Sponsored links

Valid XHTML 1.0!
Valid CSS!

Product: Book - Paperback
Title: XSLT Cookbook
Publisher: O'Reilly
Authors: Sal Mangano
Rating: 3/5
Customer opinion - 3 stars out of 5
Pretty well rounded, missing some specifics

Excellent book to get the basics in many different areas of using XSLT. My focus is converting XML to HTML so naturally I was mostly intent on reading those chapters; the rest of them had academic value to me.
The problem I find with this book is that it doesn't focus on XSL tools and how to write snippets of code for them (I am using XSLmaker and didn't find anything on it). Maybe the book was not totally up to date. In any case, modern XSL development is driven by visual tools like XSLmaker that let you code Xpath filters or define XSL code for visual HTML fields - and that sort of integration was what I expected.

Still, I gleamed few useful tricks that saved me some time, so the book was worth it after all.

Product: Book - Paperback
Title: Google Hacking for Penetration Testers
Publisher: Syngress
Authors: Johnny Long, Alrik van Eijkelenborg
Rating: 5/5
Customer opinion - 5 stars out of 5
Required reading for network and security admins

If you are at the book store trying to decide if the book is worth spending $44.95, just flip open to Chapter 7: Ten Simple Security Searches That Work. This chapter alone is probably worth the price of the book.

There are some aspects of security that are core fundamentals that remain true throughout time. Then, there are some aspects of security that are created by new technology. A few years ago, securing wireless networks was unheard of. Now it is at the forefront of many security administrator's concerns. Google is the latest hot technology to create its own security field.

There are other search engines, but Google is the one that has become synonymous with the act of Web searching itself. Google is an excellent tool. But, like many excellent tools, it is also somewhat of a double-edged sword. The same aspects that make it excel at what it does also make it gather sensitive and private information which may be used to compromise systems or gain unauthorized access.

This book is a must-read in my opinion. Network and security administrators should be required to read this book and follow the advice at the end to ensure that Google hackers don't compromise your network.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

Product: Book - Hardcover
Title: The Art of Computer Programming, Volumes 1-3 Boxed Set
Publisher: Addison-Wesley Professional
Authors: Donald Knuth, Donald E. Knuth
Rating: 5/5
Customer opinion - 5 stars out of 5
every programmer must have

if you consider yourself a "programmer" you must have, and not just have - you must read these books!

Product: Book - Paperback
Title: Malicious Cryptography: Exposing Cryptovirology
Publisher: Wiley
Authors: Adam Young, Moti Yung
Rating: 5/5
Customer opinion - 5 stars out of 5

Bypassing computer security systems has sometimes been called an art rather than a science by those who typically do not interact with computing machines at a level that would allow them to appreciate the science behind security attacks. This book does not address the strategies of how to bypass security systems, but instead concentrates on how to use cryptographic methods to corrupt the machines once access has been acquired. Clearly the authors are very excited about the developments in cryptovirology, a relatively young field, that have taken place in the last five years. Their goal though is not to train hackers to break into systems, but rather to coach the reader on how to find vulnerabilities in these systems and then repair them. The subject of cryptovirology is fascinating, especially in the mathematics that is uses, and a thorough knowledge of its power will be required for meeting the challenges of twenty-first century network computing.
After a "motivational chapter" that it meant to shed insight on what it is like to be a hacker, this being done through a collection of short stories, the authors move on to giving a general overview of the field of cryptovirology in chapter 2. The reader gets his first dose of zero-knowledge interactive proofs (ZKIPs), which allow a prover to convince a verifier of a fact without revealing to it why the fact is true. The authors point out that viruses are vulnerable once found, since their rudimentary programming can be then studied and understood. This motivates the introduction of public key cryptography into the payload of the virus, and it is at this point that the field of cryptovirology is born.
Chapter 3 is more of a review of modular arithmetic, entropy generators, and pseudorandom number generators and can be skipped for those readers familiar with these. The authors emphasize the need for effective random number generators and in using multiple sources for entropy generation. They also introduce the very interesting concept of a `mix network', which allows two mutually distrusting parties to communicate securely and anonymously over a network. `Onion routing' is discussed as a method for implementing asynchronous mix networks. Mix networks can be used to hide the propagation history of a worm or virus.
In chapter 4, the authors discuss how to implement anonymous communication and how to launch a cryptotrojan attack that utilizes an anonymous communication channel. There are many applications of anonymous communication, one being E-money, and also, unfortunately, money laundering. The authors describe in fair detail how to conduct criminal operations with mix networks and anonymous money. This same technology though allows freedom of speech in geographical areas that are not sympathetic to it. Electronic voting, so controversial at the present time, is discussed as an activity that is very susceptible to the threat of stegotrojans or government violation of anonymity. Techniques for doing deniable password snatching using cryptovirology, and for countering it using zero-knowledge proofs, are also discussed.
Chapter 5 introduces techniques for preventing the reading of counters when a virus is propagating from one machine to another. Known as `cryptocounters', the authors discuss various techniques for constructing them, such as the ElGamal and Paillier public key cryptosystems.
Private information retrieval (PIR), which allows the secure and private theft of information, is discussed in chapter 6, wherein the authors present a few schemes for performing PIR. These schemes, unfortunately, allow the theft of information without revealing anything about the information sought and without revealing anything about what is taken. The authors also introduce a concept that they call `questionable encryptions', which are algorithms to produce valid encryptions or fake encryptions depending on the inputs. Related to question encryption, and also discussed in this chapter, are `deniable encryptions', which allow the sender to produce fake random choices that result in the true plaintext to be kept secret. Also discussed is the topic of `cryptographic computing', which allows computations with encrypted data without first having to decrypt it. The modular arithmetic used in this chapter is fascinating and well worth the read.
Chapter 7 is by far the most interesting of the entire book, and also the most disconcerting if its strategies are ever realized. The goal of the chapter is to find out to what extent a virus can be constructed whose removal will damage the host machine. This, in the author's opinion, would be a genuine `digital disease', and they discuss various scenarios for bringing it about, which are at present not realized, but could be in the near future. The approach discussed involves game theory, and the authors show how the payload of a virus can survive even after discovery of the virus. They give a very detailed algorithm on how to attack a brokerage firm, including the assumptions that must be satisfied by such an attack. The attack is mounted by deploying a distributed cryptovirus that tries to find three suitable host machines, and the attack consists of three phases, the first involving replication leading to the infection of the three machines, the second involving preparation for the attack, and third involving playing the two-player game. The host machines, to be acceptable for launching the attack, must either be "brokerage" machines, which have sensitive information available to the virus, or "reclusive" machines, which are machines that are not subjected to much scrutiny. The goal of the virus, according to the authors, is to give the malware purchasing power, and not direct monetary gain. The virus may then evolve over time to become a portfolio manager, and may even act as a surrogate for purchasing shares on behalf of the firm or client. Other possibilities for the virus are discussed, and the authors overview the security of the attack and its utility.
I did not read the rest of the chapters in the book, so I will omit their review.