Sponsored links


Valid XHTML 1.0!
Valid CSS!



Product: Book - Hardcover
Title: The Art of Intrusion : The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
Publisher: John Wiley & Sons
Authors: Kevin D. Mitnick, William L. Simon
Rating: 4/5
Customer opinion - 4 stars out of 5
How much would you pay to get inside the enemy's mind?


Over two years ago I read and reviewed 'The Art of Deception,' also by Mitnick and Simon. I thought that book was 'original, entertaining, [and] scary.' Those same adjectives apply to 'The Art of Intrusion' (TAOI). While I also add 'disappointing' and 'disturbing' to the description of TAOI, sections of the new book make it an absolute must-read. If you want to understand the consequences of systematic, long-term compromise of your enterprise, you must read and heed the lessons of TAOI.

This book may provide the closest look inside an intruder's mind the security community has yet seen. There is simply no substitute for understanding the methodology, goals, and determination of a skilled intruder. Chapter 8 brings the world of the enemy to life, describing separate incidents where crackers stole intellectual property from enterprise networks. These intruders were patient and methodical, taking months to locate, acquire, and transfer their prey. I have encountered this sort of adversary as a real security consultant (explanation follows), but never read supposed first-hand accounts from the enemy's point of view. Chapter 8 alone makes the book worth purchasing.

Why is the book 'disappointing' and 'disturbing' then? I was repeatedly disgusted to read about so-called 'security consultants' who are 'published authors on security topics' (p. 168), who describe themselves as 'white-hats' but acknowledge defacing sites 'where security was so shoddy someone needed to be taught a lesson (p. 143), and who are 'respected security professionals by day and become a black-hat hacker by night, honing the skills that pay their mortgage by hacking into the most resilient software companies on the planet' (p. 166). Attaching the label 'security professional' to these criminals -- still active by some accounts -- is a crime itself. At least Mitnick perpetrated his crime and did his time. These people, however skilled, are a black mark on the security community -- they literally perform the crimes for which their 'skills' are then required. The mitigating factor for me is that these intruders shared their stories for the benefit of the community. For that I am grateful, but I'd also like to hear they've hung up their black hats!

In some places Mitnick seems to close to his subjects to render a fair opinion of their skills. Chapter 5 talks about Adrian Lamo, named by Mitnick 'The Robin Hood Hacker.' It begins with a story about rescuing a kitten from a 'dirty storm drain' that belongs in an after-school TV special, and smells of social engineering on Mr. Lamo's part. After reading about this 'purist... the thinking man's hacker,' we learn his only real skill was 'exploiting misconfigured proxy servers.' When asked what operating system the New York Times was running when he infiltrated it via proxy server, 'Adrian answered that he doesn't know. 'I don't analyze a network that way.' I doubt someone who 'secured' a proxy server at Excite@Home by cutting the cat 5 cable to the box knows anything more than how to use his 'favorite tool... ProxyHunter' and his 'intellectual gift of finding misconfigured proxy servers' (p. 112). This mischaracterization of Adrian Lamo hurts the authors' credibility, at least as far as chapter 5 goes. I felt the same sense of being too close to the characters when reading of 'two convicted murderers' in chapter 3, although their story should catch the eyes of prison wardens everywhere.

Besides the war stories in TAOI, I found many of the authors' insights appropriate and helpful. In places Mitnick and Simon describe how victims never believe they are compromised, and when they are shown proof, they 'figure they just dropped the ball on this one occasion' (p. 216). Repeatedly through the book, network security monitoring is offered as a means of incident detection and response. I wish those who advocate the supposed defender's advantage of knowing their network would read this gem on p. 164: 'I knew their network better than anyone there knew it. If they were having problems, I could probably have fixed them.' This is so true, because the intruder's interest goes so much deeper than an administrator who sees security as part of his over-stressed and under-resourced job.

Not all of the book was written from the perspective of black hats masquerading as 'security professionals' by day. Chapter 4 features a tale by former Boeing employee Don Boelling, a real security professional. Other chapters present the stories of unnamed penetration testers, all of which I found intriguing.

Despite my negative opinion of the ethics of some of this book's contributors, I still highly recommend reading TAOI. I suspect the validity of some of the earlier reviews, as three are posted by people whose only review is for TAOI and one is by TAOI co-author W.L. Simon! Does the social engineering never end?



Product: Book - Hardcover
Title: Programming Microsoft ASP.NET
Publisher: Microsoft Press
Authors: Dino Esposito
Rating: 4/5
Customer opinion - 4 stars out of 5
Confusing at first


I'd recommend getting this book if you are new to ASP.NET, even though this book is not for the newbie to ASP.NET. This isn't a quick reference book for little problems, this is a concept book, that goes into great detail of how things work in ASP.NET.
I received this book right after starting to use ASP.NET, and it was basically useless to me, as most of the content went over my head. After I got much deeper in my knowledge of ASP.NET, this book started to make much more sense. Most every advanced concept behind ASP.NET is covered here in depth, all at your fingertips, I find it amazing that Dino knows all this stuff!
They only cons I see is that it is a little dry to read, and you won't find any vb.net examples. Other than that, I recommend getting this book



Product: Book - Paperback
Title: The Data Warehouse Toolkit: Practical Techniques for Building Dimensional Data Warehouses
Publisher: John Wiley & Sons
Authors: Ralph Kimball
Rating: 4/5
Customer opinion - 4 stars out of 5
An execllent book on Dimensional Data Warehouse Modeling


Kimball has done an excellent job by writing this book. You don't require any mentionable knowledge about data warehousing or dimensional modeling to completely comprehend this book. He has explained all of the concepts of Dimensional Data Warehouse with the help of real-life examples. Perhaps that makes this book so unique and pragmatic.It is easy to read and also chapters are well arranged to gain a very systematic progression of the subject. All the concepts are explained and postulated in the context of some examples. So don't plan to skip any chapters. That doesn't work with this book.
I would recommend this book, to anybody who wants to practice DDW, as the first book to be read on the subject to gain most.
Because of its entirely example-based approach, the book may not be of much use in an exclusive conceptual/academic perspective.
The only omission I have noticed in this book is, it doesn't speak much about data extraction complexities. Even though Kimball dedicates a few pages towards the end of the book for this purpose, it is largely insufficient and gives no worthful advice to a practioner of data extraction process. So if you are looking for a solution to your data extract nightmare, this book is of little use.



Product: Book - Paperback
Title: Core Servlets and JavaServer Pages, Vol. 1: Core Technologies, Second Edition
Publisher: Prentice Hall PTR
Authors: Marty Hall, Larry Brown
Rating: 5/5
Customer opinion - 5 stars out of 5
Best book on the market for learning Servlets and JSPs.


Core Servlets and JSPs is currently the best book available for learning these two technologies. I have several other books on Servlets and, while each has pockets of information, none of them does as thourogh a job as this one. You will also find that the other Servlets books usually fail to cover Java Server Pages. The book is very easy to read, clear, accurate, and overall extremely well written. Of all the books I have evaluated, I selected this one for a one-week section on Servlets and JSPs which I teach as part of my company's training program. I highly recommend it to you as well.