Black Hat Physical Device Security: Exploiting Hardware and Software [Illustrated] (Hardcover)

~ Drew Miller (Author) "The role of security devices is to mitigate and monitor actions deemed inappropriate and/or illegal..." (more)
Key Phrases: authentication flag value, security services center, notification processor, Frequently Asked Questions, Solutions Fast Track, Ask the Author (more...)

Editorial Reviews

Product Description

Black Hat, Inc. is the premier, worldwide provider of security training, consulting, and conferences. In this book the Black Hat experts show readers the types of attacks that can be done to physical devices such as motion detectors, video monitoring and closed circuit systems, authentication systems, thumbprint and voice print devices, retina scans, and more.

The Black Hat Briefings held every year in Las Vegas, Washington DC, Amsterdam, and Singapore continually expose the greatest threats to cyber security and provide IT mind leaders with ground breaking defensive techniques. There are no books that show security and networking professionals how to protect physical security devices. This unique book provides step-by-step instructions for assessing the vulnerability of a security device such as a retina scanner, seeing how it might be compromised, and taking protective measures. The book covers the actual device as well as the software that runs it. By way of example, a thumbprint scanner that allows the thumbprint to remain on the glass from the last person could be bypassed by pressing a "gummy bear" piece of candy against the glass so that the scan works against the last thumbprint that was used on the device. This is a simple example of an attack against a physical authentication system.

* First book by world-renowned Black Hat, Inc. security consultants and trainers
* First book that details methods for attacking and defending physical security devices
* Black Hat, Inc. is the premier, worldwide provider of security training, consulting, and conferences

Product Details

• Hardcover: 448 pages
• Publisher: Syngress; 1 edition (October 29, 2004)
• Language: English
• ISBN-10: 193226681X
• ISBN-13: 978-1932266818
• Product Dimensions: 9.1 x 7 x 1.1 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon.com Sales Rank: #699,406 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #33 in	Books > Computers & Internet > Hardware > Mainframes & Minicomputers
  #100 in	Books > Computers & Internet > Hardware > Internet & Networking

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

1.0 out of 5 stars Poor writing, assertions without any logic, rambling text, January 1, 2007

By	jose_monkey_org "jose_monkey_org" (ann arbor, mi, USA) - See all my reviews

As an author, I understand the difficulty of writing a good book and the sting of a poor review. I'm reluctant to do so, but here I feel I have no choice. This book is simply very poorly done.

I don't know quite what the author was hoping to achieve, but I think it's somewhere along the lines of the philosophy behind security. Drew fails to deliver, instead we get rambling text, bad anecdotes, poor writing, and no focus. When we finally do get to some technical material, it's poorly presented (eg the crypto code in Chapter 3).

Errors are also rife throughout the text. For example, in chapter 3 the author attempts to describe connection attributes to enforce for a connection. One of these is the MAC address of a host 2 hops away. Anyone with any understanding of TCP/IP networking would know that if a host is 2 hops away, then the MAC address belongs to your router. The attack Drew describes isn't going to see the router change out from under the system.

While there's a lot of terms thrown around, there aren't any useful concepts really taught or well presented. I don't think anyone will learn much of anything from this book. The title of the book suggests that we'll be hitting hardware, too, but it's not until the last third of the book that this is introduced, and just as poorly as key concepts in software security (defense, attacks, etc), and only for one chapter.

I just don't have anything positive to say about this book, and for that I truly apologize to the author (and as a fellow author). This isn't personal (I don't know Drew, I believe, nor do I harbor any malice towards him or anyone he knows), it's just not a very good product. If you're looking for a comprehensive overview of infosec, look at something like Bishop's tome "Introduction to Computer Security".

5 of 14 people found the following review helpful:

5.0 out of 5 stars From the Author, March 2, 2005

By	Drew Miller "Drew M." (Seattle, WA) - See all my reviews

There are many misconceptions about security and the quality of products in the world. This book offers a larger perspective on the details of why those misconceptions exist. We must often dig deep to find these flaws and sometimes review explicitly technical processes. At the same time, surrounding these technical details are demonstrated concepts of trust and assumption that have plagued products in the past, present, and surely in the future. Some texts may demonstrate a problem and a precise solution to that problem. This book offers the understanding of how and also why. It takes the reader from looking at any product, software or hardware, and integrates perspectives specific to trust and reliance upon technologies, which, by design, were never intended to supply a secure infrastructure. You will also see the reasons why these technologies fail; trust and assumption.

Recent intrusions into network and wireless infrastructures are just mere examples of products; however functional they may be, that, in general, lack any quality assurance specific to the types of attacks that are reviewed within this book.