Profile for Stephen Northcutt > Reviews


Stephen Northcutt's Profile

Customer Reviews: 131
Top Reviewer Ranking: 63,230
Helpful Votes: 1454

Community Features
Review Discussion Boards
Top Reviewers

Guidelines: Learn more about the ins and outs of Your Profile.

Reviews Written by
Stephen Northcutt RSS Feed (Kauai, HI USA)

Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11-14
Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
by Marc Goodman
Edition: Hardcover
Price: $20.93
59 used & new from $13.85

4 of 4 people found the following review helpful
5.0 out of 5 stars A true call to action, February 24, 2015
Hands down, this is the most heavily researched book on the topics of cyber crimes and cyber threat I have ever seen. We should all be thankful the author knew how to run spell check in WordPerfect since it opened the doors for his police experience in cyber crime.

Part 1 of the book is pretty much a brilliant recap of the current situation with the occasional historical note. If you are new to cyber security it will be eye opening. If you have been in the trade for a long time it is a blast from the past. Part 2 starts out building on Part 1, (in fact, the beginning of Part 2 felt like it was really Part 1). Then we start talking about the future: robots, drones, better crime tools, artificial intelligence, brain-computer interfaces, bio-terrorism and related bio topics, space and quantum computing. Wow, that is a lot to absorb. Part 3 is titled "Surviving Progress". It opens with a discussion of software liability, or perhaps the lack of same. Privacy is mentioned throughout the book and in Part 3 the author mentions the EU Data Protection Directive. That piece of legislation will come to a serious test with the Gemalto hack. He, rightfully, calls for eliminating passwords, (almost all security experts have been in violent agreement with this idea for the past 25 years). Part 3 is mostly what I call "hand waving", this idea and that, with no practical tips like NoScript, Ghostery, using one browser only for ecommerce, private browsing, running browsers from virtual systems, not allowing cookies, learning to kill flash cookies, (or, for extra credit, kill flash itself).

The bottom line mirrors my first observation, Marc Goodman did a tremendous amount of research. I am glad he wrote the book, I have asked my wife to read, or at least skim it. Unless you live totally off the grid it is probably worth your time to read this book. If you are in IT, IT Security or you are an executive, this counts as a must read.

Black Hat Python: Python Programming for Hackers and Pentesters
Black Hat Python: Python Programming for Hackers and Pentesters
by Justin Seitz
Edition: Paperback
Price: $23.03
54 used & new from $18.99

8 of 8 people found the following review helpful
5.0 out of 5 stars Shows what is possible for an advanced attacker, January 3, 2015
Another incredible python book. The reference operating system is Kali Linux, available from There were several highlights for me. One was a replacement for Netcat. NC is the Swiss army knife of penetration testing so a good number of system/network administrators remove it from their systems. But they will sometimes leave Python. Justin provides a fairly complex program to duplicate the basic functionality.

In order to exfiltrate info it might be wise to encrypt it to make keyword detection harder. SSH can be a good choice, but most Windows boxes do not have an SSH client, not even Putty. The author provides a fascinating discussion on how to build and use Paramiko. In a related topic, the book has a great section on SSH tunneling.

A section I found quite sobering was how to steal email credentials. That takes spear phishing to the next level.

There is an entire web server section with multiple scripts.

I am going to stop here with details and jump to the bottom lines. One thing struck me was how timeless many of the programs are. With a minor tweak or two many of these programs will at least a ten year shelf life and that is rare for a security book. Obviously cyber operators and penetration testers can benefit from the book. If you are a security architect or senior system administrator you might want pick up a copy, it helps show you how an advanced attacker might be able to break in, remain undetected and exfiltrate information.
Comment Comment (1) | Permalink | Most recent comment: Feb 1, 2015 10:32 PM PST

Home At Last: The True Story Of A Desparate Pilgrim
Home At Last: The True Story Of A Desparate Pilgrim
by Faith Collier
Edition: Paperback
Price: $14.99
10 used & new from $10.19

4.0 out of 5 stars The story of a seeker, December 28, 2014
Faith goes to our Kauai church, so this may not be a totally objective review. However if you are a seeker looking for your path, it would be sad to miss this book. I love the format, it is essentially a bunch of essays. That makes it easy to read between tasks. Her story is fairly incredible, you name it, she did it or had it happen to her. Most of the book is very strong, the ending is a bit weak.

My biggest complaint is the cover photo, I wish she had used a more current photo.

Penetration Testing: A Hands-On Introduction to Hacking
Penetration Testing: A Hands-On Introduction to Hacking
by Weidman, Georgia
Edition: Paperback
Price: $33.32
53 used & new from $28.17

3 of 5 people found the following review helpful
4.0 out of 5 stars A very solid introduction to penetration testing, August 12, 2014
I have one complaint, otherwise the four stars says I found the book quite helpful, why did they give so much attention to Windows XP? If it had said Backtrack instead of Kali, I would have mailed the book book back to the fine folks at No Starch.

What do I like about the book? A lot. It is well organized and is the best documentation of the Kali platform I have seen. In particular, I loved the Part III section, attacks. I just took vacation with no agenda whatsoever except to read a few books. This was one of them. I could not put the book down, in fact I ended up fairly shocky because I did not stop to eat, I just kept trying to duplicate the exercises.

Did not do as well in Part IV, I was able to follow the stuff in the first half of the Violent Python book, but I failed here. However, I do plan to try again, maybe someone has a remedial Python Penetration Testing class.

Bottom line. People are always asking me, "how do I get into security". There are three bread and butter trades, Defense which includes detection and response, Penetration testing which hopefully leads to better defense and Forensics. Kali is a great platform to start learning penetration testing and this is a great book to introduce you to Kali. Gotta go, thunderstorm coming, skylights are open.

Epson WorkForce  All-In-One Wireless Color Inkjet Printer WF-2540, Black
Epson WorkForce All-In-One Wireless Color Inkjet Printer WF-2540, Black
Offered by Computer Gear(No Tax everywhere)
Price: $89.99
64 used & new from $49.00

4.0 out of 5 stars A delightful surprise, February 27, 2014
The HP J4580 printer we have is a mess. It prints fine, but with everything else, sometimes it works, sometimes it doesn't. Two weeks ago we had to reboot it 4 times to scan a document. Even though it is only 1.5 years old has hardly been used, and we still have ink for it, I said enough! With tax time upon us, we need something functional.

We had to go to Wal-Mart anyway, we wandered to electronics and starred at all the choices. This one was smaller than most, fully multi-functional, inexpensive, (as we all know they make their money with the ink). Why not! I carried it into the house, cleared my workbench and started to set it up.

It was fairly easy to unpack, though there are a LOT of pieces of blue tape. I kept all the packaging in case it was a disaster and would have to be returned. The only set up complaint I have is the instructions for printing the test page, who knew you put the paper on the side, I kept sticking the paper in the fax feeder, but my wife figured it out.

Software install went quickly on MacOS 10.9.2. No problems setting up the wireless. At this point we have scanned, printed from mail, word and GIMP, sent and received faxes. I have not tried scanning over the wireless, but when I was installing the software, it had my default browser go to a web page talking about Epson Scan sw.

I love the form factor, it is sitting on my workbench because, we are going to keep the HP long enough to use up the black ink printing tax documents.

I wanted to give it a 5 star rating, but it did have a false positive thinking it had a paper jam and it did not. I was opening things and sticking my hands into little crevices. After about five minutes of fooling with it, a screen came up saying something like if there isn't really a jam hit OK.

To be candid, I don't like setting up printers. In a number of previous jobs, since I was technical, setting up a new printer ended up being my job. However, as the title says, this was a delightful surprise.

Irobot Roomba 595 Series
Irobot Roomba 595 Series
3 used & new from $335.50

2 of 2 people found the following review helpful
4.0 out of 5 stars Roomba 595 works so well I am considering the damp mop robot, December 26, 2013
This review is from: Irobot Roomba 595 Series (Misc.)
I opened the box, had a bit of a start looking at the foreign language quick cards on how to assemble Roomba, but then realized it was already assembled, plugged it in, dutifully waited 24 hours and gave it a test flight in my office. Was amazed at how much stuff if picked up because I had vacuumed four days before. After it does a room or two, I put it back on the charging station, most batteries do not perform as well after they are "deep cycled" (run completely down). I love the way that if you haven't stuffed the rooms of your house, you can just stick Roomba in the room, shut the door and walk away, when Roomba decides the room is clean it shuts down. I have a couple pieces of furniture Roomba can't climb under, they are too low to the ground. I am going to be looking for some decent looking "extra thick wooden coaster" to raise them another two inches so Roomba can clean under them. The 595 came with three filters and three of the sets of three brushes. The manual says change the filter every two months, so I have put a tickler on my calender to make sure I perform maintenance.

Is it perfect?

No. The cardboard box says pet series and that might work out if you have a really short haired pet such as a Weimaraner; I just spent ten minutes getting the hair off the brushes. The round brush tool does not seem to do much, maybe I will at the iRobot video to be sure I am going it right. The comb tool, now that is a different story. It worked so well I took it down to the bathroom and got rid of the lint that had collected on my hairbrush.

My box came with two Automatic Virtual Walls, (batteries were included). I could not make them work today. In fact I could not even get the battery cover off of one of them. No matter how hard I tried to press the logos, I could not get it to open like the other one did.

The bottom line:
It has been quite an eyeopener to see how much lint, dust, hair and even a bit of sand Roomba can find and collect a mere four days since I last vacuumed the house. The robot is particularly helpful when it can drive under furniture. There was a bit of a learning curve, but not that painful. The manual could certainly be improved, but iRobot has instructional videos. Tomorrow I will investigate to see if I can make the Virtual Wall work. I am really glad I bought it.

The Practice of Network Security Monitoring: Understanding Incident Detection and Response
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
by Richard Bejtlich
Edition: Paperback
Price: $35.23
61 used & new from $26.77

15 of 15 people found the following review helpful
5.0 out of 5 stars Best book in the network monitoring genre yet, September 6, 2013
If you are in cyber security this is a must read. It starts off with a preface by Todd Heberlein, the guy who started the craft of network monitoring. Richard spares us the rehash of things like the TCP 3 way handshake and jumps into actionable content very quickly. The book is the best resource for tools I have seen anywhere. The charts, diagrams, and screen shots bring the information to life. It was particularly great to see the focus on Security Onion.

The favorite part for me was the Collection, Analysis, Escalation and Resolution section. Mr. Bejtlich has a lot of experience in incident response and I am thankful he is willing to share his insights.

My advice is that you buy the book, read it, download Security Onion and learn to use some of the tools.

Absolute OpenBSD: Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
by Michael W. Lucas
Edition: Paperback
Price: $53.89
59 used & new from $30.99

6 of 6 people found the following review helpful
5.0 out of 5 stars Don't run OpenBSD without it, May 4, 2013
I love paper books so that I can write notes in the margins and bookmark hard to find info, but you may want to consider the Kindle edition in this case. This is a big book and having it searchable would be a big plus; there is just so much info. Also, want to do a shout out to the OpenBSD folks; what a resource. 2nd edition builds on a solid foundation to be a must have if you're running OpenBSD. I had never really thought about the concept of a "successful" installation, but the author's point is spot on that different uses will have different needs, so they invest 66 or so pages helping sysadmins get off to a good start.

Hip hip hooray for the well grounded discussion on sudo and especially the idea of hiding root with sudo. It makes me nervous to see an admin with a "#" prompt.

I have never played with softraid, but with the prices of HW RAID, it is attractive and the writing is so thorough I think I could pull it off.

Great discussion on the network from a systems perspective. Just a bit more on troubleshooting might be a nice touch if there is a 3rd edition. I think all the data is there, but it would be nice to have it as one checklist.

I am not qualified to comment on the packet filtering section and the advanced packet filtering section, SANS would never let me monkey with their perimeter, but while I didn't try any of it, it looks reasonable.

Very clear explanation of the kernel, I got so excited I put the book down for a minute to type "sudo dmesg", been a long time since I did that.

Where'd You Go, Bernadette: A Novel
Where'd You Go, Bernadette: A Novel
by Maria Semple
Edition: Paperback
Price: $11.24
356 used & new from $0.77

1 of 1 people found the following review helpful
4.0 out of 5 stars What can you add to 760 reviews?, May 1, 2013
Not much. I do not normally read fiction. The book was a gift from a friend who does not cook and I do, so it was a thank you. I do have a connection to the book, I live in Seattle ( very funny descriptions ) and I have a bit of a connection to Antarctica.

A long long time ago, I was leading a caving expedition in Nut Cave West Virginia with a bunch of college students from Mary Washington University. We were in a tight tunnel where you just had room to crawl and the lady in front of me freaked out. She quit moving. I am only alive because my best friend Jeff pulled on her from the front and I doused my carbide light and stuck my helmet in her butt and pushed like heck.

So what does this have to do with Where'd you go Bernadette?

Just about everything. Later, after we got out of the cave I learned she had been hired by USGS and was being posted to Antarctica. Which brings us to the book and Bernadette.

The girl in the cave, like Bernadette was an improbable person to be staffed in Antarctica; but then what do we really know about that region of the world and who should be there? That was my major takeaway from the book. As it says in the title of this review, I do not have much to add that 760 other reviewers can't, but if I can share a few bits of reality:

The blackberry vines in the North West are a big issue. When I am in my Seattle home, they are my primary form of exercise. People ask me if I work out in a gym; no, I own a digging bar, have property outside of Seattle and manage the blackberry vines. Dear reader, do not think that part of the book is overdone.

I think the Craftsman house bit is a slightly over the top, it ignores fake Tudor. When we decided to move to the area, we stayed in the Bacon Mansion while we looked for a house, not everything is craftsman (though I live in a craftsman *grin*).

Rain isn't really that bad in Seattle as long as you are only there July 15 - August 15.

Maria Semple, great job. I am thankful for having a chance to read your book.

by Daniel Suarez
Edition: Paperback
Price: $8.95
164 used & new from $0.01

4.0 out of 5 stars A real thriller, April 23, 2013
Verified Purchase(What's this?)
This review is from: Daemon (Paperback)
I do not normally read fiction, it is so hard to keep up with cyber security as it is. However Wesley McGrew recommended the book and he is one sharp cookie, so I ordered it from Amazon. The premise, at least I think it is the premise, this is a complex book, is that a video game genius dies ( are we sure Sobol is dead; this we is not, I saw Swordfish ) and leaves a computer program (daemon) that is essentially taking over the world for its own purposes.

There was a detective involved, (Sebeck), but they frame him and kill him off ( not sure why and to say more would put me in spoiler land). As the book comes to a close we are down to two people with a clue, a smart pretty girl at NSA, (Phillips), and a mysterious hacker, (Ross).

We do not really seem to come to a conclusion, but Wesley also recommended I buy Freedom which I did. Here is hoping we get to some conclusion for Daemon Industries LLC in the second book.

I can't speak for the weaponry in the book, but the cyber stuff seemed to be very believable to me, I am guessing the author has some access to subject matter experts. If I was going to make a complaint, it would be how the US Government (CIA, FBI, NSA, DISA etc) tend to be cast as having no clue other than Phillips.

It is a dangerous book for a geek to read, make no mistake about it. 632 pages means when you realize you are hooked, you are going to pull an all nighter because you can't put the book down. There is no chance I am going to pick up Freedom today, tonight I have to sleep and I have an important meeting tomorrow. Thank heavens for the $20.00 bag of 100% Kona coffee at Costco. First pot of coffee for the year, but I really need it.

I just read a couple more reviews and I want to glom on to the points people make about the ending. It felt like I just fell off the end of the book. I wasn't sure it was me, but it was 3:30 AM. Glad to hear others have the same thought.

Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11-14