July 25th, 2008 Anthony Towry
Geekonomics: The Real Cost of Insecure Software
attempts to employ solid economic reasoning behind software defects that impact security.
Geekonomics was a finalist in the running for a prestigous Jolt Award, and not terribly expensive (coming in @ MSRP $30 and less than that most places), so I jumped on it. The case for this book in my mind is that it really speaks to the ideas of reaping what you create incentive for. The book explores EULAs, Open Source, cement, car crashes and plane wrecks. Read the full review
Posted in Books | No Comments »
July 15th, 2008 Anthony Towry
Metasploit is a tool that has forever changed the information security landscape. One would be hard pressed to find a tool as versatile, powerful and as supported in the hacking community today. On top of all that good mojo, it comes free of charge!
I get excited about Metasploit (who wouldn't). I wanted this book to match that excitement; To dive into Metasploit in new and exciting ways. It didn't. This book is written by some very smart guys, but goes about as deep as the average user guide. There's nothing new here really and most of what's discussed could be better absorbed through a few hours of playing with the application itself.
Overall this was a disappointment, one that could have been a whole lot better.
Posted in Security | No Comments »
April 21st, 2008 Anthony Towry
This weekend I finished the Syngress Publishing book Open Source Fuzzing Tools. The book didn't take long. Part of the reason is that there really isn't a ton of technical information in the book to hold up the reader in lab exercise. It's not completely devoid of detailed fuzzer usage, but it's not wall to wall "let's go break some software" either. Read the rest of this entry »
Posted in Uncategorized | No Comments »
February 26th, 2008 Anthony Towry
Insider threat is an area of security with crazy potential to turn things over on an organization in a big way. These attackers are trusted, knowledgeable and quite often fully authorized by the systems in place to perform whatever dirty deed they've got in mind.
Most people would rather not think of their coworkers as potential criminals even when confronted with studies, news stories and statistics that focus the light on just how relevant these threats are. This book should help.
Brian makes use of multiple dynamic case studies and experience that keeps the reader engaged in almost cinematic suspense. He presents information on the type of person behind the attacks and shows off the kind of correlation that an Enterprise Security Management (ESM) system should perform.
I really enjoyed this book, it takes the hard job of explaining what can be done when you can't prevent, you can only detect and respond.
Posted in Security | No Comments »
February 8th, 2008 Anthony Towry
I recently finished flipping through Podcasting Hacks. I say flipping, because I read it in a completely hit-and-run way, digging into the hacks that screamed out.
The book isn't bad, but is definitely geared toward the podcasting newbie. The depth at which format styles and interviewing is covered should be sufficient for any newcomer to produce interesting content.
I would have personally liked to have seen a bit more on some of the technical audio mixing and post production stuff, but who are we kidding? Like my podcast is ever going to be more than a Fisher-Price microphone and a kazoo.
Posted in Books, Podcast | No Comments »
January 17th, 2008 Anthony Towry
This book is just almost worth reading, almost. I get excited about securing the endpoint. So, you can imagine how miffed I was when this book turned out to suck.
I agree with the author in that the endpoint has become the perimeter, and as such, shifts and flows as devices enter and leave. The endpoint is critical. The author does a fair job of presenting the concept. However, a communication breakdown starts to occur soon after. Your flag to put the book down is when he introduces the grand scheme for standardizing graphical representations of a network and it's endpoints.
The only place I can see this book being of use is in the hands of a lightly trained desktop manager. The basic steps for keeping a clean box are provided. Implementation may be a tough thing to bring about "by the book" as the recommendations are not necessarily business friendly.
There are some nuggets of wisdom buried in the noise, but it's really not worth the effort to read. I do not recommend this book.
Posted in Books, Management, Security | No Comments »
November 15th, 2007 Anthony Towry
Fuzzing: Brute Force Vulnerability Disclosure takes you to the edge of Application Testingville and kicks you 30ft outside city limits. The methods used to vulnerability test software in an automated way have never been so clearly conveyed. This book becomes family for anyone stalking the elusive 0-day. Like a second cousin really, but still you hold it near and dear. Read more...
Posted in Books, Programming, Security, Testing | 1 Comment »
