- Series: Animal Guide
- Paperback: 298 pages
- Publisher: O'Reilly Media; 1 edition (October 1, 2009)
- Language: English
- ISBN-10: 0596154577
- ISBN-13: 978-0596154578
- Product Dimensions: 7 x 0.8 x 9.2 inches
- Shipping Weight: 14.4 ounces (View shipping rates and policies)
- Average Customer Review: 20 customer reviews
- Amazon Best Sellers Rank: #1,097,877 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Hacking: The Next Generation (Animal Guide) 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
What other items do customers buy after viewing this item?
About the Author
Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.
Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team.
Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.
Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science.
Dhanjani's personal blog is located at dhanjani.com.
Billy Rios is currently a Security Engineer for Microsoft where he studies emerging risks and cutting edge security attacks and defenses. Before his current role as a Security Engineer, Billy was a Senior Security Consultant for various consulting firms including VeriSign and Ernst and Young. As a consultant, Billy performed network, application, and wireless vulnerability assessments as well as tiger team/full impact risk assessments against numerous clients in the Fortune 500.
Before his life as a consultant, Billy helped defend US Department of Defense networks as an Intrusion Detection Analyst for the Defense Information Systems Agency (DISA) and was an active duty Officer in the US Marine Corps (deployed in support of OIF in 2003). Billy s thought leadership includes speaking engagements at numerous security conferences including: Blackhat Briefings, RSA, Microsoft Bluehat, DEFCON, PacSec, HITB, the Annual Symposium on Information Assurance (ASIA), as well as several other security related conferences. Billy holds a Master of Science degree in Information Systems, a Master of Business Administration degree, and an undergraduate degree in Business Administration
Brett Hardin is a Security Research Lead with McAfee. At McAfee, Brett bridges security and business perspectives to aid upper management in understanding security issues. Before joining McAfee, Brett was a penetration tester for Ernst and Young's Advanced Security Center assessing web application and intranet security for Fortune 500 companies.
In addition, Brett also is the author of misc-security.com. A blog dedicated to focusing on security topics from a high-level or business-level perspective.
Brett holds a bachelor of science in Computer Science from California State University at Chico.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
So there is a fair bit of fear mongering, but not because they are wrong so much as because they are skipping some steps. That, to me, seems a fatal flaw, because the technical people would say "yeah ... ok, if I assume you are as good as you claim to be", and the non-technical people are thinking this is Harry Potter, because there were some arcane script(ure)s and then stuff went very bad.
I'd say that to most technical people with a slight security focus there is nothing new in here. To the non-technical or non-security people though, who the text (not the code) is (should be) aimed at, various bits will be very off-putting. Especially the code and the jargon.
Also, this title fails to appreciate that successful attacks are not just down to people being in a rush and warning messages not being user friendly. Granted, their analysis of phishers is a great read, but I don't think it will be read by the right people. Technical aware people already know they are mostly muppets, and non-technical people won't get the joke because it is buried in php code.
One saving grace, which sadly is too little (one short chapter) and too late (last chapter), are the two case studies that conclude the book. The two case studies highlight first a very effective but non technical attack, and then rather technical attack which does feature a bit of code, but not terribly so. I guess the prior chapters were needed to lay the foundation, but even then, I fear that non-technical readers would be put of by the technical attack's code. Though in this case the code dumps are much more illustrative and far less technical. Problem is though, most non-technical reads would probably not have made it this far.
In the end, this is a very light read to security/IT aware that reminds one of the basic techniques and a missed opportunity to become aware to the unaware. Who then benefits from this book in its current form? Probably junior IT staff and Security researchers for a good introduction ... to junior IT staff. Non-IT staff are probably better off with Secrets and Lies: Digital Security in a Networked World which is aimed at managers more than anything, technical people probably already know where to look (if not check out Bruce Schneier's free news letter at [...] ).
The book has both non-technical and technical details of possible exploits and where appropriate offers code that usable to execute a potential exploit. The book provides good insights into how an attacker may discover information about an organisation, from seemingly innocuous sources and put a picture together about the organisation. The aim here is to use the information to gain the confidence of employees with a view to extracting useful information about the company.
The book challenges the notion that attackers are always external users, and looks at insider attacks and their motives, which are not always money. The book cited a good example of how vengeance was the motive for an attack, and how simple it was for the person to carry the attack out – the victim did not every know.
Mobile work is more common, and the use of mobile devices (phones, laptops, memory sticks) is covered and the book covers the potential they create for data loss is covered.
The book examines the legacy of protocols developed for a different era, and highlights the fact that most organisations do not take active steps to patch and upgrade, and emphasises the problems this may cause.
The most interesting chapter covered blended threats, where an attacker will take advantage of vulnerabilities in one vendor’s software to breach a flaw in another vendor’s software – the book specifically mentioned a breach in Safari that led to a further compromise in Windows. It looks at the challenges software development companies face in dealing with these problems. Where does a company draw the line in testing its software and how much must an operating system company do to ensure that their applications work when working with another application vendor’s products.
The book places a lot of emphasis on the use of social attack methods to gain information, including the use of people networking facilities, exploiting people who are not technically strong (e.g. C rank), but who have decision making authority. The book covers the use of network diagrams by attackers to work out who may have influence over a CEO, for instance. With this information, an attacker may seek to exploit that connection to obtain information about the organisation. Another good example was the abuse of conference call facilities by an external party to learn about their competitors activities and to use that information to undermine the company.
The books final chapter looks at using cross-pollination techniques to exploit vulnerabilities in a number of ways. For instance, an attacker may use vulnerabilities at one source to gain access to another source. As business technology becomes more complex, I think these case studies are very pertinent.
Overall, the book provides good coverage of issues that affect organisations and is worth reading.
The book has 298 pages, 10 chapters and costs US19.27 from Amazon Kindle Store, and is also available to rent.
I found this book's coverage of "people" as a security concern on par with "technology" to be on the mark. While technical topics such as blended threats and cloud infrastructure are covered in significant detail, this publication balances detail with the bigger picture and perspective well.
The authors, Nitesh Dhanjani and Billy Rios, provide some interesting and useful case studies to underscore and contextualize their points. Well-written and eye-opening, this is a book for anyone concerned with hacking.