Zero-Day Exploit:: Countdown to Darkness (Cyber-Fiction) [Paperback]

Rob Shein (Author), David Litchfield (Author), Marcus Sachs (Author)

Book Description

ISBN-10: 1931836094 | ISBN-13: 978-1931836098 | Publication Date: August 4, 2004 | Edition: 1

The realistic portrayals of researching, developing, and ultimately defending the Internet from a malicious "Zero-Day" attack will appeal to every corner of the IT community. Although finctional, the numerous accounts of real events and references to real people will ring true with every member of the security community. This book will also satisfy those not on the "inside" of this community, who are fascinated by the real tactics and motives of criminal, malicous hackers and those who defent the Internet from them.

* The realistic portrayals of researching, developing, and ultimately defending the Internet from a malicious "Zero-Day" attack will appeal to every corner of the IT community.

* This book will entertain, educate, and enlighten the security and IT community about the world of elite security professionals who safeguard the Internet from the most dangerous cyber criminals and terrorists.

* Although finctional, the numerous accounts of real events and references to real people will ring true with every member of the security community.

Editorial Reviews

About the Author

Rob Shein, also known as Rogue Shoten, works as an independent consultant in the Washington, DC area. His experience includes doing hard time at Network Solutions, followed by VeriSign, where he was a member of the FIRE Team, providing incident response and penetration testing services to Fortune 100 clients. He also served on a red team at Titan, during which time he did work he's not supposed to even talk about to himself. He has presented at several conferences, including Def Con and e-Gov, and is currently working on a book covering home computer security for non-technical users. His greatest love is resolving significant problems under intense pressure, which explains his affinity for incident response.

Marcus H. Sachs is the Director of the SANS Internet Storm Center and is a cyberspace security researcher, writer, and instructor for the SANS Institute. He previously served in the White House Office of Cyberspace Security and was a staff member of the President's Critical Infrastructure Protection Board. While a member of the White House staff, Mr. Sachs coordinated efforts to protect and secure the nation's telecommunication and Internet infrastructures, leveraging expertise from United States government agencies, the domestic private sector, and the international community. He also contributed to the National Strategy to Secure Cyberspace, upon his joining of the National Cyber Security Division of the US Department of Homeland Security. While working for DHS, he developed the initial concept and strategy for the creation of the United States Computer Emergency Response Team. Marcus retired from the United States Army in 2001 after serving over 20 years as a Corps of Engineers officer. He specialized during the later half of his career in computer network operations, systems automation, and information technology.

David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognized by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software companies (the majority in Microsoft, Oracle). David is also the original author for the entire suite of security assessment tools available from NGSSoftware. This includes the flagship vulnerability scanner Typhon III, the range of database auditing tools NGSSquirrel for SQL Server, NGSSquirrel for Oracle, OraScan and Domino Scan II.

Product Details

• Paperback: 412 pages
• Publisher: Syngress; 1 edition (August 4, 2004)
• Language: English
• ISBN-10: 1931836094
• ISBN-13: 978-1931836098
• Product Dimensions: 9.1 x 7 x 1 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #1,912,637 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

10 of 12 people found the following review helpful:

5.0 out of 5 stars Right On... A good cyber-novel that highlights security..., August 15, 2004

By 

Thomas Duff "Duffbert" (Portland, OR United States) - See all my reviews
(VINE VOICE)    (TOP 500 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Zero-Day Exploit:: Countdown to Darkness (Cyber-Fiction) (Paperback)

I'm seeing more security books come out in the style of cyber-novel. The latest one is called Zero-Day Exploit - Countdown To Darkness by Rob Shein. While not on par with Tom Clancy material, it does quite well and should appeal to the cyber-geek in all of us.

In the novel, two security programmers (both geeky but pretty normal) are hired to do a security audit on a new VPN product to be used by the Department of Justice. They quickly find two exploitable bugs (denial of service and buffer overflow) and report the situation. But as often happens in real-life, politics and CYA cause the findings to be minimized and the software is installed anyway with a promise to fix the software later. Of course, it doesn't get done. Meanwhile, Islamic idealists enlist the help of two hackers in the Phillipeans to scan networks looking for this VPN package as well as some industrial software so that a cyber-attack can be launched against the US. The original security audit team (this is years later) notices the increase in port scans for the VPN package and try to alert the DoJ. But until the attack actually occurs, no one will listen. Once all hell breaks loose, its them against the hackers.

This is more of a novel and less of a security primer than books like Steal The Box. The author does go into detail on the technology, but not to the point of putting pages and pages of screen prints in the book. It's all part of the story dialog and action. The second member of the team ("MadFast") starts just about each sentence with "Right on", so don't expect outstanding dialogue. But then again, this would be closer to reality if you were listening and watching real computer geeks/hackers. A reader experienced in security will be entertained (but won't learn much), but others less tied into computer security may have their eyes opened as to dangers that are very real.

While not perfect, I still liked it a lot. Definitely worth a read...

4 of 4 people found the following review helpful:

1.0 out of 5 stars Poorly written and overpriced, September 11, 2004

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Zero-Day Exploit:: Countdown to Darkness (Cyber-Fiction) (Paperback)

A polemical diatribe that simply tries too hard. Considered purely as a novel, possibly in the thriller genre, it is poorly done. The characterisation is pathetic. Just cardboard. The dialog is utterly repetitive. The two secondary heroes are just sounding boards to the main character. Sherlock Holmes' Watson was hollow, but still light years ahead of these secondary characters.

Then there is the plot itself. All too reminiscent of the Y2K scare. Remember that? Planes falling out of the sky. Pacemakers freezing up. Utility companies' generators stopping. Just like Ed Yourdon and others peddled Y2K in the late 90s, this book has the same feel. Hysteria combined with an opportunistic grab at the topical problem of terrorism.

Purely as a $8 paperback novel, it is lacking. But as a $35 book?? Strewth.

3 of 3 people found the following review helpful:

4.0 out of 5 stars Not Totally "Right On", But Good, August 21, 2005

By 

Christopher Byrne "The Business Controls Caddy" (Atlanta, GA USA) - See all my reviews
(REAL NAME)   

This review is from: Zero-Day Exploit:: Countdown to Darkness (Cyber-Fiction) (Paperback)

Defending against external Internet threats and attacks is a daunting task at best. When coupled with internal politics and Byzantine contracting rules, you may as well put a "kick me" sign on your back. Before the days we became dependent on computers and networking for everyday tasks, the risks were not as great. When terrorism is added to the formula, there has to be a recognition that the days of finger-pointing and excuses are no longer acceptable. In Zero-Day Exploit: Countdown to Darkness (339 Pages, Syngress Press, 2004, ISBN 1931836094), Rob Shein, David Litchfield, and Marcus Sachs present an account of one possible attack scenario.

Like most fiction, you will have to ask yourself if the scenario in the book is possible at all. But the answer you give yourself may not be adequate. After all, who else except for the Able Danger team thought 9/11 was a real possibility?

What makes this book different from others that I have read, the authors bring a real world perspective of Washington, DC politics and the challenges brought by the divide between employees and federal contractors, as well as what happens when people put their own career self-preservation above doing the right thing. Think this is not possible in today's environment? Think again. Having spent 12 years as a federal acquisition professional, I saw it every day, and I know what happens to people who buck the system.

The book does get bogged down early with its detailed narrative of a DefCon convention, and I am not sure that it adds much to the book. The authors do manage to put useful information within this section, but the overall section was so dry I almost closed the book a few times. But then it picked up steam and I could not put it down until I finished it. Given my background, it was very interesting to see what I had experienced first hand (and still do as an IT consultant and auditor), knowing full well the damage those interactions alone can cause.

The technical information presented is good, but not so deep that a nontechnical reader will get lost or bored (except perhaps for the DefCon section). As the story unfolds, the authors do a very good job showing how the emotion of a situation can lead to blaming the wrong person (in this case the programmer of the faulty software) instead of the circumstances that lead to the faults outside of his control (See my review of Secure Coding - Principles and Practices for more on this topic).

The book is not cheap and may be a bit pricey for the content, but that does not mean it is not worth reading.

Who Should Read This Book?

IT Audit professionals, bureaucrats, and programmers/developers will all gain benefit from reading this book. It is not really a good read for other people because they may take the wrong message from it.

Scorecard

Par on Long Par 4