having been the last person with the deceased. Max learns that David, Kyle and four other people work at Securegard, a computer security firm, and the coroner reported that the cause of death was curare poisoning. When two Securegard people die, one in Denver and the other in San Francisco, Max knows he needs help especially with the computer aspects of the case. He asks his former girlfriend Marisol Vegas to help him uncover the underlying reason why someone is killing the Securegard team.
   
   This is an entertaining private investigative tale in which the hero cannot find a lucid motive to what appears to be three killings though the one in San Francisco is officially considered a car accident. The story line is filled with unusual twists starting with the audience knowing the identities of the two hitmen. Max is the center of the universe as struggles to unlock the mystery. Readers will appreciate his efforts to solve the case and keep the remaining trio alive even as every clue complicates his inquiry and confuses Max.
   
   Harriet Klausner



2. Max is back-and it's about time. Well, actually it's about murder and mayhem and space and time and anything else you might want to find in a well-written mystery.
   Young computer geeks are dying-well before their time-and ex-FBI agent, Private Eye Max Austin gets involved. To solve the case, and try to save a few lives, Max has to get up to speed on the latest trends in computers and programming. He enlists an old friend, Marisol, to get him into the loop, and she adds a bunch of complications to the case--and to Max's life.
   There are lots of great twists and turns, leads and misleads, a bit of traveling around the country tracking down clues, and even a bit of the ol' down and dirty with fists and guns. Max may be a bit past his prime, and even a bit gimpy, but when the goin' gets tough...
   Highly recommended...



3. It's the middle of winter in Kansas. Two young men are standing out in the cold, finishing up an argument. One drops dead. The other is, for obvious reasons, arrested. P.I. Max Austin is called by his pal, Detective Bagley, because his son David is the arrestee. Kyle Mossler is the victim. Both men are part owners of Securegard, a software company selling programs to, among others, the guvmint.
   
   Turns out that David didn't kill Kyle, curare did. Not your usual murder weapon. As Max continues to investigate, two other Securegard owners die. One is probably murder, one looks like an accident. We know better.
   
   Max has lots of connections. He used to be FBI, which comes in handy if one is now a P.I. He taps his connections, muses on life and the solar system, and tries to connect the seemingly random events into some kind of logical system. In the process, he flies all over hell and gone on a seemingly unlimited budget. Gotta love that in a client.
   
   The mystery in MAX UNLOCKS THE UNIVERSE is a reasonably good mystery. Max is charming, intelligent, persistent. The plot certainly works. I kept reading, in spite of some obvious flaws. Max has a thing for astronomy, and the reader is well aware of this. There are lots and lots of data dumps about comets and black holes and other facets of our universe; while Max seems to think they are relevant, the average reader is probably not so sure. Sometimes the prose gets a little overdone. The phrase, "crooks practicing their nefarious trade . . ." sticks in my head, for example. Also, for a former FBI agent, Max seems unaware of certain technological tools available on the open market (such as trackers for vehicles) while being totally cognizant of other tools (telephone taps, etc.). This was disconcerting. Max's trust in his colleagues is heartwarming, but naive. If the data dumps, the verbosity, and the naiveté don't bother you, read on.

5 comments about Internet Denial of Service: Attack and Defense Mechanisms (The Radia Perlman Series in Computer Networking and Security).

1. Your take on this book really depends on where you are sitting. The authors lucidly describe what a Denial of Service attack is. More to the point, the book then goes into an explanation of its more dangerous variant - the Distributed Denial of Service [DDoS] attack. The book is really about the latter; not the simple DoS. We see how DDoS evolved rapidly from 1999 to 2005, with the number of computers hijacked to become agents for an attack expanding from hundreds to over a hundred thousand. And how it no longer seems to be done by joyriding hackers just seeking a thrill. Now, it may actually be a business; a major branch of malware.
   
   You should have a reasonable background in understanding TCP/IP, to appreciate the book's technical discussions. For example, if you see mention of the TTL field in a header, you should already know what it means.
   
   The book explains several postulated countermeasures to DDoS. Nifty ideas like traceback and pushback. Or perhaps doing an entropy count of good and bad packets, to help distinguish between them. The problem is that none of these are truly effective. DDoS is an unsolved problem. So if you are a cracker, this is good news. Not so for sysadmins.
   
   But there is something else. Perhaps DDoS is fundamentally insolvable, under the current IPv4 and current router capabilities. But maybe this field is still young. What is a problem for many could be a chance for you, as a researcher or inventor.



2. Internet Denial of Service
   
   I certainly enjoyed reading this book, in fact I started looking at it during the work day and couldn't wait for everyone to leave at quitting time so I could finish it. It seems to have a bit of trouble finding its niche, most of the time it has the feel of a research paper, but from time to time there are amazingly practical tidbits. If you are looking for a how to stop denial of service, step by step, buy the cup of coffee from Borders and leaf through the book and make your decision carefully. If you are a researcher in the USA interested in Internet protocols and US law and response, this is a must read, must have. If you are truly seeking to understand what zombie style distributed denial of service is and is capable of, buy the book and read it three times. My response team worked closely with one of the authors, David Dittrich from 1999 - 2001 and if there is a "been there, done that" individual when it comes to malicious code, he would be that person.
   
   This is not a book for a novice, but if you know your way around a network and know a bit about routing, there are a number of helpful illustrations and code segments that drive the points home.
   
   I realize I gave the book three stars even though I liked it a lot and that is primarily because the book is much weaker in the two final chapters, 8 and 9. You just can't throw issues like law, ethics, jurisdiction, evidence collection, and estimation of damages on the table, write a couple paragraphs and zoom on, someone could get hurt. For the right reader, this can be a wonderful resource.



3. There are obviously a multitude of ways an attacker can take your site down. One way is via a denial of service attack. There's a new book out that covers just that attack in great detail: Internet Denial Of Service - Attack and Defense Mechanisms by Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher (Prentice Hall).
   
   Chapter list: Introduction; Understanding Denial of Service; History of DoS and DDos; How Attacks Are Waged; An Overview of DDoS Defenses; Detailed Defense Approaches; Survey of Research Defense Approaches; Legal Issues; Conclusions; Glossary; Survey of Commercial Defense Approaches; DDoS data; References; Index
   
   Going into this book, I can say I knew about the basics of a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack. What I didn't understand is how sophisticated they've become. The book covers (in deep detail) how bot or zombie networks are developed and utilized to launch these types of attacks. I didn't realize that it's relatively easy to acquire a bot network of over 100000 clients who can flood a site with packets. And it's not even necessary to use them all at once. Attacks can start with a fraction of the clients, and then escalate as the victim attempts to filter packets or add bandwidth. It's a scary thing. The authors also cover the various issues involved in the defense of these types of attacks. Filtering might work, but it can be difficult to find the correct filtering parameters that don't also drop legitimate traffic. And due to the distributed nature of the attack, it can be nearly impossible to find the culprit, and worse, to prevent it from happening again.
   
   Walking away from this book, you don't get a warm, fuzzy feeling about the current situation. Regardless of what steps you take, there is no current sure-fire method for defending these attacks. But by reading Internet Denial of Service, you'll be far more prepared to understand what's going on and what realistic options do exist. Better yet, it also gives you the steps you need to take to prepare your site for this type of incursion beforehand. If you've mapped out your plan ahead of time, you can definitely minimize (to some extent) the damage that can occur.
   
   This is a good read for any security professional tasked with security and availability of an organizational website. Reading this now could save your job later...



4. 'Internet Denial of Service' (IDOS) is an excellent book by expert authors. IDOS combines sound advice with a fairly complete examination of the denial of service (DoS) problem set. Although the authors write from the DoS point of view, as a network security monitoring advocate I found myself agreeing with many of their insights. Since there are no other books dedicated to DoS, I was very pleased to find this one is a powerful resource for managers and technicians alike.
   
   IDOS features some of the best minds on DoS research available. Everyone has heard of Dave Dittrich, but I found the work of lead author Jelena Mirkovic to be particularly valuable. Peter Reiher and long-time DoS researcher Sven Dietrich also give the project considerable weight. All four authors work for or with universities, and IDOS reflects this academic connection by frequently citing papers and DoS research. For example, chapter 7 describe DoS mitigation approaches and Appendix C examines the best available data on DoS techniques. I would encourage other authors to make similar references to the academic community and not write in a literary vacuum.
   
   By making references to outside works, IDOS successfully avoids repeating material published elsewhere. Chapter 6 was probably my favorite section, including much distilled wisdom and advice on responding to DoS attacks. I welcomed the authors' frequent recommendations to collect session and full content data. It is often impossible to detect and respond to attacks without this sort of network-based evidence. This point is often lost on vendors or consultants who lack experience performing incident response.
   
   I had minor problems with the book. First, I would have liked more technical detail in chapter 6. For example, it would have been nice to see examples of system metrics from nodes or routers under DoS attack. Specific advice on host tuning techniques would also have been useful, e.g., make changes X, Y, or Z on FreeBSD or Cisco IOS to better resist DoS conditions. I was also slightly disappointed the authors did not base their discussions of commercial products in Appendix B on hands-on evaluations. I understand the problem with meeting this objective, however.
   
   I did not have any problems with the legal or concluding chapters (8 & 9). I think the earlier three-star reviewer found himself on the wrong side of the 1999 "RST scan" controversy discussed on p. 52 and may not have been happy by the (correct) stance taken by IDOS.
   
   I highly recommend every security professional read IDOS. It's a convenient and illuminating discussion of a problem that will never disappear. This book will prepare you to do battle with DoS attacks, and for that I am thankful.



5. Nutshell review - If you want to know all about denial of service attacks then this is an excellent book to start with. Well written, easy to understand and excellent coverage of the topic.

No comments about Encyclopedia of Information Ethics and Security.

5 comments about Uberhacker: How to Break into Computers.

1. Carolyn P. Meinel is well known throughout the hacking community as a fraud, a wannabe and a charlatan. Anyone interested in hacking would be far better off picking up the most recent addition of "Hacking Exposed" or one of the many other excellent computer security and hacking books out there. With so many good books on the subject being published there is no valid reason for anyone to waste their hard earned money on garbage like Carolyn P. Meinel's books.



2. Now in a completely revised and updated edition, Uberhacker II: More Ways To Break Into A Computer by Carolyn Meinel is a straightforward and "user friendly" guide which is filled with basic information that can be used to compromise security in computers - as well as protecting them against just such intrusions. Unapologetic in its explicit and meticulous deconstruction of the weaknesses in Unix, Linux, Windows, and other systems, Uber-hacker II is a profusely exampled and information-laden text which is a "must-read" for anyone charged with computer security in this volatile age of computer hackers and cyber thieves.



3. How sad that an author should feel compelled to try to sabotage this book. HIGHLY RECOMMENDED



4. The author of this book is well known in the hacker community.......for being a crook. Seriously, some of the stuff in this book is just beyond nonsense. Go read a more technical book, so you can learn alot more about "Hacking".



5. "This Product Sucks... buy mine instead!" Those aren't reviews, they're sophomoric and shameless plugs. I wonder how many of these people actually READ the book.

No comments about Vulnerability Analysis and Defense for the Internet (Advances in Information Security).

5 comments about Risky Business: Protect Your Business From Being Stalked, Conned, or Blackmailed on the Web.

1. This well-written book by Dan Janal is a "must read" book for people interested in protecting themselves and their businesses from Internet scams and fraud. We often recommend it to the subscribers of Internet ScamBusters (the number one electronic newsletter on Internet fraud). Dan provides a very realistic assessment of what to watch out for online - and unfortunately, there are lots of issues. But fortunately, it's not too hard to protect yourself when you know what to look for.

   Dr. Audri G. Lanford, editor Internet ScamBusters




2. Common sense is often obvious only in retrospect. If you are starting or running an online business of any kind, this layman's oriented approach to security is the perfect place for you to start protecting yourself and your business from all kinds of nasties...

   o hackers

   o intellectual rights infringers

   o etc., etc. -- even your own employees!

   It's given me the right place to start asking my techies the right questions on numerous security-related issues. It's *THE* "protect yourself" book that we recommend in our book, "Make Your Site SELL!"

   While a couple of parts are getting a touch dated, most issues are evergreen. I'm sure I'll find myself referring to it five years from now, if Dan can't convince the publisher to issue a new edition (hint, hint, Dan!).

   Thanks Dan, for an unequivocal 5-star effort.

   -----

   -Ken Evoy, kevoy@sitesell.com




3. Once again, Janal would have received five stars for his introductory work on internet security were it not for the numerous typos and editorial errors throughout the book. To cite a glaring example, on page 315 of the book, one of Janal's four crisis communication measures is repeated twice.

   Though the book's content is repetitive in many places, much of the information to be found here can be quite eye-opening for those who are either new to the internet or use it infrequently. While it is true that a lot of the information presented in this book can be found on the net, most people probably would not have the time, patience, or money to find it on their own. Janal should be commended for putting together this information and presenting it as a warning for those thinking of venturing on the net. Janal really does give the thinking novice cause for pause.

   The organization of this volume is lacking in a couple of key areas and could have been better organized. Contact information for those quoted was repeated ad nauseum, and could have either been presented once at the end of a chapter or as an appendix at the end of the book. Since the book's target audience is obviously those who are new to the internet and those who rarely use it, Janal could have appended useful information, such as links to useful organizations. Granted, this information was included throughout the book, but really interrupted the flow of his easygoing, understandable dialogue and got in the way of important points in the text. Some of the chapters could have been subdivided into smaller, meatier chunks of information. On the other hand, other pieces of information, such as domain name trivia, could have been dumped altogether.

   Yet, from a practical standpoint, the internet, as presented by Janal, can be a legal nightmare. One must consider intellectual property issues, copyright infringement, libel laws, trademark abuse, and domain name protection, in addition to various invasions of privacy and civil liberty long before venturing onto the internet.

   To his credit, Janal freely admits that his book is no substitute for good legal help, and the wise web entrepreneur will retain good legal services long before going on the net and facing a problem. Most progressive companies that are serious about competing in the digital era have already taken the steps necessary to protect themselves, and intelligent web surfers are using the internet with a good deal of caution.

   In the end, as many of the dangers Janal points out are often unavoidable and come out of the blue, there really is no substitute for a good legal offense, general and up-to-date awareness of the internet medium, and quite frankly, plain old common sense.




4. The subtitle of this book is misleading, as much of the advice is geared to consumers rather than business owners.

   However, if you'd like a good overview of risks involved in participating in cyberspace activities of all sorts, the book is worthwhile.




5. Learn how to protect your company from online thieves and false rumors that can damage its reputation by instituting sound security policies and addressing false information quickly and publically.
   
   The Internet has introduced unprecedented business opportunities for marketing, sales and communication. It has also made businesses vulnerable to cybercriminals who exploit the Internet to attack the reputations and finances of companies. In this book, Daniel S. Janal, a professional speaker and consultant specializing on the Internet, provides information and advice for companies and individuals to protect themselves from the predations of cybercriminals.
   
   Threats from online thieves:
   · Warn employees never to give out credit card numbers, passwords or sensitive company information. Put procedures in place to report people who ask for this information.
   · Always check credit cards for validation, including an address verification check.
   · Put procedures in place for employees to check questionable information or identities by phone or through reliable third-parties.
   · Use encryption or scrambling for sensitive online information so that only those with the key can read it.
   
   Threats to personal safety:
   · Keep personal information like your phone number and address off of your personal web-site, newsgroups, online phone directories, and out of chat rooms.
   · Make sure that merchants promise not to resell information about you if you give it to them.
   · Know the merchant you're dealing with.
   
   Threats to your company's reputation:
   · Attack sites. A disgruntled employee or unhappy customer may attack your company's reputation by creating a web-site whose sole purpose is to attack your company. If you can prove that they are not telling the truth, pursue them for libel. You may also be able to sue them for copyright infringement.
   · Have employees sign a company policy forbidding them from making public statements about the company.
   · If false rumors begin to circulate online about your company, dispel them immediately with clear, public statements of denial in the places where they have been circulating.

3 comments about Computer Forensics: Evidence Collection and Management.

1. This is the worst computer book I have read in a long time. If you already know about what data is, for names of different operating system keep looking. The only part of the this book that is about computer forensics is the part it says go to Devery University to learn the subject. Guess where the author teaches at?



2. This book is a great survey of the field of computer forensics.
   There are notable gaps in actual technical detail, and more information than I was ready to digest on the handling of the data once acquired -- mostly the legal hoop-jumping required to maintain chain-of-custody.
   If you're a techie looking for a HowTo, keep looking. If you've already got a grasp of the how, but need the fine details of handling, this book is a good reference tome.



3. "Computer Forensics: Evidence Collection And Management" by Robert C. Newman (Instructor of Information Systems in the College of Information Technology at Georgia Southern University) provides a coherent, systematic, and comprehensive analytical study of cybercrime, E-commerce, and Internet activities that could be used to exploit the Internet, the computers, and the various electronic devices employed by individuals, by government agencies, and by corporations. "Computer Forensics" addresses the many vulnerabilities and threats that are inherent to our computer age and presents the techniques and processes utilized by security personnel, investigators and forensic examiners to successfully identify, retrieve, and protect computer data as forensic evidence for litigation and prosecution. the first part of "Computer Forensics" is dedicated to exploring various crimes, laws, policies, forensic tools, and the information required to understand the underlying concepts of computer forensic investigation. The second part of "Computer Forensics" presents basic information relating to crime scene investigations and management, disk and file structure, laboratory construction and functions, and legal testimony. Of special note are the specific chapters concerning investigations involving computer systems, e-mail, and wireless devices. Presenting more than 200 key terms (with definitions supplied in the Glossary), more than 100 review questions and answers to solidify comprehension, offering optional exercises and cases emphasizing the book's content, two sets of forms with respect to forensic investigation and the procedures used in computer forensic laboratories, and a selected bibliography of special relevance for forensic professionals, "Computer Forensics" is the ideal textbook for college level computer science and information technology courses, as well as non-special general readers with an interest in the subject.

No comments about Confronting Cyber-Bullying: What Schools Need to Know to Control Misconduct and Avoid Legal Consequences.

1 comments about International Guide to Combating Cybercrime.

1. After reading this Guide, I feel much more informed! A Great Job!