Sponsored links


Valid XHTML 1.0!
Valid CSS!



Product: Book - Paperback
Title: Wi-Foo : The Secrets of Wireless Hacking
Publisher: Addison-Wesley Professional
Authors: Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky
Rating: 5/5
Customer opinion - 5 stars out of 5
This is why I didn't cover wireless in my security book!


'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text.

Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material.

Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level.

Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products.

The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed.

Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.



Product: Book - Paperback
Title: A First Look at Microsoft SQL Server 2005 for Developers
Publisher: Addison-Wesley Professional
Authors: Bob Beauchemin, Niels Berglund, Dan Sullivan
Rating: 4/5
Customer opinion - 4 stars out of 5
A valuable and detailed overview of a DBMS work-in-progress


"A First Look at SQL Server 2005 for Developers" is aptly named. It's a timely, detailed, and very useful introduction to what's new in SQL Server 2005 for three types of developers: database-oriented developers (e.g., with a Transact-SQL background), .NET developers (using C# or VB.NET), and XML-focused developers (perhaps most focused on Web services, XML Schema, etc.). SQL Server 2005 attempts to provide a more seamlessly unified set of services for these three developer approaches, and the book does a great job of explaining how all of the pieces fit together, along with ramifications for SQL Server architecture and security.

The authors faced a major challenge in that SQL Server 2005 hasn't shipped yet, and Microsoft made some changes after the book was published. The chapter on ObjectSpaces, for instance, no longer applies to SQL Server 2005 (at least to pre-Longhorn releases of SQL Server 2005). The ObjectSpaces chapter is still a useful preview of more complete, future integration among programming models, but Microsoft will no doubt make some major changes before Longhorn is finalized.

(p.s. sorry for the EMPHATIC capitalization of my last name in this review; Amazon.com appears to discriminate against people who have apostrophes in their last names, so I had to choose between "O'kelly" and "O'KELLY")



Product: Book - Hardcover
Title: The Art of Deception: Controlling the Human Element of Security
Publisher: Wiley
Authors: Kevin D. Mitnick, William L. Simon, Steve Wozniak
Rating: 5/5
Customer opinion - 5 stars out of 5
Excellent insight into social engineering


I'm responsible for securing our company's network, which includes writing security policies and guidelines for users to follow. Like many people in the industry, much of my security training has been focused almost exclusively on the technologies used to attach and defend networks. But more and more, I think we are all beginning to realize there is a very important human element involved as well. Mitnick does a great job in this book of giving the security professional insight into the social engineering techniques used to take advantage of either weakness or ignorance in a particular target. I've found this book as useful as any in my library.



Product: Book - Hardcover
Title: The Unified Software Development Process
Publisher: Addison-Wesley Professional
Authors: Ivar Jacobson, Grady Booch, James Rumbaugh
Rating: 4/5
Customer opinion - 4 stars out of 5
Mini projet Magistère


il est bien conçu et il convient bien à mettre en oeuvre UM