Monday, August 28, 2006

Non-Review: Practical VoIP Security

Here's a first for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TaoSecurity Blog. As mentioned in a pre-review, I planned to read Practical VoIP Security and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n write a Amazon.com review. I'd had a bad experience reading VoIP Security, so I hoped this new book would be better. Wrong.

My policy for writing Amazon.com reviews is that I read eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole book, or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vast majority of it. With Practical VoIP Security, I couldn't make it past cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first chapter. In fact, by page 4 -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third page of text -- I was frustrated. In three pages cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author (who was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lead author and technical editor) had mentioned terms like PBX, SS7, H.323, SIP, SNMP, VoIP, and SIGTRAN (which never appears again in this book!) without explaining any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. I am familiar with all except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last, but I should not have to rely on past knowledge when reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 introductory pages of a "practical" book. The first chapter, overall, is a rambling collection of ideas that do nothing to prepare cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader for what follows.

If you want more details, I found Rob Slade's review to be good.

On a note related to Intruders Selling Security Software, I found this interview with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lead author of Practical VoIP Security to be a sign of foolish boasting or outright deception:

CSOonline: What is your background, and why are you called a hacker?

-name omitted-: I’m a hacker in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more traditional sense. Old-school hackers want to learn how things work and try to take it apart or gain access out of curiosity. Getting into networks and systems is good or bad based on your vantage point. Most traditional hackers do it just to see if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y’re not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re to steal information or destroy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 integrity of a system.
(emphasis added)

I'm setting you up for material to follow. You might guess cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "vantage point" comment doesn't sit well with me. The interview continues.

Can you mention some of your notorious hacks?

Nothing that I’ve done has made public news, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are some things I’d racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r not mention. I did raise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interest of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Defense Department once, but I’ve never been involved in any criminal activity. At one point in my career, I was interested in finding proof of alien life, so I did access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network at China Lake, also known as Area 51 in Roswell, New Mexico.
(emphasis added)

Oh, you mean cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 super-secret Naval Air Weapons Station China Lake, home of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MAJIC Morale, Welfare and Recreation office? I think this hax0r was trying to find Groom Lake, and if that were cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case we wouldn't be hearing from him.

The interview continues:

How does a hacker disclose his or her credentials?

There are two kinds of hackers. Those who do it to impress cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir friends or become famous, and those that you don’t know about. The really good, and smart, hackers won’t tell you that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are hackers. Many of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m are also not very sociable--cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y keep what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 QT, and if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have real credentials or experience, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don’t say anything about it.
(emphasis added)

Now you see why I added emphasis to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first paragraph. Sigh. Why are people like this getting attention from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 media?

I guess I'm going to have to wait for Hacking Exposed: VoIP in December. For general books on VoIP, Switching to VoIP and VoIP Hacks by Ted Wallingford look good.

5 comments:

Anonymous said...

Wow, you're getting grumpy in your old age. I rarely see you tear apart someone's efforts like this, it's nice to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "dark side" once in a while.

This book does make one wonder... can anybody can just slap togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r some blog entries and get it published by Syngress.

Da Kahuna said...

My first duty station out of Class "A" school was at Naval Air Facility China Lake which was a tennat command of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Naval Weapons Center China Lake. Home of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sidewinder missile.

Funny thing is, back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n it was in California and not New Mexico.

Anonymous said...

Ah, good ole Dr. Tom and his "innocent" military hacks.

As an aside: Maybe, he could have shared his expertise with this fellow ET traveler http://news.bbc.co.uk/2/hi/technology/4715612.stm.

It would be interesting if someone was ever charged for breaking into one of Dr. Tom's networks. The defense could call him as an character witness considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 crime only depends on your point-of-view.

Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r to da kahuna's and Richard's comments: Area 51, aka Groom Lake, is in Nevada; not Roswell, New Mexico. http://en.wikipedia.org/wiki/Area_51

Nice to see that Dr. Tom's recall of simple facts is as sound as his reasoning. Pacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365tic.

Regards,
David

John Ward said...

Rich,

I have to agree with anonymous, you are getting grumpy. Until you write a book that.... oh wait you already have... never mind :)

Anonymous said...
This comment has been removed by a blog administrator.