Security & Encryption Books

Hacking: The Art of Exploitat 2nd Edition

Jon Erickson

Amazon Price: $32.97 List Price: $49.95 Usually ships in 24 hours By: No Starch Press Amazon Marketplace: 37 new & used starting at $25.97

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Security

Customer Reviews:
Total reviews: 51 Average rating: 4.5 of 5

Editorial Review:

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

• Program computers using C, assembly language, and shell scripts



• Corrupt system memory to run arbitrary code using buffer overflows and format strings



• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening



• Outsmart common security measures like nonexecutable stacks and intrusion detection systems



• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence



• Redirect network traffic, conceal open ports, and hijack TCP connections



• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Simon Singh

Amazon Price: $10.85 List Price: $15.95 Usually ships in 24 hours By: Anchor Amazon Marketplace: 104 new & used starting at $3.01

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Programming -> Algorithms -> Cryptography
Subjects -> History -> Middle East -> Egypt

Customer Reviews:
Total reviews: 253 Average rating: 5.0 of 5

excellent 5 out of 5 stars.
0 of 0 people found this review helpful.

great book regarding the history of cryptography. The only way to truly understand anything is c the history of it's introduction

Editorial Review:

In his first book since the bestselling Fermat's Enigma, Simon Singh offers the first sweeping history of encryption, tracing its evolution and revealing the dramatic effects codes have had on wars, nations, and individual lives. From Mary, Queen of Scots, trapped by her own code, to the Navajo Code Talkers who helped the Allies win World War II, to the incredible (and incredibly simple) logisitical breakthrough that made Internet commerce secure, The Code Book tells the story of the most powerful intellectual weapon ever known: secrecy.

Throughout the text are clear technical and mathematical explanations, and portraits of the remarkable personalities who wrote and broke the world's most difficult codes. Accessible, compelling, and remarkably far-reaching, this book will forever alter your view of history and what drives it.  It will also make yo wonder how private that e-mail you just sent really is.

The Cuckoo's Egg

Cliff Stoll

By: The Bodley Head Ltd Amazon Marketplace: 15 new & used starting at $6.93

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption
Subjects -> Literature & Fiction -> General
Subjects -> Nonfiction -> True Accounts -> True Crime

Customer Reviews:
Total reviews: 156 Average rating: 4.5 of 5

I love this book. 5 out of 5 stars.
2 of 2 people found this review helpful.

As you can see from the reviews here, many people also love this book.

I love the trip down memory lane that this book provides. Sure is fun to go back to a more innocent time and remember what it was like before the internet became huge. If you remember archie, gopher, kermit, then this is a book for you.

Even if you're too young to remember this time, it would be quite fun to watch WAR GAMES and then read this book. I love the writing style--this is a real page-turner.

Editorial Review:

Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized users on his system. The hacker's code name was "Hunter"-- a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy-- and plunging into an incredible international probe that finally gained the attention of top U.S. counter-intelligence agents. The Cuckoo's Egg is his wild and suspenseful true story-- a year of deception, broken codes, satellites, missile bases and the ultimate sting operation-- and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB.

Guide to Computer Forensics and Investigations, Third Edition

Bill Nelson, Amelia Phillips, Frank Enfinger, Christopher Steuart

Amazon Price: $59.19 List Price: $93.95 Usually ships in 24 hours By: Course Technology Amazon Marketplace: 58 new & used starting at $50.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Culture
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 8 Average rating: 2.0 of 5

Do not buy this book used! You won't be able to use the CD 1 out of 5 stars.
16 of 19 people found this review helpful.

This book represents the core of what is wrong with corporate America today. This book is packaged with a CD that has software on it used throughout the book. What they don't tell you anywhere is that you must register the software using a unique and one time only coupon in the cd pouch. Furthermore the software then expires in 120 days. To not mention this limitation that basically makes the book useless for resale is very deceitful on the part of the publisher and the company that supplied the software. Never have I seen such B.S. before as this when it comes for games that publishers play!!! THIS INFORMATION SHOULD HAVE BEEN IN BIG BOLD LETTERS -- YOU CANNOT RESELL THIS BOOK DUE TO THE ONE-TIME USE OF THE ENCLOSED CD SOFTWARE --

Editorial Review:

Master the skills necessary to launch and complete a successful computer investigation with the updated edition of this highly successful book, Guide to Computer Forensics and Investigations. This text will teach readers how to conduct a high-tech investigation, from acquiring digital evidence to reporting its findings. Coverage includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. The comprehensive coverage and detailed know-how led to the book being listed as recommended reading by the FBI Forensics Communications the United States Certified reading room. The book features free downloads of the latest forensic software, so students become familiar with the tools of the trade.

File System Forensic Analysis

Brian Carrier

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 48 new & used starting at $32.13

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Networking -> Network Security

Customer Reviews:
Total reviews: 24 Average rating: 5.0 of 5

Editorial Review:

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques

Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.

Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools-including tools he personally developed. Coverage includes

• Preserving the digital crime scene and duplicating hard disks for "dead analysis"
• Identifying hidden data on a disk's Host Protected Area (HPA)
• Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
• Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
• Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
• Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
• Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
• Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) (Radia Perlman Series in Computer Networking and Security)

Edward Skoudis, Tom Liston

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Prentice Hall PTR Amazon Marketplace: 46 new & used starting at $27.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Networking -> Network Security

Customer Reviews:
Total reviews: 42 Average rating: 5.0 of 5

Editorial Review:

For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks. For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You'll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.

Important features of this new edition include

• All-new "anatomy-of-an-attack" scenarios and tools
• An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more
• Fully updated coverage of reconnaissance tools, including Nmap port scanning and "Google hacking"
• New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit
• New information on dangerous, hard-to-detect, kernel-mode rootkits

How to Cheat at Configuring Exchange Server 2007: Including Outlook Web, Mobile, and Voice Access (How to Cheat) (How to Cheat)

Henrik Walther

Amazon Price: $26.37 List Price: $39.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 44 new & used starting at $23.97

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Networking -> Data in the Enterprise -> Client-Server Systems

Customer Reviews:
Total reviews: 10 Average rating: 4.5 of 5

Great Resource for Exchange 2007!! 5 out of 5 stars.
3 of 3 people found this review helpful.

I haven't sat down and read the entire book, I have mainly used it as a reference, but it has been a big help so far. The other day I was online reading some documentation on certificates with Exchange 2007, and I was about to print the article because it was so detailed and helpful, when I realized it was an excerpt from this book that I already owned. So I took out the book and read it there instead. I've got a pocket guide and one other reference guide, but this is the one I use most often.

Editorial Review:

According to Microsoft, Exchange Server delivers over 75% of all corporate e-mail. The 2007 release is the fist major overhaul since 2003. It attempts to address the challenge of delivering greater performance and accessibility while increasing protection against a new generation of high risk security threats. Microsoft has added many new features that dramatically improve the scope of Exchange Server and the Outlook web client, positioning the platform as a groupware and collaboration tool that is accessible to remote and wireless users as will as those wired directly to the corporate intranet. The typical SysAdmin needs a reference that cuts through all the complexity and seldom-used features to get the product successfully deployed as efficiently as possible---exactly the job of the "How to Cheat" series.

Security Metrics: Replacing Fear, Uncertainty, and Doubt

Andrew Jaquith

Amazon Price: $31.49 List Price: $49.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 47 new & used starting at $27.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Web Development -> Security & Encryption -> Encryption
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Networking -> Network Security

Customer Reviews:
Total reviews: 19 Average rating: 4.5 of 5

Editorial Review:

<>The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations

 

Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.

 

Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management.

 

Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to:

 

• Replace nonstop crisis response with a systematic approach to security improvement

• Understand the differences between “good” and “bad” metrics

• Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk

• Quantify the effectiveness of security acquisition, implementation, and other program activities

• Organize, aggregate, and analyze your data to bring out key insights

• Use visualization to understand and communicate security issues more clearly

• Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources

• Implement balanced scorecards that present compact, holistic views of organizational security effectiveness

 

Whether you’re an engineer or consultant responsible for security and reporting to management–or an executive who needs better information for decision-making–Security Metrics is the resource you have been searching for.

 

Andrew Jaquith, program manager for Yankee Group’s Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist.

 

Foreword         

Preface            

Acknowledgments         

About the Author           

Chapter 1          Introduction: Escaping the Hamster Wheel of Pain          

Chapter 2          Defining Security Metrics           

Chapter 3          Diagnosing Problems and Measuring Technical Security  

Chapter 4          Measuring Program Effectiveness           

Chapter 5          Analysis Techniques     

Chapter 6          Visualization     

Chapter 7          Automating Metrics Calculations

Chapter 8          Designing Security Scorecards  

Index