No comments about Crimes of the Internet.

5 comments about Forget You Had a Daughter: Doing Time in the 'Bangkok Hilton'.

1. This was a rather timely read given the current situation in South East Asia with Sharpelle Corby and the Bali 9. In this book, Gregory tells the story of how she set out from Britain to spend 8 weeks in Thailand, accompanying a friend of a friend she had no previous acquaintance with. Gregory loved Thailand so much that she decided to stay on, until she became seriously ill and distraught over the political situation at the time. Having no money to return to Britain and too stubborn to ask her family for financial support, she 'serendipitously' re-encounters her former travelling companion who offers her one thousand pounds to smuggle a small quantity of heroin for him. Desperately ill and under the impression her acquaintence has 'fixed' things at customs, she agrees. She is, of course, caught.
   
   The story describes her time at Lard Yao, known worldwide as the 'Bangkok Hilton' and the shocking conditions she was forced to endure. Following her transfer to a British prison, Gregory continues her tale, drawing contrasts between the penal systems of the two countries, and finding Britain to be the worse of the two.
   
   Of particular interest were Gregory's encounters with some very notorious offenders such as Rosemary West. She also speaks of the shadow of Myra Hindley in two of the prisons she was incarcerated in. I actually found the second part of the book, where Gregory was in British prisons to be more horrifying than her descriptions of Thai prisons.
   
   Gregory's book is very readable, honest and pulls no punches. However, at the end, you realise that Gregory's book is not so much about her physical survival, but her emotional survival and the evolution of her soul.



2. Sandra Gregory takes us deep inside life in a Thailand women's prison and then into the Durham prison of England. Life was terrible for this woman who was arrested for drug trafficking a very small amount of heroin in her vagina. She truly did not deserve such a long and harrowing sentence. She is a hero in my opinion for having survived such an incredibly soul-destroying incarceration. God bless Sandy for writing such a critically-needed memoir. Her book should be on everybody's required reading list, especially high school and college-age kids. They could benefit from Sandy's horrible experience, and might be deterred from doing the same. Thank God she finally got released, but how terrible was her suffering in the mean time! A truly sad but unforgettable read.



3. I saw her story on National Geographic's "Locked Up Abroad" and did a google search the next day to learn more about her story. I found she had written a memoir and ordered the book. I read it within 24 hours - it was very interesting and as the others mention, feel it should be required reading by students before travelling abroad. I myself am naive in assuming the best in people and probably could have easily found myself in her shoes had I travelled that early in my life.



4. I felt the gamut of emotions when I read this book. I felt there weren't enough words described by the author for her reason to smuggle the drugs in the first place.
   She described how she needed the money, but what were the underlying real reasons she would put herself through such risk? I never felt satisfied with her answer. I kept wondering how anyone would risk being jailed abroad--maybe a combination of youthful naivete' and extreme risk taking?
   Her account of her prison time was heart breaking and difficult to read, at times. She is truly a survivor.



5. I read tons of non-fiction books a year. I never write a recommendation about a book unless I can give it 5 stars, as (I'd hate to hurt an author's feelings by cutting their book apart)!
   
   This was a very good book.
   The story is about how a young British woman made a very poor choice in her decision making, and it cost her dearly in prison years....and to name just a few others... by being away from her family, never knowing when her court case hearings would be held, and going into a prison not knowing the language whatsoever, as well as becoming a minority in a country abroad with different rules. These "rules" followed her through the very end of her entire story.
   
   If you are interested in the subject of "doing time" in this Asian country, than you may want to pick up this book. It covers a lot of territory that goes with being imprisoned in a foreign country.

5 comments about Crimeware: Understanding New Attacks and Defenses.

1. Five stars to Jakobsson & Ramzan for a most useful guide to understanding the underbelly of the internet. The strength exhibited by this book lies within the all-star lineup of contributors and the thorough dissection of the numerous forms of crimeware. Their book is a must read for anyone who has responsibility or an interest in protecting Personal Identifying Information (PII), Private Consumer Information (PCI) or Intellectual Property (IP).
   
   As a self-described technological Neanderthal, I encountered only a few portions of the book which caused me to enter the world of "technological overload," anyone with a modicum of information technology understanding will have no problem cruising through the chapters and fully comprehending the various data points. The highpoint of each being the *countermeasures* presented at the end of each chapter.
   
   Some items which I would like to highlight, as they resonated with me:
   o Whether you are fully familiar or a nascent understanding of crimeware and its many manifestations, Chapter 1 alone provides a concise overview. This introduction gets your mind in swing, and puts you in the zone, if you have only time to read one chapter - this is it. You'll finish with a working knowledge and familiarity of crimeware.
   o Crimeware's business model hit the sweet-spot. The explanation is clear. The monetization requirement of the perpetrators is accurate, and from my own perspective (i.e., that of one who invests heavily in the "why" side of these discussions), the content provides meaningful grist for future discussions.
   o Education as a means to thwart crimeware makes imminent sense. Again the points advanced are spot-on, as the audience receiving *Security Training* must be exposed to the "why" before you try and project the "what" or the "do" upon them. I would add, that messaging, regardless of vehicle, be it cartoons, video, hoardings or print media, should be aligned to project the positive actions of a given scenario. The rationale being, individuals align with positive behaviors and outcomes and disassociate with a negative exemplar.
   o The endnotes are in reality an extraordinary extensive bibliography on the topic of crimeware, which alone is worthy of review.
   In sum, Jakobsson/Ramzan have it right - crimeware is here, and it is here to stay. Perhaps if we collectively work together we may be able to hold back those investing in the development of crimeware. This collaborative guide is a great stepping-stone to the next level of trust and engagement.
   
   Christopher Burgess
   Co-Author: Secrets Stolen, Fortunes Lost: Protecting Intellectual Property in the 21st Century (Syngress, March 2008).



2. Crimeware
   Understanding New Attacks and Defenses
   Author : Markus Jakobsson, Zjlfikar Ramzan
   Publisher: Symantec Press
   Reviewed by: Michael Cooter
   
   Pros: Covers wide variety of topics that would be of great interest the security researcher .
   Cons: While covering Attacks in depth, I felt the defensive techniques very theoretical and not practical enough.
   
   Chapter List: Chapter 1 "Overview of Crimeware", Chapter 2 "A taxonomy of Coding Errors", Chapter 3 "Crimeware and Peer-to-Peer Networks", Chapter 4 "Crimeware in Small Devices", Chapter 5 "Crimeware in Firmware", Chapter 6 "Crimeware in the Browser", Chapter 7 "Bot Networks", Chapter 8 "Rootkits", Chapter 9 "Virtual Worlds and Fraud", Chapter 10 "Cybeware and Politics", Chapter 11 "Online Advertising Fraud", Chapter 12 "Crimeware Business Models", Chapter 13 "The Educational Aspect of Security", Chapter 14 "Surreptitious Code and the Law" Chapter 15 "Crimeware and Trusted Computing", Chapter 15 "Crimeware and Trusted computing" Chapter 16 Technical Defense Techniques, Chapter 17 "The Futrue of Crimeware"
   
   Book Review:
   "Crimeware Understanding New Attacks and Defenses" is a new book from Symantec Press that covers the latest techniques in which malware(crimeware) is being used to infect, propogate and take over computer network, firmware, and systems.
   
   The book is comprised 17 chapters that cover not only the latest in malware but also includes topics that are not covered any many other sources such as Transaction Generators, drive by pharming, and malware spread via wireless routers vs. the internet as an attack vector.
   
   While each chapter is really a self contained entity independent of any other chapter, I read this book cover to cover in less than 3 days. I found the new topics (new to me anyways) such as Transaction Generators, how criminals profit from malware, and the threat of a Wifi Malware epidemic, kept me hooked as if I were reading a techno thriller.
   
   The only reason why I would not give this excellent book a 5 star rating was I felt the chapter on new Defenses was lacking. While it outlined a new way of thinking in defense to counter these new threats, the same attention to detail of that the authors gave to the attack side of the coin, I felt was not given to defense. I found the defensive chapter to be far more theoretical than practical.
   
   
   
   
   Summary:
   
   "Crimeware Understanding New Attacks and Defenses" is an excellent read, and belongs on the bookshelf of any IT professional who has a responsibility or even an interest in latest in information security.



3. First off, to be fair I should point out that I am a co-author of one of the chapters (Chapter 5), but I still read the remainder of the book like everyone else, and I don't receive any benefit from sales, so I think the review is fairly objective.
   
   This is the first book to describe the mounting problem of crimeware in a manner that is both accessible to a general readership and helpful to the expert reader. Written by expert contributors in the field of security, it details how cyber crooks are launching attacks on businesses and society, and predicts the trends in Internet security. In contrast to most security books, this book covers not only technical aspects, but also social and legal aspects of security. The book has descriptions of the current and predicted threat pictures, and discussions of meaningful countermeasures, including possible educational campaigns to support other countermeasures. It is a book that is difficult to put down once you have started reading, at the same time as it is likely to remain a useful reference for quite a while.
   
   As has been commented previously, each chapter is more or less self-contained, and so readers can skip to chapters of interest. Further, rather than just considering the technical problems and solutions of online crime, it considers the broader holistic problem of security and crime. I strongly recommend this book to those that want to understand the current and future online threats.



4. There was a time when viruses and worms were written primarily for the purposes of creating chaos and getting 15 minutes of fame in the malware underworld. Script-kiddies could crank out exploits that spread like wildfire and interrupted computer and network productivity, but with little impact or implication beyond the annoyance factor in most cases.
   That time is gone. It has been gone for a while now. Professional criminals and crime syndicates eventually figured out that these same attacks and exploits, if properly crafted, could represent a windfall of ill-gotten cash. Rather than trying to have the greatest impact and notoriety, today's attacks seek to find a balance between compromising as many machines as possible while also staying under the radar and remaining undetected by users or security software.
   
   The authors of Crimeware: Understanding New Attacks and Defenses have put together a comprehensive and thorough guide to current malware- which they call crimeware- and how to defend against it. Rather than go on about the scope of the book, I will just list the chapters and let you judge for yourself.
   
   1.Overview of Crimeware
   2.A taxonomy of Coding Errors
   3.Crimeware and Peer-to-Peer Networks
   4.Crimeware in Small Devices
   5.Crimeware in Firmware
   6.Crimeware in the Browser
   7.Bot Networks
   8.Rootkits
   9.Virtual Worlds and Fraud
   10.Cyberware and Politics
   11.Online Advertising Fraud
   12.Crimeware Business Models
   13.The Educational Aspect of Security
   14.Surreptitious Code and the Law
   15.Crimeware and Trusted Computing
   16.Technical Defense Techniques
   17.The Future of Crimeware
   
   This book is not just another compendium of malware and defensive countermeasures. This book provides that, but goes beyond that to educate the reader and provide tremendous insight about how and why crimeware works.



5. Crimeware is a collection of chapters collectively written by 40-odd security researchers. Sometimes this approach is a formula for disaster, but here the end result is a solid book that covers a broad number of topics. Because each author or group of authors know their field well, they can delve fairly deeply when necessary, and their material is technically accurate. However, some of the chapters are boring and lifeless. This book blocked my reading queue for about 4 months, which is a sign I found the text unappealing. It took a flight from Amsterdam to convince me to finish it! Still, I agree with many of the other reviewers -- Crimeware is an impressive examination of malware, on a variety of fronts.
   
   Chapter 8: Rootkits, by Prashant Pathak, was my favorite. I've read books on rootkits before, by Pathak's chapter presented the subject in a very understandable manner. His methodical and disciplined approach seemed very effective. He explained various approaches and terms, instead of assuming the reader knew what he was discussing already. I recommend reading chapter 8 before tackling other books on rootkits.
   
   Chapter 1: Overview of Crimeware, by Aaron Emigh and Zulfikar Ramzan; Chapter 6: Crimeware in the Browser, by Dan Boneh, et al; and Chapter 7: Bot Networks, by James Hoagland, Zulfikar Ramzan, and Sourabh Satish addressed the core malware topics I would expect to appeal to the sorts of readers who frequent my blog. While several other chapters offered novel research, these three plus the rootkits chapter are probably most helpful to those defending networks.

1 comments about Identifying and Exploring Security Essentials.

1. Delivered as advertised. Very quick service. I would buy from them again in the future

5 comments about Dot Dead: A Silicon Valley Thriller (Silicon Valley Mysteries).

1. Admittedly, mystery is not my favorite genre, but I purchased this book after being persuaded by the author himself at the local bookstore.
   
   The characters lacked depth and are completely unbelievable. The 911 operator actually exclaims "Oh my" when the protagonist tells her that he's been attacked in his home.
   
   Everyone was beautiful, successful, athletic, rich, has an Ivy League or Stanford education. Having grown up just minutes away from Palo Alto, I found incessant references to the "fair city" of Palo Alto laughable at first but soon they became an annoyance. This is not a tough mystery to figure out, but somehow it took the protagonist 280 pages to do it.
   
   My advice, skip this one and the leave the sleuthing to Nancy Drew.



2. This is a fast-paced mystery set in Silicon Valley with a little of it taking place in Del Mar outside of San Diego. The characters are well developed, mostly likable, with the author doing a great job in making them believable. The plot was carefully thought out with many surprises and twists. As an ex-Silicon-Valley exec, the best and worst of the area comes through accurately. The hero, a likable Silicon Valley executive shows his brilliance as he tries to solve a crime. Highly recommended. Once I got into it I couldn't put it down. It would make a great movie.



3. There are things that one never wants one's maid to do - such as being dead in one's bed. "Dot.Dead: A Silicon Valley Mystery" follows Ian Michaels as he happens upon this situation and immediately finds himself the top suspect in the investigation. With the help of his maid's sister, he tries to clear his name, find out who framed him for it all, and glean the answer to the most important question of all - why? "Dot.Dead: A Silicon Valley Mystery" is a top pick for mystery fans and community library collections catering to them.



4. Ian Michaels, the number two guy at Silicon Valley's Accelenet, comes home early on a Wednesday only to be knocked unconscious by some unseen assailant. When he gets home on Thursday, the maid is lying dead on his bed. Ian is the obvious suspect: he'd never met the woman, but a surprising number of clues point to him having been romantically involved with her. Eager to clear his name, Ian makes himself unpopular with the police department by playing amateur sleuth--contacting the dead woman's family and friends, searching her computer. In the process, he finds himself half falling in love with a woman he'd only known through Post-It notes.
   
   Compounding the stress of the police investigation are some tensions at work. Ian needs to prepare for an important board meeting: he wants to convince its members to move Accelenet in an exciting if risky new direction. His success may prompt Ian's boss and long-time friend, Silicon Valley legend Paul Berk, to finally make Ian CEO.
   
   Dot Dead is a very good, well-constructed mystery: Raffel artfully punctuates the book with subtle clues that leave us mentally fingering a number of different suspects. After going back and forth a number of times, I did finally focus on one particular character--and I turned out to be right--but it took me a while. Near the book's end a British-drawing-room-style exposition of the case, translated to the modern living room, is perhaps slightly anticlimactic. But that's the worst criticism I can come up with. The book, Raffel's first, is a great read. I hope he has more coming.
   
   -- Debra Hamel



5. I enjoyed this book - without repeating the plot already described by others, it was a good mystery, well written. There were enough potential "bad guys" to hold my interest. I came to Amazon.com to see if Keith Raffel had written any more books, and am disappointed to find that apparently he has not.

No comments about Cybercrime: Criminal Threats from Cyberspace (Crime, Media, and Popular Culture).

5 comments about Honeypots: Tracking Hackers.

1. Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.



2. Honeypots is an excellent introduction to the subject of honeypots, useful as a reference for experts as well as for beginners to the subject. It is written very clearly and provides step-by-step instructions with plenty of examples and screenshots. It covers commercial, open source, and do-it-yourself solutions, from very simple low-interaction detection honeypots to very high-interaction research honeypots. A CD-ROM is included with software and example data collected by honeypots. One defect is a fairly large number of typos.



3. This book did a great job of presenting the concepts of modern honeypot technology. It begins by covering the basic concepts of what the different types of honeypots can do, the different design concepts of production honeypots vs. research honeypots and how honeypots can be an aid to network security in any organization. The one thing I did'nt like was the "flow" of the book and the way some chapters were written. There was an exessive amount of fluff, some topics were beat like a dead horse. The book could easily have shaved off 50 pages making it a better read. Overall, it was a great book, I learned a lot, and would recomend it to anyone looking for an intro to honeypots. The included CD was a plus as well.



4. This book is written with obvious passion towards honeypots as the author obviously believes in the power of honeypots in making the corporate network a safe place. The discussion cover simple and advanced topics in honeypot motives, creation and trapping hacker information. In all, a well researched book that evangelises the use of honeypot intrusion detection



5. I bought this to help perform research on a security course that I'm preparing. Even though the information on some of the honeypot programs is a bit outdated, I still found the book very helpful. It's well-written, and gives a very good explanation of how to implement honeypots. It was a tremendous help in my research.

5 comments about Fake: Forgery, Lies, & eBay.

1. This "author" is a liar, a lawyer, and a snitch. If you think it couldn't get any worse it does: he thinks his writing is clever. Wait for his victim (Fetterman)'s book.



2. Someone had recommended this book to me as a "good read". really didn't even know why I bought the book as I thought reading about ebay would be totally boring. Well I was wrong. The book sat on a shelf at my home for 3 months before I even opened the cover. Couldn't sleep one night and picked the book and started to read. I honestly couldn't put it down until I had finished from cover to cover. It is a great story and well written by the author. Whether you don't care about art or even Ebay this is an interesting story written in such a way that you find yourself totally emersed in the deceptions of an art forger who gets caught and the story line of getting caught and punished in a court of law. This is a good read.



3. This great analysis of the internet market over eBAY has been passed through the art lovers in our family. Their response has been very interesting, indeed !



4. Kenneth Walton's book is a can't-put-down revelation of true character growth.
   
   In the beginning, he describes himself as nothing more than a shallow, run-of-the-mill law school graduate who -- after only a year on the job -- was already desperate to escape his boring daily grind as just another faceless attorney at a large Sacramento law firm. I've known many young, newly-minted professionals (accountants, doctors, lawyers) in the same predicament: After investing years in their educations and taking on crushing student loans, they finally graduate and are suddenly faced with the reality of the inhuman hours, incredible stress, and limited options inherent in working for a large, traditional institution (as the author discovers, such big law firms are always the same, whether located in Sacramento or Paris). At that point, many start to desperately seek a way -- any way -- out of the madness. I know a couple of former corporate attorneys who are now much happier working at other jobs (rafting guide, truck driver) that have nothing whatsoever to do with the law...
   
   Unfortunately for the young Mr. Walton, he didn't choose at that point to simply abandon the practice of law and run away to become an honest cowboy, fireman, plumber, Starbucks barrista, etc. Instead, he unhappily struggled on. Soon, his sad career plight was noticed by the slyly experienced Mr. Fetterman, who proceeded to milk Mr. Walton's desperation into a slippery plan to assist him in his lucrative eBay con games. However, since any successful con game depends on the greed and deception (especially self-deception) of BOTH the conner and the connee, Mr. Walton convinced himself to continue compromising his principles by acting as an eBay shill. He sank slowly ever deeper into his moral quagmire, mainly by choosing to adopt a Sgt Schultz outlook ("I know nothing... NOTHING!") towards the whole stinking mess. Eventually, the young lawyer gives up even that flimsy charade and commits a single act of deliberate forgery that explodes on eBay in a truly unforgettable manner.
   
   Kenneth Walton is a wonderful storyteller. His clear prose and spare style move his tale of self-deception right along. I can't recall any other memoir that has impressed me so much for its sheer readability, and the honest and painful regret that is eventually expressed.
   
   The real payoff (for both the author and reader) is in witnessing the amount of redeeming character growth which is experienced. In the end, he doesn't whine or complain about being treated unfairly, or try to justify his nefarious behavior. Rather, after finally coming clean, facing the music, making restitution, and accepting a felony conviction, Ken expresses sincere regret for his actions and the harm they caused to his victims (who were often working their own cons) and, most importantly, to his innocent friends and family members whom he let down (and who steadfastly stood by him as the saga unfolded). His denouement reminds me of the moral truth so forcefully expressed in the monologue by Danny DeVito's charactor at the end of the movie The Big Kahuna.
   
   A great book!



5. This isn't the most well-written book but it is a fast read and an interesting one. At times it got a little self-serving but that's to be expected in a memoir of this type. I'd definitely recommend for people interested in learning a little more about the types of fraud that can take place on eBay. It's a good cautionary tale.

No comments about Computer Forensics: Investigating Data and Image Files (Ec-Council Press Series: Computer Forensics).

1 comments about Cybercrime: Digital Cops in a Networked Environment (Ex Machina: Law, Technology, and Society).

1. This book is a must read for all cyber investigators, all computer forensics, all computer users, all IT personnel, and of course, for all WRITERS like me! Cold Eyes