I have trouble finishing books I start. For whatever reason, I struggle
through it.
I began reading InfoSec Career Hacking: Sell Your Skillz, Not Your
Soul before I flew home for the summer, and read up until the last
couple chapters and got bored with it. The book has multiple authors and
as a result is sometimes redundant. I had stopped reading at the section
that describes different kinds of attacks, as if the reader didn't know
(duh?).
It took me all summer to finish `Silence on the
Wire <http://www.tssci-security.com/?p=6>`_. I'm so glad I did because
it was an incredible book that gave an entirely new perspective of
security to me.
At the same time as SotW, I was reading Black Ice: The Invisible
Threat of Cyberterrorism by Dan Verton. I haven't finished it, but it
is a good book and will soon. It really touches base on the insecurities
of our nation's critical infrastructure and how disasterous an attack on
it would be to our economy. Really scary stuff!
I've also been reading Body of Secrets: Anatomy of the Ultra-Secret
National Security Agency by James Bamford. This has been a very
interesting book, but very long and small print. I'm absolutely
fascinated with cold-war intelligence and spy stories, but, not much of
a reader until recently, it's tough.
There's also another book, S*PAM _KiNgS: The Real Story Behind the
High-Rolling Hucksters, Pushing Porn, Pills, and @*#?% Enlargements.
This has been a much easier read than the other titles. I've been able
to read half of it within the last week, which is pretty good given the
amount of time I've devoted to it.
So, in summary, here are the following books I hope to finish and post a
review of:
- S*PAM _KiNgS
- Black Ice
- Body of Secrets (will take me a while to finish)
Then the programming books I plan on starting once I go back to school
(not even course books).... I need to learn scripting, and thought
reading sed & awk would be a good start before Learning Perl. I'm
not sure if I should read Mastering Regular Expressions in between,
it's probably overkill reading sed & awk. What are your opinions?
Posted by Marcin on Saturday, August 26, 2006 in
Books and
Links.
Here's a cool article
[engadget],
from the lockpicking event at DEFCON14 in Las Vegas. The author goes
into some detail as to what the components of a lock are and how they
work together. Also described is the history of "bumping" locks (as the
11 year-old girl in the photo could do) and the insecurity of ping
tumbler locks.
The key pictured is from a Kwikset lock, a popular lock I've noticed in
different residences in Arizona.. o_O . A friend and I were able to
pick his apartment lock in a matter of seconds using a street-sweeper
bristle we found!
Posted by Marcin on Friday, August 25, 2006 in
Security.
No... not the International Space Station (for you Slashdotters...)
ARMONK, NY & ATLANTA - 23 Aug 2006: IBM (NYSE: IBM) and Internet
Security Systems, Inc. (NASDAQ: ISSX) today announced the two companies
have entered into a definitive agreement for IBM to acquire Internet
Security Systems, Inc., a publicly held company based in Atlanta, Ga.,
in an all-cash transaction at a price of approximately $1.3 billion, or
$28 per share... [read
more]
I don't think IBM is making out good with this deal, ISS has been
dissapointing as of late. First, they take their IDS/IPS products and
roll them up into a single appliance (the Proventia). Thus discontinuing
support (by the phasing out) for your third party hardware running the
Network and Server Sensor products. And we all know the Michael Lynn
story and how ISS is supposedly leading edge in security research, by
hanging their employee out to dry to the likes of Cisco PR and lawyers.
It made them look like idiots, and I'm sure there's many customers out
there who are left with a bad taste after that whole ordeal.
We'll see what investors think tomorrow when the market opens. Because
in the end, that's the only thing that matters :rolleyes:
Posted by Marcin on Thursday, August 24, 2006 in
Links,
News and
Security.
`Silence on the Wire: A Field Guide to Passive Reconnaissance and
Indirect Attacks <http://lcamtuf.coredump.cx/silence.shtml>`_ By
Michał Zalewski
I am a student studying information security and I've read many books
lately on the subject. Silence on the Wire is truly a unique book, and a
nice change from the conventional reading material. Michał is a known
expert in his field, and you can find many of his works and research in
a simple search. His book focuses on the basic, yet most overlooked
computer and network designs that can be attacked. In Silence on the
Wire, Michał takes us on a long, treacherous journey of a packet, from
when the data is first entered to its final destination. Along the way,
we look at flaws in the design of computers and networks and how they
are eventually exploited.
I held off reading this book all summer, after trying to read through
the second chapter and finally getting frustrated with it. Chapter two
is the book's downfall, as it spends entirely too much time getting to
"the point" (as Richard Bejtlich puts it). Michał's explanations
here were too confusing and will lose almost any reader. I think the
section on the Turing Machine can be skipped over, unless you slow down
and take notes and draw yourself diagrams of the information. Only then,
will you probably understand what it's getting at. I'm happy to say
though, reading the rest of the book was fairly easy; anybody with a
background in network computing and security will be able to follow
along.
Silence on the Wire is a fascinating read and I definitely recommend it
to anybody who is interested or responsible for information security.
Michał hopes his book will give you a new perspective on security and
explore the relationships and interactions between components. I am glad
I got to read this book and hope one day to contribute my own research
to the topic.
Posted by Marcin on Wednesday, August 23, 2006 in
Books and
Security.
I decided to create a page dedicated to what I'm thinking about and the
projects I'm currently working on. The page is still being worked on, so
the default images are going to go and be more customized to my liking.
So, if you want to see what I've been up too, check back every so often.
Posted by Marcin on Wednesday, August 23, 2006 in
News.
