Sponsored links


Valid XHTML 1.0!
Valid CSS!



Product: Book - Paperback
Title: Network Security Assessment
Publisher: O'Reilly
Authors: Chris McNab
Rating: 4/5
Customer opinion - 4 stars out of 5
A good companion to "Security Warrior"


"Network Security Assessment" (NSA) is the latest in a long line of vulnerability assessment / penetration testing books, stretching back to "Maximum Security" in 1997 and "Hacking Exposed" shortly thereafter. NSA is also the second major security title from O'Reilly this year, soon to be followed by "Network Security Hacks." NSA is a good book with some new material to offer, but don't expect to find deep security insight in this or similar assessment books.
NSA begins with the almost obligatory reference to the king of assessment books, "Hacking Exposed" (HE), saying "I leave listings of obscure techniques to behemoth 800-page 'hacking' books." I don't think some of the techniques covered in HE but not NSA are "obscure." Noticably lacking in NSA is coverage of dial-up techniques, wireless insecurities, Novell vulnerabilities, and attacking clients rather than servers. Should NSA receive a second edition, I expect to see the book expand closer to the "behemoth" it seems to deride.
The best chapter by far was ch. 11, where the author with assistance from Michael Thumann takes the reader on a tour of exploiting vulnerable code. The stack diagrams and code snippets were especially helpful and the explanations were clear enough. This sort of material is a solid introduction to some of the techniques found in "Security Warrior." I also liked ch. 14, where the author explains a sample assessment using the tools already introduced. Kudos as well for maintaining an errata page and tool archive on the publisher's Web site.
The advantage NSA has over HE is the variety of tools on hand. I learned of at least a dozen tools not mentioned elsewhere. The author seems to be thorough while listing various exploitable flaws from the last several years. While the prose is well-written, I believe the HE series does a better job communicating fundamentals of the underlying technology. In other words, HE gives better explanations of 'what' we are compromising, while "NSA" prefers to concentrate more on the compromising itself. This technology education aspect of the HE series has always been its strong point. For example, there's no need to read a 500 page book on Microsoft FrontPage to understand the problems with it when a quick look in a HE book explains the technology's basics as well as its security flaws.
It's been over a year since the 4th edition of HE was published, so I recommend buying NSA to freshen your assessment skills. For the scenarios it does cover, which include most UNIX and Windows Internet-based attacks, it is thorough and accurate. Combined with O'Reilly's "Security Warrior," NSA presents an updated picture of the assessment scene.



Product: Book - Paperback
Title: Excel 2003 Personal Trainer (Personal Trainer (O'Reilly))
Publisher: O'Reilly
Authors: CustomGuide Inc
Rating: 4/5
Customer opinion - 4 stars out of 5
An objective metric of your knowledge


Do you see the amusing part on the book's cover? Not the cartoon chick with big breasts. The book's printing date is 2005, so the 2003 in the title is deprecated, as being slightly awkward. Hence, let us not ask where is Excel 2005?

Aside from this, the book gives a tightly focused test of your Excel knowledge. Each chapter is divided into lessons. Each lesson has a concise explanation of a topic. Then, the chapters end with quizzes and answers. Arguably, it is these quizzes that yield the key value of the book, as they let you actually test your grasp of the subjects. The questions seem to vary from easy to moderate in difficulty. Despite what the back cover says about the book being able to tone up skills of beginners and experienced users, if the latter includes you, then the book may simply be too easy.

Instead, the book may be of the most benefit to new users, who want an objective metric of their knowledge.



Product: Book - Paperback
Title: The Photoshop 7 Wow! Book
Publisher: Peachpit Press
Authors: Jack Davis
Rating: 3/5
Customer opinion - 3 stars out of 5
visually beautiful but really for intermediate to advanced


I admit to buying this book because of the glossy graphics but I got in way over my head. This book is a bit too advanced for someone just getting started with Photoshop. I have used some of the techniques and instructions offered but it has been tedious. I will not give up on this book, however, because after many readings and trial and error, I am making some progress. (...)The CD could include some better photos to work with but "c'est la vie."



Product: Book - Paperback
Title: Learning Python, Second Edition
Publisher: O'Reilly
Authors: Mark Lutz, David Ascher
Rating: 1/5
Customer opinion - 1 stars out of 5
Major disappointment


Having programmed before (in dBase, COBOL, etc.) I expected to be able to follow a book that's intended for less-experienced programmers. Boy, was I mistaken.
This would probably be a fine book for someone who is migrating from C++, but I found many of their explanations needlessly cryptic. They use, in all of the examples, phrases from Monty Python - understandable, but totally useless for someone who wishes to relate functions to real-life application.
In short - if you've already mastered C, this book may help. If you have minimal or no programming experience, this book will show you how to perform functions, but will not explain what you'd want to use these functions for in application programming.