The Complete Hacker's Handbook : Everything You Need to Know About Hacking in the Age of the Web
by Dr. X, Dr. X
Average Customer Review:
Paperback (01 October, 2000)
list price: $14.95
US | Canada | United Kingdom | Germany | France

Reviews (8)

What!?
I bought this book a while back... as in years.Even then the information was so dated that you couldn't really get all that much information from it.Only way I'd pick it up is if I wanted to take a look back and dream of the old days, or learn how things might have worked if technology and methodology had not advanced.

Everything You Need To Know? Not Quite.
I'm a Unix System Admin, therefore, as you might guess, I have a real and tangible reason to be interested in hackers. Protecting information and my servers is part of my job.

I also have a genuine interest in the entire hacker/cracker field ( yes, these are two very different things ) and I've read a lot of books on the subject - everything from the textbook system guides, to the Kevin Mitnick great-hacker-chase. There are hackers I admire, those with a true hacker ethic. There are also crackers who I think are in it for themselves and themselves alone - that's not what the whole "open source" community is all about...but I digress. Sorry.

With regards to this book, it is mostly an overview. There is a lot of cursory infomation and this information is available most anywhere on the net, all you have to do is look. That's the beauty about the internet - the information is out there, check any search engine. This book does not give any great insight or additional value to what you might find trolling the user groups or informational web-sites.

On the other hand - the information is already gathered for you and in book form. That's a plus.

For those "script kiddies" out there - SORRY. This book is definitely NOT a "how to".

It's also just a little arrogant to indicate that this 192 page book is "everything" you need to know about hacking. That's impossible. Any hacker, or computer professional, will tell you that from the start. The IT/Information Technology field is constantly growing and changing. Information is outdated the second it is published. Security holes are plugged and discovered on a daily basis.

Many of that hacks listed here have already been patched and addressed.

There is some good information here - I believe another reviewer indicated this is a good book for management. I'd have to agree. It's great to give you a starting place, a few buzz words and some concrete starting position information.

If you really want to be a computer professional, if you need to protect your server against hackers - this is NOT the book for you.

This book is for those who'd like an overview - just slightly more technical than an average computer industry article.

There are some really wonderful "computer security" and "network security" books available here at Amazon. If you have some interest in this field - start with some of the "Maximum Security" series of books.

Do I regret buying this book? Ultimately, No. I've got a great deal of interest in this subject and it's always good to know the kinds of books that are "out there".

Consider it a good purchase as an introduction to the hacking world. You'll definitely gain some insight. It is interesting, if you have the basic curiosity. For the management types, it will give you the starting-pad and buzz-words you need to speak to your Sys Admins about security.

Best Regards, turtlex

Not Worth it
Leaves much to be desired. A few insights, but no more then can be gleamed from a well written magazine article. There are much better resources/books out there.

But, If you are JUST looking for a MANAGEMENT level overview without ANY detail, it might have SOME value to you... ... Read more

Isbn: 1858684064
Sales Rank: 444891
Subjects:  1. Computer Bks - General Information    2. Computer Books: General    3. Computer hackers    4. Computer security    5. Computers    6. General    7. Handbooks, manuals, etc    8. History    9. Security    10. Reference   

Hackers
Director: Iain Softley
Average Customer Review:
VHS Tape (30 July, 2002)
list price: $4.94
US | Canada | United Kingdom | Germany | France

Editorial Review

As a depiction of the computer-hacker underground, this movie is bogus to the bone. As a thriller, it's cartoonish and conventional. The premise (computer-happy kids hack into the wrong system, and the Forces of Repression come after them) is recycled from John Badham's 1983 WarGames. And the corporate-creep bad guy, played by Fisher Stevens, steeples his fingers and growls mossy villainous clichés. ("By the time they realize the truth, we'll be long gone with all the money.") For all its postmodern trappings the movie is working with sub-prehistoric storytelling tools. But it does succeed on one level, as a movie about adolescent bonding and alienation. The director, Iain Softley, helmed the Beatles-in-Hamburg biopic Backbeat, and he seems to have an instinct for the emotions that pull kids together around common interests and the insecurities that drive them apart. The familiar crises of loyalty and betrayal have an ache of real loneliness. It doesn't hurt that the two stars, Jonny Lee Miller (Sick Boy Williamson in Trainspotting) and Angelina Jolie (Gia), are just about equally gorgeous and charismatic; their longing glances steam up the screen. --David Chute ... Read more

Features

• Color
• Closed-captioned
• NTSC

Reviews (270)

Mostly eye candy
This isn't particularly a movie about hacking. It's one that took the theme, dressed itself and the hackers in unlikely shininess, and thereby becomes interesting mostly through its fauxness - it has at most one or two scenes to do with real hacking, instead spending a lot of time on not very convincing generalisations to carry the story.

It's basically really a prettified action movie on the geekish side. The drama, the sexy (Jolie-related) and amusing scenes are enough to make this an amusing time killer, but not something that'll make you particularly laugh or smarter.

Slightly more interesting in the genre would be Antitrust, which also fails to be accurate but instead relies more on suspense, which it does pretty well.

best movie about hackers
U should see this movie to understand who's the hell hackers is, they manifesto, they work, they dreams. Great actors, cool soundtracks. Must have item!

yawn
I've seen a lot of movies that were absolute rubbish but, in the genre computer hacking, this one made an effort to be glossy, expensive, perfect world looking designer rubbish. The acting was terrible, the believability level was very low. There wasn't much of a plot to keep me interested and all the characters seem so sterotypical. This movie is only good for background wallpaper in industrial-style nightclubs ... Read more

Asin: 079284467X
Subjects:  1. Feature Film-action/Adventure   

Hack
Average Customer Review:
Audio CD (05 October, 1990)
list price: $5.98 -- our price: $5.98
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Reviews (16)

Satellite
Base 2: 0011000011010111000110110101010011
###I bought this CD way back when for "Think.">/font<
function amzjs_PopWin(url,name,options){
var ContextWindow = window.open(url,name,options);
ContextWindowfocus();
return false
###I used to think the lyrics to this album were corny until I realized I could write no better.The art design of the album is simple but really neat!!I've always liked junk circuit boards and LED lights myself.Plus I think I resemble a bit of Kurt, so I vicariously enjoyed that wild hair he has.
*****img src=www.}:-)>
###What most people don't like is all the "filler."I, on the other hand, have a contrary position.The "filler" tracks (or sub-tracks) are the best parts!A little bit of piéce-concrête submerged in real sampling, mixing, super-catchy riffs and beats (far better than the music), and I've even sampled straight off this CD for my own non-profit purposes
>/tbody>
/table>
ta>ble width="100%" border="1" cellpadding="0" cellspacing="0">
>
> > /td> supersecretmessage
>/tr>
/tbody>
/table> center>
###The music on this album is actually very original, upbeat, and cleverly infused with sound effects.As a listener of Jean Michel Jarre, I immediately found this album an attractive choice for my "headphone" sessions.I'll admit that it took me awhile to get used to some of the songs.The best of the album is "Think," followed by the similarly themed "Now That I Have You," "Mirrorshades" (awesome chamber orchestra sample), and even "Chemistry," which is somewhat of a sadder tune coming from a bunch of computer geeks.
/td>
###The HACK car is the coolest thing.I would've done it a little differently myself, but I will design my own car someday, perhaps putting it on an album cover...an homage to the binary forces known as InSoc.You can check out more of it here:

http://www.insoc.org/Car.HTML

Their masterpiece...
I love the first Information Society album. One could call it a great debut. But in this other album, HACK, Information Society's musical evolution is very notable. This album is more mature, the songs are tied in with each other and you can say it is like a live show. You got an intro song, and instrumental song and a song singed by X singer, then the same sequence and a song singed by another singer (two singers, both with great styles and voices)
To summarize: you can find an album filled with very easy listening and radio oriented tunes, in time you will get tired of it, on the other side, you can have a experimental album, so proggressive, so evolutioned you will get tired of not hearing any true single or radio friendly album, it is very HARD to find an album with experimental, more deep, different than your average radio single song but nevertheless excellent songs that also contains instant hits and radio oriented songs. HACK is an album that does both extraordinary well. Just when you think that you have had enough of radio friendly songs and want something more deep, more artistic there comes a songs that does it, and viceversa.
Another great fact of this album is the intros songs (or subsongs) I told you before. Buy this album, close your eyes and prepare to have an extraordinary fine synth pop experience, but experimental and radio friendly. This is INSOC masterpiece, an almost perfect album.

Still wonderfully enjoyable after all these years
After knowing a considerable amount of success in the late 1980's with their first eponymous release (which contained such hits as What's on your mind, a classic of the synth-pop era, and Walking Away) techno-pop band Information Society was a lot less lucky with their sophomore effort, Hack. It didn't do as well as the previous one, despite some really good radio-friendly tracks and potential hits. The single "Think", for example, is one of those songs that are so catchy and infectious you can't help but sing along with them; same goes for "How long", "Now that I have you" (which, I'll admit, sounds uncannily like Think)and "Can't slow down" as well as "Mirrorshades". Surprisingly enough, these two are some of the highlights of the album, despite not being sung by frontman Kurt Harland. You can tell by listening to the numerous interludes that Harland and his bandmates had a blast playing with their computers and throwing in all those samples; one may say that it's too much, but I think that it's what made InSoc so original and fun. This being said, however, I can't say that Hack is InSoc's best album. It's a little too messy and it contains too much fillers (Fire tonight is excruciatingly boring, just like If only is)for my taste. But overall, it's still a great album from a band that, unlike so many others from that period, passed the test of time pretty well. ... Read more

Asin: B000002LLW
Sales Rank: 15059
Subjects:  1. Club/Dance    2. Dance-Pop    3. Pop    4. Rock   

Hack Proofing Your Network: Internet Tradecraft
by Ryan Russell, Stace Cunningham
Average Customer Review:
Paperback (15 January, 2000)
list price: $49.95 -- our price: $49.95
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

Too many network administrators depend on the "big sky" principle ofnetwork security--they believe that the large number of Internet-connectedmachines out there will keep black-hat hackers away. Hack Proofing YourNetwork: Internet Tradecraft points out that statistics are no defense, andthat such an attitude is irresponsible. The book shows steps that you can taketo harden your resources against attack. Although most of the material in thisbook isn't up-to-the-minute (how could it be, when the tactics of attackerschange daily), you can discourage hackers by implementing the strategies that itdescribes.

Many antihacking texts assume a fair bit of knowledge, but this one doesn't.Ryan Russell and coauthors explain many terms and concepts, such as trafficsniffing, cryptography, and file differentiation ("diffing"), and the tools thatevildoers use to wreak havoc on the systems that they attack--complete withInternet addresses from which you can download them. The book walks you throughsample attacks, too, such as hijacking a connection by using a tool called Hunt.Overall, this is a fine introductory-to-intermediate antihacking volume thatleads well into more current and advanced resources. You might want tosupplement it with two other practical computer-security books: Hacking Exposed catalogues manyof the tools that bad guys use, while Network Intrusion Detectionhelps you analyze security logs and spot attacks in progress. --DavidWall

Topics covered:

• Modes of attack, and means of defending againstthem
• Political environment governing software and networking
• Laws andpolicies springing from that environment
• Approaches to the problem ofbreaking into systems or denying their services to legitimate users
• Spoofing
• Sniffing
• Transmission interception
• Several other populartactics

... Read more

Reviews (17)

better than exposed
better than exposed. much more detail, but too little reference material.

Give me a break!
Hardly any detail in the examples and missing too many important and common techniques.

Good Introduction
As a technical writer wishing to learn more about network security, I found this book helpful. I feel it is also of use to sys admins wanting to know more about trying to "hack-proof" their networks. While other books may give more in-depth info, this one covers a lot of basic information. Areas such as the "politics of hacking," the laws of security, different types of attacks, diffing, cryptography, buffer overflow, packet sniffing, spoofing, etc. are covered here.

There's also chapters devoted to the infamous "security holes" on every computer and how to deal with attacks or viruses. As others have pointed out, this may not be THE DEFINITIVE book on network security, but it does offer a good general approach to it. ... Read more

Isbn: 1928994156
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books: Internet General    3. Computers    4. Internet - General    5. Internet - Security    6. Networking - General    7. Programming - Systems Analysis & Design    8. Security   

Hacking Exposed: Network Security Secrets & Solutions (Hacking Exposed)
by Stuart McClure, Joel Scambray, George Kurtz
Average Customer Review:
Paperback (10 September, 1999)
list price: $39.99
US | Canada | United Kingdom | Germany | France

Editorial Review

Whenever Hollywood does a movie in which someone breaks into a computer, the hacking scenes are completely laughable to anyone who knows the first thing about computer security. Think of Hacking Exposed: Network Security Secrets and Solutions as a computer thriller for people with a clue. This is a technical book, certainly--URLs, procedures, and bits of advice take the place of plot and characters--but the information about hackers' tools will leave you wondering exactly how vulnerable your system is. More to the point, the explicit instructions for stealing supposedly secure information (a Windows NT machine's Security Access Manager file, for example) will leave you absolutely certain that your computers have gaping holes in their armor.

The book describes the security characteristics of several computer-industry pillars, including Windows NT, Unix, Novell NetWare, and certain firewalls. It also explains what sorts of attacks against these systems are feasible, which are popular, and what tools exist to make them easier. The authors walk the reader through numerous attacks, explaining exactly what attackers want, how they defeat the relevant security features, and what they do once they've achieved their goal. In what might be called after-action reports, countermeasures that can help steer bad buys toward less-well-defended prey are explained. If you run Linux, you may want to supplement the Unix information in this book with Maximum Linux Security, another practical-minded and very popular security text. --David Wall

Topics covered: The state of the art in breaking into computers and networks, as viewed from the vantage point of the attacker and the defender. There's information on surveying a system remotely, identifying weak points, and exploiting weaknesses in specific operating systems (Windows NT, Unix, and Novell NetWare, mostly). Coverage also includes war dialers, circumventing firewalls, denial-of-service attacks, and remote-control software. There's a cool appendix on the security characteristics of Windows 2000. ... Read more

Reviews (60)

Good, but hard to keep up to date!
The book is great for telling you what it has to tell you. Unfortunately, so many new exploits are found each day, it is hard for the book to keep up to date. I am already a couple of revisions behind. Still, it is a worthwhile read.

Excellent for beginning hackers
If you want to go over to the 'dark side', this book describes enough hacking technique to turn you into a 'script kiddie' (or enough to defend against them). Of course, it's the things that the book *doesn't* go into detail about that makes you want to learn more in-depth detail about network security (things like buffer overruns and process hijacking). A good starting point for budding hackers, people who administer networks, or anyone who is technically-minded. It also teaches enough about Back Orifice and NetBus to have fun messing with your co-workers on those occasional boring days in the cubicle!

Exposed your network
This is the first technical book about security in network/systems. I found that some books only show how to "close" a hole in a network without informing what it is closing from. This is a good book for busy administrators that does not have enough time to update himself, since this book is a compilation of security threats/tools/defences ... Read more

Isbn: 0072121270
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books And Software    3. Computer Data Security    4. Computer networks    5. Computer security    6. Computers    7. Networking - General    8. Security    9. Security measures   

Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
Average Customer Review:
Hardcover (14 August, 2000)
list price: $29.99
US | Canada | United Kingdom | Germany | France

Editorial Review

Whom can you trust? Try Bruce Schneier, whose rare gift for common sensemakes his book Secrets and Lies: Digital Security in a Networked World bothenlightening and practical. He's worked in cryptography and electronic securityfor years, and has reached the depressing conclusion that even the loveliestcode and toughest hardware still will yield to attackers who exploit humanweaknesses in the users. The book is neatly divided into three parts, coveringthe turn-of-the-century landscape of systems and threats, the technologies usedto protect and intercept data, and strategies for proper implementation ofsecurity systems. Moving away from blind faith in prevention, Schneier advocatesswift detection and response to an attack, while maintaining firewalls andother gateways to keep out the amateurs.

Newcomers to the world of Schneier will be surprised at how funny he can be,especially given a subject commonly perceived as quiet and dull. Whether he'sanalyzing the security issues of the rebels and the Death Star in StarWars or poking fun at the giant software and e-commerce companies thatconsistently sacrifice security for sexier features, he's one of the few techwriters who can provoke laughter consistently. While moderately pessimistic onthe future of systems vulnerability, he goes on to relieve the reader's tensionby comparing our electronic world to the equally insecure paper world we'veendured for centuries--a little smart-card fraud doesn't seem so bad after all.Despite his unfortunate (but brief) shill for his consulting company in thebook's afterword, you can trust Schneier to dish the dirt in Secrets andLies. --Rob Lightner ... Read more

Reviews (112)

Book stradles both worlds: academia and corporate world ...
of IT Security.

While Bruce Schneider rehashes old ideas discussed in his other IT Sec books, this read is well organized, with lots of practical examples and quite thorough in his extensive coverage of all security measures.

The best thing about this book is how the presentation of various IT Security measures makes the reader aware of how imporatnt security policies are and what the important aspects of security management are.This read is definitely beneficial for IT and Security managers.

When reading this book I could not help but get annoyed with how verbose this book is.One could easily eliminate various paragraphs and still maintain the integrity of the books message.

Great perspective on cybersecurity
As a graduate student in computer science, I can attest that the book is technically accurate with light-to-modereate depth.Bruce Schneier's use of real-life examples (along with a salting of imagined scenarios) and just good plain sense allows him the freedom to provide sufficient detail for the informed reader without ailienating newcomers.This is a great book for anyone interested in putting digital security in perspective from the owner of a company to an academic researcher.The narrative is witty and entertaining, while still being informative, although some people may find him a little condescending at times.

The most interesting part of the book for me was Part I: The Landscape, where Schneier describes security threats in general.My only real criticism is that the book felt repeatative towards then end; the examples were refreshing and informative at the beginning, but were old news by the end of the book.A more condensed version would be suitable for most people.

Very good, but with some caveats
I finished the entire Bruce Schneier book "Secrets and Lies". I thought it was excellent but also I think it suffers from some very deep flaws.

1) While Schneier goes a long way to prove his point that open-source, non-proprietary software is, in general, more secure than closed-source, proprietary software, he fails to consider critical differences between types of open-source projects. All open-source, in other words, is not created equal. There are critical distinctions between the open-source projects undertaken by ANSI or other standards-making bodies and the open-source world of projects like, say, linux.

Under ANSI, standards are created by a consortium of business, government and industry bodies, usually employing the top people in the business. This consortium is structured like a giant software company designing a proprietary product, with all the checks and balances, redundancies, code testing, spec designs, etc. ANSI then asks for feedback from the entire user community, with the whole process from specs to product often taking years. Contrast this with the world of nobodies and semi-somebodies that often lead open-source linux and other projects like Mozilla. Such projects are more or less led by hobbyists in an ad-hoc fashion since the resources to do proprietary-style software development are not there.

The question is how much of open-source linux's reputation is riding on the reputation of open-source ANSI? How often is the quality between the two confused?

2) Schneier fails to fully consider problems with his suggestion that insurance companies market liability insurance to handle the cost of security breaches. They know the risk business, he claims, and, therefore, they are in a position to estimate the risks of such security. A laudable idea, except what happens if insurance companies know their business well enough not to provide any coverage at all? There is, in fact, a historical analogy: vaccines.

In 1976, an unusual epidemic of "swine flu" occurred at Fort Dix. The federal government decided to vaccinate the entire country. The Congressional Budget Office predicted that, with 45 million Americans inoculated, there would be 4,500 injury claims and 90 damage awards, totaling $2 million. Despite these statistics, insurance companies refused to participate. Amid denunciations of corporate greed, Congress decided to provide the insurance.

It turned out that the CBO was about half right. A total of 4,169 damage claims were filed. However, not 90 but more than 700 lawsuits were successful and the total bill to Congress came to $100 million, 50 times their initial estimate. Insurance companies knew their business well.

The point that Schneier needs to understand is the concept of "strict liability" that has replaced the older concept of "negligence." Under negligence, a plaintiff had to prove intent or fault. Under strict liability, a plaintiff does not. In effect, the theory says that damage has occurred and that someone has to pay. How does a cyberspace security company insure itself under such circumstances, at least at a premium that is not the value of the entire company? It cannot and like most of the vaccine business, such cyber security companies would simply leave the market.

3) Equally silly are some of the analogies Schneier uses to describe the state of the software industry and his laments about the lack of institutions to enforce solutions: "Skyscraper 1.0 collapses, but we will get it right in Skyscraper Version 1.1" or "a defective automobile gets recalled, but no one recalls software" or "we have the FDA, the UL or other institutions but nothing similar for software."

A skyscraper collapsing is not an example of a security problem. It is an example of a functionality problem. A skyscraper collapsing because a plane crashed into it is an example of a security problem. A skyscraper collapsing on its own means someone did not pay enough attention in architecture school: not enough schooling in statics or finite element analysis. But no amount of schooling could anticipate a plane crashing into a building, let alone prevent a collapse...unless an architectural equivalent of the Multics operating system were erected with all the functionality problems that such a building would have.

The same is true for automobiles. A car running off the road because the brakes stop working or the accelerator sticks is an example of a functionality problem. A car running off the road because another car hits it is an example of a security problem. And no amount of engineering is going to prevent an accident (or car thefts, for that matter.)

It is just as pointless to expect regulations or some third-party government body to handle this problem. Product recalls, Underwriters Laboratories and the FDA all deal with functionality problems, not security problems. Even safety issues, which could be likened to protecting valuable assets (just like security), deal primarily with functionality (recalling a car because the engine computer could shut down your engine while driving is a functionality problem while an engine computer susceptible to some device that opens your doors is a security problem; making sure a drug's side effects don't kill you is a functionality problem while making sure the packaging is tamper-evident is a security problem).

This should be obvious to Bruce since he himself admits that security testing is impossible, so what good is some outside regulator going to do, except institutionalize low standards? Automobile crash tests are one notorious example. Car manufacturers make a big deal out of them but what do they really test? An offset test, where half the front portion of a car is smashed against a heavy steel block just tells us how a car would behave if smashed into a heavy steel block. Specifically, since the mass of the block is greater than the car, the test simply measures how the cars structure reacts to the force generated by that car's own mass and acceleration. It tells us nothing about how it would react if, say, hit with a similar mass accelerated at the same rate as the approaching auto (presumably, it would do a lot worse).

Ironically, government crash test ratings seem to operate under the same theory as the Orange Book. A Windows machine can get a C2 rating...as long as it doesn't have a floppy drive and is not networked. Similarly, a Honda Prius can get a government five-star crash-test rating...as long as it doesn't get hit by a 4,500 pound Lincoln Town Car or a 6,000 pound Cadillac Escalade. Can the government guarantee that such cars are not going to share the streets with a Prius?

4) The most glaring problem in Schneier's book, however, is something that I call the "craft mentality." When I worked at Encyclopedia Britannica as a research analyst, I noticed that an inordinate amount of time and effort was spent by the management staff trying to preserve the quality of the research Britannica was putting into its products. Less time was spent trying to figure out how to price the products to capture the value of that research, or even trying to determine if that quality was evident or useful to the user (Articles on "Calculus", for example, were written by mathematicians and looked like they were taken out of graduate textbooks, obviously incomprehensible to the average user). Even in the face of hemorrhaging money, management still insisted on maintaining the standard...until they were replaced. In Britannica's case, research analysis was treated as a craft that needed to be preserved, even if that craft got in the way of selling encyclopedias.

Schneier's book suffers from the same problem. There appears to be an underlying need to preserve and pursue security research, security knowledge and other related academic disciplines...to preserve and pursue the basic "craft" to which security reduces. The problem is at what point does the practice of security as a craft interfere with real security? To put it another way, how is it possible to have even rudimentary risk management of cyber space if everyone, including academics, has an unlimited right to know?

We are in the situation of zero-day exploits, script-kiddies, malware, viruses and other problems precisely because of the craft mentality.

Consider the old model of submitting known vulnerabilities to CERT, which would then propagate that information to the industries involved. This process was slow and cumbersome and did not result in the security (i.e. craft) improvements that the submitting parties wanted. In the hopes that it would stir security (i.e. craft) improvements, the vulnerabilities were announced to the world, to be done with as anyone pleased.

Plenty of reasons are given for doing this...all of them specious. Claiming that the initial vulnerability is a problem is pointless if security vulnerabilities are ubiquitous, impossible to prevent, and even impossible to test. Improvements can be made, but true or perfect security is impossible. Claiming that the truly bad guys already know the vulnerabilities so it doesn't matter if everyone knows is equally pointless. No one really knows if the bad guys know the vulnerabilities. It is merely conjectured that they probably do. And the probability of the bad guys knowing is far more secure than the certainty of the bad guys knowing once the vulnerabilities are announced to the world (Imagine a national security agency with this attitude. All the other really bad national security agencies know, so it does not matter if everyone knows. Gee...that works). Claiming to be for publishing vulnerabilities while being against building exploits is pointless if public knowledge of those vulnerabilities leads to the building of the exploits. It is a distinction without a difference. Claiming that security by obscurity is not very good security does not imply that security by transparency is any better.

Discipline needs to be brought back into security. Vulnerability announcements should go through the proper channels, should be treated like a national secret, and should carry very, very stiff penalties for violations. Research should be supervised. The spectacle of Def Con in Vegas and the hacker quarterlies needs to stop with most if not all of those people going to jail and all of them not ever being allowed near a computer again (they can all work at Subway). The law works. Digital content providers, for example, are defending their property rights with heavy handed lawsuits, not quietly going into other lines of business as Schneier suggests.

None of this will happen if Schneier and others insist on maintaining their right to know and to spread that knowledge indiscriminately.

"Shooting the messenger" is the common analogy, but it is a false one. The problem is not that the messenger is bringing bad news. The problem is that the messenger is bringing the bad news to all of the wrong people. That needs to be brought under control.

Hopefully, Schneier will address these problems in another edition of his book. ... Read more

Isbn: 0471253111
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books: General    3. Computer Data Security    4. Computer networks    5. Computer security    6. Computers    7. Networking - General    8. Security    9. Security measures    10. Computer fraud & hacking    11. Data security & data encryption    12. Internet    13. Network security    14. Privacy & data protection   

Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response
by Edward G. Amoroso
Average Customer Review:
Paperback (15 February, 1999)
list price: $49.95 -- our price: $32.97
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Reviews (6)

Not for practitioners
I mistakenly bought this book on (what I thought) was the recommendationfrom a friend. Whoops. Amoroso's book is apparently aimed at students, notpractitioners. The book I really should have bought was Steve Northcutt'sIntrusion Detection Handbook, which is superior by a magnitude, at least ifyou're out in the real world doing real ID. Heck, even if you're still inthe classroom, you should choose Northcutt's book over this one. It's thedifference between theory and practice, and in the computer security field,theory is a blind alley.

Useful as a college text, but not for front-line analysts
I am responsible for a 50+ person intrusion detection mission, and I read this book in August 1999.Had I not read Stephen Northcutt's "Network Intrusion Detection," I may not have given Dr. Amoroso's work threestars.Unfortunately, by catering to a niche audience (probably graduatestudents), this book is not very helpful to folks under fire from maliciousInternet users.Dr. Amoroso is very respected in the field, but I wouldhave preferred less process charts and taxonomy descriptions.Thepublisher does a disservice by stating on the back cover "Systemadministrators, programmers, system and software engineers, and managers oftechnology will find this book invaluable."Had the book beenadvertised as a college text, I would have been less critical.Sorry Dr.Amoroso -- I look forward to your next book, though!

Excellent Theoritical AND Practical Book
To quote the author, the book contains "Lots of information and no quick fixes." And the book contains exactly that! Bravo!

The book is concise, relevant, and very well written. It provides excellentinformation without getting bogged down in minute theory or implementationdetails.

The book provides a solid but practical theoretical backgroundto intrusion detection. It contains relevant real world examples. It doesnot contain a bunch of dated "quick fixes" for each type ofintrusion problem. (If that is what you want, you need BUGTRAQ or CERT, nota book. By the time an intrusion schema fix hits the press, its solution isout of date!)

The book is full of good ideas that are practical and oftenreadily implementable. If you have a hacker/cracker problem, I highlyrecommend you read this book! It will give you good insight into the typesof weaknesses that are exploitable and the types of defenses that areappropriate. There is even a chapter on setting traps to catchhackers.

(Hackers and Crackers: Please do not read this book!)

Jon R.Kibler, Systems Architect, Advanced Systems Engineering Technology Inc. ... Read more

Isbn: 0966670078
Sales Rank: 577485
Subjects:  1. Computer Bks - General Information    2. Computer Books: General    3. Computer Data Security    4. Computer networks    5. Computer security    6. Computers    7. Internet    8. Internet (Computer network)    9. Internet - General    10. Reference - General    11. Security    12. Security measures