Phishing Exposed [Download: PDF] [Digital]

Lance James (Author)

Product Details

Do you have the free reader for this item?

• Format: Adobe Reader (PDF)
• Printable: Yes. This title is printable
• Mac OS Compatible: OS 9.x or later
• Windows Compatible: Yes
• Handheld Compatible: Yes. Adobe Reader is available for PalmOS, Pocket PC, and Symbian OS.
• Digital: 450 pages
• Publisher: Syngress (January 6, 2006)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #5,645,246 Paid in Books (See Top 100 Paid in Books)
  • #73 in Books > e-Docs > By Publisher > Syngress
  • #86 in Books > e-Docs > Subjects > Computers & Internet > Security
• Required Free Software: Adobe Reader

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars Expands the boundaries of client-side hacking, March 10, 2006

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.

The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.

Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.

My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.

Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.

6 of 8 people found the following review helpful:

5.0 out of 5 stars The Authoritive Guide On Phishing In 2005 & Into 2006., November 21, 2005

By 

N. Kapitanski (NYC) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

This is a great book! The author really knows what he's talking about and the ideas he presents give a great indication as to where phishing is going in the future. The exploits detailed in the book are technical, educating and even down right genius, such as the Yahoo Cross Site Scripting attack. The author does a good job of explaining things to non technical people, before getting in depth and extremely technical.

The book does a great job of covering a wide range of topics related to phishing so the reader understands the phishing process as a whole. Even Caller ID spoofing and anonymous telephony is included in Chapter 6, which is an interesting read that gives you some ideas where phishing of the future may be headed. Also, some of the little stories in Chapter 7 are really interesting and left me wanting more!! The bit about scanning a whole Korean Class B subnet range looking for 0day phishing servers, is one example!

I read "Phishing: Cutting the Identity Theft Line" over the summer, and I think that "Phishing Exposed" gives the reader a better understanding of the current phishing problem and what needs to be done in the future to protect both consumers and businesses. I would say this book is the authoritive guide on phishing in 2005 and into 2006.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Not just a technical reference: A great read, July 16, 2006

By 

Tod Beardsley "Security Dork" (Austin, TX USA) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

If you're on your way to a security conference this summer, and you'd like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.

The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It's not common that someone as deeply involved in the technologies of network security are also talented writers.

As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It's this mix of CSI-meets-ITSec that makes the book an honest page-turner.

Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.