Showing posts with label pre-review. Show all posts
Showing posts with label pre-review. Show all posts

Sunday, October 07, 2007

One Review and One Prereview

Amazon.com just published my five star review of Security Data Visualization by Greg Conti. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

Security Data Visualization (SDV) is a great book. It's perfect for readers familiar with security who are looking to add new weapons to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir defensive arsenals. Even offensive players will find something to like in SDV. The book is essentially an introduction to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field, but it is well-written, organized, and clear. I recommend all security analysts read SDV.

I give five star reviews to books that meet certain criteria. First, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book should change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way I look at a problem, or properly introduce me to thinking about a problem for which I have little or no frame of reference. Although I have been a security analyst for ten years, I have little visualization experience. Author Greg Conti spent just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right amount of time explaining cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field, describing key terms (preattentive processing, occlusion, brushing) and displays (star plots, small multiples, TreeMaps). I loved cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author's mention of Ben Shneiderman's visualization mantra: "overview first, zoom and filter, details on demand" (p 14).


I'd like to mention anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r great No Starch book called Linux Firewalls by my friend Mike Rash. Mike was kind enough to ask me to write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foreword. If you look at my quote on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 front cover (click on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 image) you might think "Wow, Bejtlich is creative." Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 context for that quote, from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foreword:

I'd like to conclude cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se thoughts by speaking as a book reviewer and author. Between 2000 and mid-2007 I've read and reviewed nearly 250 technical books. I've also written several books, so I believe I can recognize a great book when I see it. "Linux Firewalls" is a great book. As a FreeBSD user, "Linux Firewalls" is good enough to make me consider using Linux in certain circumstances!

No Starch has several more great books on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, including Absolute FreeBSD, 2nd Ed (on FreeBSD 7.x) and several ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs.

Saturday, September 29, 2007

Three Prereviews

I am fairly excited by several new books which arrived at my door last week. The first is Security Data Visualization by Greg Conti. I was pleased to see a book on visualization, but also a book in visualization in color! I expect to learn quite a bit from this book and hope to apply some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lessons to my own work. The next book is End-to-End Network Security: Defense-in-Depth by Omar Santos. This book seems like a Cisco-centric approach to defending a network, but I decided to take a look when I noticed sections on forensics, visibility, and telemetry. The author includes several diagrams which show how to get information from a variety of devices in a manner similar to NSM. I hope to be able to operationalize this information as well. The last new book is LAN Switch Security: What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen. This book looks really interesting. It is probably going to be my favorite of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se three. I don't spend much time in my classes talking about layer 2 defenses, so it is cool to see a modern book just about that topic. I believe most enterprises do little with layer 2 security, so perhaps this book can improve that situation.

Tuesday, July 17, 2007

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Review, Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Pre-Review

Amazon.com just posted my five star review of Network Warrior:

Network Warrior is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best network administration book I've ever read.

I spend most of my reading time on security books, but because I lean towards network security I like reading complementary sources on protocols and infrastructure.

Gary Donahue has written a wonderful book that I highly recommend for anyone who administers, supports, or interacts with networks. Network Warrior may be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best book I will read in 2007.



Yeah, I liked it that much. I devoured this book, staying up until 1 am or more several nights in a row.

I'm looking forward to reading Mark Kadrich's Endpoint Security. I think this book will directly affect how I approach some projects at work. I really hope it can help me better understand how to deal with endpoint security in 2007. It's taken me a while to get this book. For some reason it was published in "March 2007" but only available recently.

I'd like to briefly mention a new book that's great, but which I won't read and review: Exploiting Online Games: Cheating Massively Distributed Systems by Greg Hoglund and Gary McGraw. I reviewed drafts of this book and I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 underlying message behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code is extremely important. To understand why, please read this post by Brian Chess. He makes a much better case than I could. Because I am so time-crunched, and I really do not care about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details of exploiting WoW, I am not going to review Exploiting Online Games. I will have a couple copies to share at Black Hat for students or teaching assistants who make my life easier in class!

Saturday, July 07, 2007

Yet Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Review and Pre-Review

Yes, I am on a roll. I admit to not reading every page of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book I just reviewed, however. I am not going to spend time learning about bare-metal HP-UX or AIX recoveries if I have no expertise in eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r subject (to check for mistakes) or desire to learn (because I do not admin eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r OS). Shortly Amazon.com will publish my four star review of Backup and Recovery by W. Curtis Preston. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

W. Curtis Preston is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 king of backups, and his book Backup and Recovery (BAR) is easily cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best book available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject. Preston makes many good decisions in this book, covering open source projects and considerations for commercial solutions. Tool discussions are accompanied by sound advice and plenty of short war stories. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few concerns I have in his next edition, that should be a five star book.

I also received anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mail today, Secure Programming with Static Analysis by Brian Chess and Jacob West. I reviewed drafts of this book and was confident enough of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content to acknowledge involvement. This is part of Gary McGraw's Software Security Series at Addison-Wesley. I liked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last book in that line, Software Security.

Thursday, July 05, 2007

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Review, Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Pre-Review

Amazon.com just published my five star review of Windows Forensic Analysis by Harlan Carvey. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I loved Windows Forensic Analysis (WFA). It's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first five star book from Syngress I've read since early 2006. WFA delivered just what I hoped to read in a book of its size and intended audience, and my expectations were high. If your job requires investigating compromised Windows hosts, you must read WFA.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mail today I received a copy of Fuzzing by ninjas Michael Sutton, Adam Greene, and Pedram Amini. H.D. Moore even wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foreword, for Pete's sake. However, I have some concerns about this book. I performed a technical review, mainly from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perspective of someone who wants to know more about how to do fuzzing. The drafts I read seemed to be more about how to build a fuzzer. Those of you who are jumping to hit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 comment button -- I don't want to hear about "you learn how to fuzz by building a tool." Give me a chance to learn how to walk before I try to invent a new method of transportation! We'll see how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book reads in printed form when I review it.

Wednesday, July 04, 2007

One Review, One Pre-Review

Amazon.com just published my four-star review of Exploiting Software. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I read Exploiting Software (ES) last year but realized I hadn't reviewed it yet. Having read ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se authors, like McGraw's Software Security and Hoglund's Rootkits, I realized ES was not as good as those newer books. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time ES was published (2004) it continued to define cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software exploitation genre begun in Building Secure Software. However, I don't think it's necessary to pay close attention to ES when newer books by McGraw and Hoglund are now available.

I'm looking forward to reading Network Warrior by Gary A. Donahue. This book has cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second-best subtitle of all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technical books on my shelves:

Everything you need to know that wasn't on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CCNA exam

I quickly skimmed this book at USENIX and I think it will be valuable. I like books that take nontraditional look at networking issues.

If you're wondering what my favorite subtitle is, it appears in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nearly ten-year-old book The Next World War by James Adams, original founder of iDefense. The book makes silly mistakes (discussing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Iraqi printer virus") but it was cool to see it talk about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AFCERT and name one of our lieutenants (who was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re before I arrived). It was published in 1998 (not 2001 as indicated at Amazon.com) with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subtitle:

Computers are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Weapons and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Front Line Is Everywhere

That is still true today.

Wednesday, June 13, 2007

Two Pre-Reviews

I'd like to mention two books that publishers were kind enough to send me recently. I plan to read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se during upcoming flights or as part of my new, structured reading regimen that will accompany my plans for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second half of 2007. The first book is Windows Forensic Analysis Including DVD Toolkit by Harlan Carvey. I expect to learn a lot about Windows forensics reading this book. I do not perform host-based forensics regularly so I think Harlan's experience will be appreciated. The second book is Practical Packet Analysis by Chris Sanders. I'm reading this book for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same reason I read Computer Networking by Jeanna Matcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ws -- I want to see if it is a good book for beginners. The content of Chris' book seems very simple, but it might be just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right book for people starting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir network traffic inspection careers. Incidentally, if you like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 approach of using Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real/Wireshark to look at traffic that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author explains, you should look at Jeanna's 2005 book.

Saturday, April 21, 2007

Two Pre-reviews

I'm going to spend more time hanging in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sky over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 coming weeks, so I plan to read and review many books. Publishers were kind enough to send two which I look forward to reading. The first is Designing BSD Rootkits by Joseph Kong. I mentioned this book last year. Publisher No Starch quotes me as saying

"If you understand C and want to learn how to manipulate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD kernel, Designing BSD Rootkits is for you. Peer into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 depths of a powerful operating system and bend it to your will!" The second book I plan to read is
IT Auditing: Using Controls to Protect Information Assets
by Chris Davis, Mike Schiller, and Kevin Wheeler. Contrary to what you might think, I am not instinctively at odds with auditors. In fact, I believe working with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m is more productive than working against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. I hope this book, published by McGraw-Hill/Osborne, helps me understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir world.

Monday, April 09, 2007

Three Pre-Reviews

I'd like to thank several publishers for sending me new books from my Amazon.com Wish List to read and review. The first is Hacking Exposed: Wireless by Johnny Cache and Vincent Liu, published by McGraw-Hill/Osborne. I love cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 green -- talk about a departure from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old red covers. If you want to sound 31337 you should make fun of any Hacking Exposed book, but I don't care. The great majority of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se titles follow a format which I think suits 90% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security community.

  1. Introduce a technology or service with which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader may or may not be familiar.

  2. Discuss ways to attack said technology or service.

  3. Provide countermeasures for attacks.


Many books ignore step 1, focus on step 2, and breeze over step 3. A good HE book covers all three phases.< The second book is Backup and Recovery by W. Curtis Preston, published by O'Reilly. This book is more of a reference for me than a read cover-to-cover, so I'm not sure if I will review it. (I strongly tend to review only that which I read throroughly.) The book covers so many useful aspects of backup, however, that I'll probably read a good deal of it. The third book is Building a Monitoring Infrastructure with Nagios, by David Josephsen, published by PHPTR. I've already read and reviewed two ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books on Nagios, so I'm wondering what this much shorter book has to say. I don't have a Nagios installation running anywhere, so if I can find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time maybe I'll use this new book as an excuse to finally deploy Nagios. This newest version discussed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is 2.5, but Nagios 3 alpha code became available last month. I'll probably try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new version.

Friday, December 29, 2006

Prereview: Inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Machine

Thank you to Patricia at No Starch for sending me two copies of Jon Stokes' Inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Machine. I was drawn to this book by an Amazon.com review which said this:

This book is an introduction to computers that fills cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 gap between classic and challenging books like Hennesy and Patterson's, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 large number of "How Your Computer Works" books that are too basic for engineers.

I like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book covers a variety of microprocessor types. Comparison is a great teaching method. I didn't know who Jon Stokes was, but you can follow that link to read about his motivation for writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I plan to read and review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new book next month.

Saturday, December 16, 2006

Two Prereviews

Two publishers were kind enough to send new books last week. I plan to read and review both early next year. The first is McGraw-Hill/Osborne's Hacking Exposed: VoIP by David Endler and Mark Collier. The best Hacking Exposed books introduce a new technology, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n demonstrate ways to break it that a reader can duplicate. I like seeing new HE books on specific issues, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than having everything rolled into a single book. The second is Syngress' Wireshark & Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Network Protocol Analyzer Toolkit by Angela Orebaugh and friends. This looks like an updated edition of 2004's Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Packet Sniffing, which I really liked. Jose Nazario's review gave it four stars, partly due to editing problems. I plan to read this book and let you know what I think.

Saturday, December 02, 2006

Two Prereviews

Two publishers were kind enough to send new books last week. I plan to read and review both early next year. The first is Apress' Beginning C, 4th Ed by Ivor Horton. What, learn C? I don't expect or plan to become any C wizard by reading this and a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, I'd like to be able to understand code I come across, or perhaps make small modifications to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise useful programs. Any original programming I plan for 2007, I expect to use Python. Second is Syngress' FISMA Certification & Accreditation Handbook by Laura Taylor. Talk about moving from something useful (C) to something not (FISMA). Still, this seems like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only book on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject, and FISMA is always a big discussion item at my local beltway bandit ISSA meetings. I hope this book will let me better understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FISMA racket and why it's a waste of money. Of course, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book will not use those terms, but I will report what I find when I review it early next year.

Friday, November 24, 2006

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Prereview

Recently I posted thoughts on a few security books on my shelf. Today I received an absolutely gigantic new book called The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities by Mark Dowd, John McDonald, and Justin Schuh. This is a 1200-page book on discovering vulnerabilities in all sorts of software. I plan to read it along with similar books over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next month or so.

Books on how to break software in order to make it better seem to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hottest titles on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market. This is exactly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of book I would expect most vendors to dislike, although titles like Hunting Security Bugs, published by shows some vendors realize that if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don't test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir software first, some attacker in Bucharest will do it for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

Wednesday, November 22, 2006

Pre-reviews and Comments

Several publishers have sent me new books recently, and I have one comment to make about an older book. I'll start with books that look good, but which I don't plan to read. The first is Linux Administration Handbook, 2nd Ed by Evi Nemeth, Garth Snyder, Trent R. Hein. There's no doubt this is a great general-purpose system administration book for Linux. I gave cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3rd edition of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Unix version three stars almost five years ago (and I'm hoping this 4th edition comes to fruition).

The Linux book describes Red Hat Enterprise, Fedora Core, SuSE, Debian, and Ubuntu. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book covered Slackware and Gentoo instead of SuSE, I think it would have been perfect. I'm guessing RHEL is close enough to Fedora, and Debian to Ubuntu, to allow extra coverage of more diverging distros like Slackware and Gentoo? I plan to use this book as a reference, but I don't plan to read and review it. I suggest you buy it if you're looking for a comprehensive Linux reference that doesn't waste time with installation screenshots or descriptions of how to use KDE and Gnome. Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book I like but which I don't plan to read is Network Security Tools by Nitesh Dhanjani and Justin Clarke. This is an older book (April 2005), but I only recently rediscovered it. This book reminds me of
Building Open Source Network Security Tools
by Mike Schiffman, which I liked. NST describes how to write Nessus and Nikto plug-ins, dissectors and plug-ins for Ettercap, and how to extend Hydra and Nmap. There's a chapter on Metasploit, but it is somewhat overtaken by events because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3.x framework uses Ruby instead of Perl. NST also explains how to extend PMD, how to build your own Web, SQL, and exploit scanner, and how to write tools with Libpcap (0.8.3) and Libnet (1.1.2.1).

NST is a great book, but it requires a good knowledge of C and a desire to work with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se tools in a development capability. I don't possess cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requisite coding skills, but I may turn to this book in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future if I want to learn more about extending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se tools. Next is Network Security Hacks, 2nd Ed by Andrew Lockhart. I liked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed which I read and reviewed in June 2004. Since I see my review of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Amazon.com page for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd Ed, I won't be able to submit a review for this book. The 2nd Ed looks about 50% longer than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed.

I was also pleased to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discussion of Sguil had been updated for Sguil 0.6.1. However, Sguil's integration of SANCP for session data collection was ignored. After being a Sguil advocate for almost four years, writing books and articles (some of which are freely available), I am puzzled that some people who choose to write about Sguil still don't grasp cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 significance of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data we collect. This recent Daily Dave thread was depressing. People really collect full content data in production on busy networks? Shocking! The first book in this post that I plan to read and review is The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. This book is less than 300 pages but it looks very interesting. I plan to review it with a set of books on finding bugs and vulnerabilities. It's encouraging to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sorts of titles appearing, written for software developers and not for hacker wanna-bees. The next book is WarDriving and Wireless Penetration Testing by Chris Hurley and friends. This is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r team-written book, which tend to scare me when published by Syngress. I wasn't too impressed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 earlier WarDriving book (reviewed here), but I plan to give this new one a try. I'm really looking forward to Wi-Foo II next year. The last book is Network Security Assessment by Steve Manzuik and friends. This is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "team book," but it looks good. I'm surprised anyone is talking about vulnerability management cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days. That's so 2002! (Please recognize I'm joking.)

Remember, you can see books that I'm waiting to acquire by checking my Amazon.com Wish List. If you're a publisher, please keep in mind I restrict my reading to books on that list. Under extraordinary circumstances I might read something else, but I generally focus on books that address a specific interest. Thank you.

Sunday, October 22, 2006

Pre-Review of Four Books

Several publishers were kind enough to send me review copies of four new books. The first, which I requested, is Cisco Press' Storage Networking Protocol Fundamentals by James Long. I requested a copy of this book while starting to read a book on securing storage area networks and network attached storage. Basically, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book I was reading is a disaster. I decided this new Cisco Press book looked promising, so I plan to read it first and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n turn to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security-specific SAN/NAS book. I'll review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two as a set later. Next is Syngress' Hack cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Stack: Using Snort and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real to Master cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 8 Layers of An Insecure Network by Michael Gregg and friends. This book was interesting to me because I am already teaching TCP/IP Weapons School (TWS), which teachers TCP/IP by examining security-related traffic at various OSI model layers. A quick look at this book makes it seem worth reading, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is definitely room for a future book based on TWS.

Remember I am teaching days one and two of TWS through USENIX LISA and days three and four independently at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same hotel, after USENIX LISA. See cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom of this post for more details. I am not sure if I will read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next two books. Prentice Hall shipped me Security in Computing, 4th Ed By Charles P. Pfleeger and Shari Lawrence Pfleeger. I've never read anything by eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r author. This book looks like a university text, so I may read it in tandem with Matt Bishop's Computer Security: Art and Science in preparation for academic study. The last book is Addison Wesley's Telecommunications Essentials, 2nd Ed by Lillian Goleniewski. I read and reviewed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first edition, which I liked as a thorough review of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 telecom space. This makes me hesitant to devote reading time to this second edition. Amazon.com might let me review it (unlike some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r later edition books) because I do not see my old review (or any reviews) listed with this new edition.

Right now I am in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 middle of a massive reading push. I have several "free" hours each night between baby feedings, so I am working my way through a pile of books on software security. I haven't read a lot in this area, because I am not a professional programmer. About two years ago I did read, review, and enjoy Building Secure Software by Gary McGraw and John Viega. Thus far, Gary's latest book (Software Security: Building Security In) is my favorite, particularly for its proper use of terms like "threat" and its criticism of those who abuse it (e.g., Microsoft). I'll have far more to say this in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reviews of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se books, probably next week.

Tuesday, October 10, 2006

Pre-Review: Programming Python, 3rd Ed

I'd like to thank cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fine folks at O'Reilly for sending me a review copy of Programming Python, 3rd Ed. I've added this book to my ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r set of programming books waiting to be read. I'll probably start with several tiles from Apress, namely Beginning Python, Dive Into Python, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n end cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Apress titles with Foundations of Python Network Programming, since network programming is my main interest.

I'll use O'Reilly's Programming Python, 3rd Ed and Python Cookbook, 2nd Ed as references. Two years ago I tried reading Learning Python, 2nd Ed but found it not that helpful as an introduction -- hence my interest in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Apress titles.

Thursday, September 28, 2006

Preview: Hunting Security Bugs

Yesterday I received a copy of Hunting Security Bugs. One of this book's authors is Tom Gallagher, who posted thoughts on Microsoft's security initiatives.

This looks like a great book, especially as a companion to The Security Development Lifecycle, also by Microsoft authors.

A third book, The Practical Guide to Defect Prevention, arrives in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spring. This may be too developer-oriented for my needs, but I might take a look at it.

I am glad to see Microsoft sharing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 knowledge it has gained through its ongoing security program.

You can look at my Amazon.com Wish List to track books I plan to read, but don't have copies. My reading page shows books I own that I plan to read. The reading page also links to my recommended books lists.

Sunday, August 20, 2006

Preview: The Security Development Lifecycle

Michael Howard and Steve Lipner were kind enough to send me a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir new book The Security Development Lifecycle. Michael's blog summarizes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I was surprised to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book's CD includes a six-part security class video. That's a first for me, at least.

I'm also looking forward to anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Microsoft security book called Hunting Security Bugs. Michael Howard has anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security book through Osborne called Designing Security Software arriving in February. Good work Michael -- push that publication date far enough away for me to catch up on my ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r reading.

On a related note, does anyone recall learning about this?

I saw it at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Microsoft Security Development Center. Microsoft India hosted a Security Shootout last March. Varun Sharma won. It's interesting to see such a promotion, and I wonder if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US will host something similar.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future, I recommend changing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logo. Vulnerabilities in code are not "security threats" -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are vulnerabilities. I think Microsoft is so hung with up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir definition of threat modeling that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y think problems in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir code are threats, not vulnerabilities. (Cue comments that "vulnerabilities are threats," which I will promptly ignore.)

Monday, August 07, 2006

New Book Arrivals

Several books arrived at my door last week. I have time to add two to my reading list, after which I will read and review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. The ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs I will skim and not review, since I don't review books I don't at least try to read fully.

The first of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two books to make my short list is Syngress' Combating Spyware in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enterprise. This book does not appear to have a lead author, but it has a technical editor and seven contributors. Sometimes this is a recipe for disaster. However, I want to read this book because it is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spyware topic from one of my mainstream publishers. I also liked Syngress' related books Inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Spam Cartel, Phishing Exposed, and Software Piracy.

The second book I plan to read is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Syngress book that I did not expect: How to Cheat at Securing a Wireless Network. This is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Syngress format, with one lead author (Chris Hurley) and a ton of contributing authors. I gave Chris Hurley's previous book WarDriving three stars, but I hope this one is better.

I don't plan to read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following, but I may skim cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for useful information. You can expect me to not sell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se on eBay (as I'm sure some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r review copy recipients do!) but I will probably give cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m away at NoVA Sec or ShmooCon gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rings.

Staying with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "cheating" line we come to How to Cheat at Managing Information Security. I don't plan to read this book because it seems to repeat a lot of information I already know. If this book concentrated on management issues, I would probably read it. Instead, I see short discussions of technical material across a wide range of issues. The book is probably aimed for managers who need to know some security, not security people who need to know some management. If you prefer books written by one author, though, this book is for you -- Mark Osborne wrote it.

Incidentally, I'm not a big fan of a "How to Cheat" cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365me, since I graduated from a military academy with an Honor Code. Staying with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 management cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365me we come to Syngress' Syngress IT Security Project Management Handbook. This book is similar to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous one, since Susan Snedaker wrote it, with Russ Rogers as technical editor. I'm not sure how much of this book I can skip and still feel comfortable about reviewing it. While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is more management than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous book, I still see plenty of "tech overview" chapters. We'll see.

The last book is Cisco Press' Advanced Host Intrusion Prevention with CSA. I don't use Cisco host-based products. This book looks like a good manual for Cisco Security Agent, but I don't need to read one.

By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, while searching I found this upcoming book: Designing BSD Rootkits by Jospeh Kong. I found this related Phrack article by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same person. I can't wait to read this book. Since that link just went did, here is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.

Saturday, July 15, 2006

Three Pre-Reviews

Three generous publishers sent me three books to review this week. The first is Apress' Pro Nagios 2.0 by James Turnbull. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second book on Nagios on my reading list. I plan to deploy Nagios on my test network to gain a better understanding of how it works. I will use both books and compare and contrast cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m once I've finished each.

The second book is O'Reilly's IPv6 Essentials, 2nd Ed by Silvia Hagen. I did not read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first edition, because by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time I gained interest in IPv6 newer books were published. For example, I really liked Apress' Running IPv6 and O'Reilly's IPv6 Network Administration. I plan to deploy an IPv6 testbed soon, so I will use this new book to help that project. I'll compare cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new book to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two older texts.

I'm hesitant to mention this last book, because I don't plan to read it. (I only review books that I read.) I don't plan to read Syngress' Dictionary of Information Security by Robert Slade. If you peruse reviews of this author's ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books at Amazon.com, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are uniformly bad. I am surprised that Mr. Slade managed to get luminaries like Fred Cohen, Peter Neumann, and Gene Spafford to contribute forewords to this book.

If someone is going to write a "dictionary," cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should take it seriously. This comment on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 back of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book encouraged me not to read it: "Don't be fooled by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 refreshing lack of pomposity and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 occasional jokey entry." A "jokey entry" in a book by someone who claims to be "facilitating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ISC(2) CBK review seminar"?

I'll also save you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trouble of seeing if I have some sort of personal problem with Mr. Slade by pointing you to his negative review of Real Digital Forensics, a book I co-authored, along with two of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world's best forensics experts. (These are people who have testified in court.) I think he hammered RDF because I refused to review his "forensics" book Software Forensics. I think this comment by reviewer Eric Kent says it best: Software Forensics "is a book by a person who clearly has no real world experience in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of digital forensic investigations." Ouch.