Customer Reviews (56)

must have
this is a must have in todays fast paced world of education and doing it right the first time.

Invaluable!
I regularly use this book in my work and have bought several copies for others -- it's easy to use (will lay flat due to spiral binding), well-organized and an easy read.

My favorite grammar handbook
This is the assigned text in the English composition courses I currently teach.I had used the Little, Brown Handbook in the past.I find Hacker's book to be useful, concise, and pleasant to read.Her explanations are clear, the organization of the book is logical, and the included sections on MLA, APA, and CMS documentation formats are essential.The comb binding (so it lays flat when you open it) and section tabs are also nice.

The sixth edition continues the trend and is, if anything, even better than this fifth edition.

Great Resource
It is a great resource. I use it for work and other writing tasks. Thank you very much.

A writer's reference
This book is required for my online English Composition and it has been helpful for online editing and critiquing.Best part is that Amazon shipped it fast so I got it in one day! ... Read more

Book Description
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools. ... Read more

Customer Reviews (10)

More than just words!
This is an excellent book. Many books of this nature leave you wanting. They talk in complicated jargon, excite you about learning new concepts, and then leave you hanging with no real application of what you are learning. This is not the case with This book.

This book is excellent for both the beginner and the advanced! Plenty of real examples! Walks the beginner through the concepts of foot printing. It explains the technologies and then for the advanced it talks about creating custom code for each vulnerability.

This is a must have for any security professional's library! it was worth every penny!

A Truely Excellent Resource for any Professional Web Hacker!
If you do any type of professional Web Application Assessments then this is your bible.I have read many books on web app assessments and perform many Web Application Assessments for many large companies and government agencies and this is an excellent resource.I use Dafydd's Burp Suite and I can not say enough about it.If you are serious about Web Application security then this is a must read.Thanks to Dafydd and Marcus for a great book.

Kevin

An excellent thorough resource for web application security
This is a great read for anyone interested in the security of modern web applications. It covers the hacking process from mapping the attack surface to exploiting input validation, access control, session management, and authentication vulnerabilities using real-world examples and diagrams. There is an in-depth 100pg chapter on injecting code(e.g. SQL, OS, script, etc injection) and a 95pg chapter on attacking other users(e.g. XSS, request forgery, etc attacks). There is information about bypassing common sanitization techniques in cases where user input is sanitized. The book also covers how to write your own scripts to automate complex attacks. At the end of each section are the steps necessary to defend your application against the attacks that were described with an emphasis on "defense-in-depth"; an approach where one tries to prevent the compromise of the whole application even if one component of it is already compromised.

This book is extremely up to date with its coverage of new AJAX and XSS-type attacks while still covering the relatively old vulnerabilities like buffer overflows and sql injections.

The authors are both professional penetration testers which gives them credibility over the information they provide in this book, and one of them is the author of the excellent free web application hacking tool called Burp Suite.

I would recommend this book to anyone that has a basic knowledge of how the Web works (http, javascript, cookies, html, and basics of a programming language like php or java) although you could learn these technologies as you are reading the book which would take some more time.

Everything You Need to Know
This is the most important IT security title written in the past year ormore.Why?Custom web applications offer more opportunities for exploitation than all of the publicized vulnerabilities your hear about combined.This book gives expert treatment to the subject.I found the writing to be very clear and concise in this 727 page volume.There is minimal fluff.While everything is clearly explained, this is not a beginners book.The authors assume that you can read html, JavaScript, etc...Usually with a book like this there are a few really good chapters and some so-so chapters, but that's not the case here.Chapters 3-18 in this book rock all the way through.Another huge plus is the tools in this book are free.

The first few chapters provide context and background information.Chapter 3 on Web Application Technologies provides particularly useful background info.The next 666 pages of the book are all about attacking the applications.

There next five chapters cover mapping application functionality, client side controls, authentication, sessions, and access controls.The coverage is comprehensive.I'm not new to these topics, but I learned so much in every chapter.The depth of coverage is amazing.

The next six chapters are the heart of this book.They cover injection, path traversal, application logic, XSS and related attacks, automating attacks, and information disclosure.You'll find full treatment of attacks we're all familiar with like SQL injection and cross site scripting as well as many that most of us haven't heard of before.The danger is real and these chapters need to be read.

The final next four chapters cover attacks against compiled applications, application architecture, web servers, and source code. The final two chapters are more useful as a quick reference.They provide an overview of the tools covered throughout the book and describe attack methodology discussed throughout the book for exploiting each technology.

This book scores five easily based on the relevance and value of the information.

excellent
This book is a complete guide and very easy to read. Simple said it's GOOD.

Mauri ... Read more

Customer Reviews (14)

This is a fantastic book!
I have a virtual calculator called the DIY Calculator that accompanies my own book "How Computers Do Math" The Definitive Guide to How Computers Do Math : Featuring the Virtual DIY Calculator.

I recently added a "Conundrums, Puzzles, and Posers" section to the "Programs and Subroutines" page on my DIY Calculator website ([...]) and I've started to build a collection of simple puzzles for people to play with.

One of the first problems I posed was to count the number of ones in the 8-bit accumulator and to present the result as a binary value. I thought I had discovered the best-possible solution, until someone pointed me in the direction of the "Hacker's Delight". (In this context, "Hacker" refers to a hero who is manipulating code; not a nefarious rapscallion who breaks into other people's computer systems.)

I immediately ordered a copy from Amazon, and took delivery just yesterday as I pen these words. This book is fantastic - I kid you not - on the first page of Chapter 2, for example, I discovered at least five or six capriciously clever tricks that blew my solutions out of the water!

I highly recommend this book.

Absolute essential
This book is an absolute essential to the right reader. That right reader is either a low-level coder, a high-level logic designer, or someone who builds tools and libraries for same. In other words, not a lot of people. This is hacking at its bit-level finest, though. If you're among those few, or think you might be, or want a good laugh at the people who are, dig in.

It's good for things like counting the number of 1 bits in a word-length integer (hint: if you count the bits, you're doing it the hard way). It's good for things like fast division by an integer constant, or mod to a constant integer modulus (hint: if you perform division by dividing, you're barking up the wrong tree). If you can look into a 32x32 bit multiplication and see a convolution going on, you're way ahead of the game. The only tricks I know that didn't appear here are A) for purposes that almost no one has or B) for machines that almost no one has.

Warren presents the coolest collection of slimy coding tricks ever collected, with full attention to the number of machine cycles and the compiler-writer's unique needs. I've seen a lot, and this is by far the biggest and coolest collection around. I have two complaints, though, a small one and a really big one. The small one is that the author didn't score a direct bullseye on my somewhat offbeat needs. Well, he never tried to - that's just me griping that he didn't write a different book. The big complaint is that pages, lots of them, just fluttered out of this pricey book and onto the floor. GRRR. This takes nothing away from the content of the book, until some critical page flutters off never to be seen again. Still, if you can keep a rubber band around it, this will be one of the deepest mines of coolness in your uber-geek library.

//wiredweird

Fun, interesting and useful
My first introduction to binary operators wizardry was in a 1st year, 1st semester course in Digital Systems at the Technion, IIT. I thought it was fun. While I was trying to write a computer program to compute Karnaugh Maps for me, I run into performance problems, and then some binary hackery helped me get back on the horse.

Since then, whenever I come across some binary trick I write it down with a few examples of usage and sometimes with some reasoning why it works.

Then came "Hacker's Delight" and I felt compelled to buy it.

I wasn't disappointed at all! Not only it contained all of the tricks that I have collected, but also it contains a lot more in depth examples of how these tricks can come in handy when trying to squeeze performance from an implementation or save a few more bytes and bits.

The book also gave me a fresh perspective on the implementation of some well known algorithms with the twist of binary arithmetic. This was very enlightening.

I read the "BASICS" chapter (chapter 2) with a single breath of air, and just couldn't leave it down. Not only it was nice to have all these tricks summarized in one book, but also I liked some of the reasoning and the "so-called" proofs.

Remaining chapters were, as I mentioned before, a fresh look for me on known algorithms. This fresh look was through the glasses of binary arithmetic.

I'd recommend this book to anyone who feels comfortable with binary arithmetic and/or computer organization -- even just for the fun of it!

I'd recommend the book to developers who don't necessarily have a sympathy to this topic, but would like a Copy&Paste solution to some problems they have to tackle.

I really enjoyed reading this book, and I will probably reference it from time to time.

A rich resource for low-level arithmetic tricks
The term "hacker" in this book means someone who enjoys making computers do interesting tricks regardless of whether it turns out to be useful, not someone who is intent on circumventing computer security. Plus, how relevant would those kind of tips be coming from a book that was written in 2002? Don't let the author's definition of a hacker fool you, though - the tricks in this book are very useful.

This book is a collection of small programming tricks on various subjects. The presentation is very informal, and the methods use very basic computer math. You should know your binary number system backwards and forwards before you start this book. Either C or assembly language is used to demonstrate the hacks in code form. When assembly language is used, it is that of a fictitious machine that is representative of RISC computers. That is because the tricks are meant to be platform independent.

After disposing of basic arithmetic operations early in the book, the author turns his attention to more complex math problems such as calculating square roots. His discussion of the subject is both complex and simple. First, he explains Newton's method of computing square roots through a page full of equations that require some effort to follow. Then he gives an implementation that requires fewer than twenty lines of C code. This is followed by another method that is longer and more cryptic but executes faster, by using a binary search algorithm. Whether you are interested in the equations or merely need the C code to do your job, these solutions are efficient and elegant.

Other topics addressed include Gray codes, the Hilbert curve, and prime numbers. Gray codes are a method of arranging the integers from 1 to N in a list so that each number can be visited exactly once by flipping only one bit at a time. The Hilbert curve is a similar idea expressed geometrically: a single continuous curve which, given a space divided into a grid of squares, touches every square exactly once and does not cross itself. In each case, both the mathematical discussion and the code to solve the problem are provided.

The chapter on prime numbers is the most challenging mathematically but also one of the most interesting. It starts with a concise overview of various mathematicians' efforts to devise ways of finding prime numbers. The author is one of those people who periodically become fascinated by some problem and devote themselves to learning more about it and searching for a solution. The chapter ends not with the usual code sample, but instead with an invitation to continue the search for interesting solutions to the problem.

Clearly, the author views this book not as a finished collection, but rather as a snapshot of work in progress. After decades of interest-driven research, the author has amassed a collection of studies big enough to fill a book, and it is fortunate for the rest of us that he has written one.

Super Book
They don't make them like this anymore. Amid the "Learning XXX in 21 days" and various other computer book for which depth is almost non existent (and are read like eating peanuts), this is a refreshing book that talks about solutions to sometimes common (IMHO) coding problems.
If you enjoy programming gems, or remember that beyond your C code there is a machine that executes your program, this is the book for you. For example, think how would you count the 1 bits in a 32 bit integer - the book has an elegant solution in log(n). Aside from this, the book has about 50 or so problems, with their solutions (and proof).
Bottom line: fine book, worthy to be near my Knoth, R&K and Stroustrup books. ... Read more

Book Description
"The computer world is like an intellectual Wild West, in which you can shoot anyone you wish with your ideas, if you're willing to risk the consequences. " --from Hackers & Painters: Big Ideas from the Computer Age, by Paul Graham

We are living in the computer age, in a world increasingly designed and engineered by computer programmers and software designers, by people who call themselves hackers.Who are these people, what motivates them, and why should you care?

Consider these facts: Everything around us is turning into computers. Your typewriter is gone, replaced by a computer. Your phone has turned into a computer. So has your camera. Soon your TV will. Your car was not only designed on computers, but has more processing power in it than a room-sized mainframe did in 1970. Letters, encyclopedias, newspapers, and even your local store are being replaced by the Internet.

Hackers & Painters: Big Ideas from the Computer Age, by Paul Graham, explains this world and the motivations of the people who occupy it. In clear, thoughtful prose that draws on illuminating historical examples, Graham takes readers on an unflinching exploration into what he calls "an intellectual Wild West."

The ideas discussed in this book will have a powerful and lasting impact on how we think, how we work, how we develop technology, and how we live. Topics include the importance of beauty in software design, how to make wealth, heresy and free speech, the programming language renaissance, the open-source movement, digital design, internet startups, and more.

And here's a taste of what you'll find in Hackers & Painters:

"In most fields the great work is done early on. The paintings made between 1430 and 1500 are still unsurpassed. Shakespeare appeared just as professional theater was being born, and pushed the medium so far that every playwright since has had to live in his shadow. Albrecht Durer did the same thing with engraving, and Jane Austen with the novel.

Over and over we see the same pattern. A new medium appears, and people are so excited about it that they explore most of its possibilities in the first couple generations. Hacking seems to be in this phase now.

Painting was not, in Leonardo's time, as cool as his work helped make it. How cool hacking turns out to be will depend on what we can do with this new medium."

Andy Hertzfeld, co-creator of the Macintosh computer, says about Hackers & Painters: "Paul Graham is a hacker, painter and a terrific writer.His lucid, humorous prose is brimming with contrarian insight and practical wisdom on writing great code at the intersection of art, science and commerce."

Paul Graham, designer of the new Arc language, was the creator of Yahoo Store, the first web-based application. In addition to his PhD in Computer Science from Harvard, Graham also studied painting at the Rhode Island School of Design and the Accademia di Belle Arti in Florence. ... Read more

Customer Reviews (54)

Unconventional book, unconventional author, surprising points made
The book particularly deals with the nexus between programming, creativity, social commentary, wealth-generation, business-personal-entrepreneurial psychology (his specialty!) and LISP-related stuff. I skipped the programming sections because Im not a programmer. The philosophical commentary was better than 90% of other philosophy books I've read, more cutting and more true-to-life.

Interesting
Paul Graham is very clever (and rich - is that relevant?), however light also bends around his ego.Whether the sum of these qualities is positive is not absolutely clear to me.

If you want to read the best thing that he has written, you might be better served by his book on advanced Lisp programming, which is a monument anybody can be proud of - it comes close behind SICP on my personal list.

And, if you do read this book, I suggest you also look at 'The Science of Art' by Martin Kemp, which gives another perspective on the maybe slightly overweighted metaphor of the title, and the relation between theory and practice it implies.

Airport mall book
In spite of the strong desire to punch the author in the face after finishing the book, there are many great truths inside. Basically why is it that most people think salaries on the same position should be the same if work results differ in orders of magnitude.

Also it's funny to see an ultra-capitalist criticize the western decadent corporate structure. It's The Market for Lemons all over the place.

Don't expect to find anything useful to make a dot com startup on this book. It's all anecdotes from his experience and his quasi-religious views. It's more rhetoric on Lisp than business.

As another reviewer said, read first his online essays before diving into this.

Interesting but don't believe too much
I was entertained and greatly appreciated the view of the author but the many times I completely disagreed (due to very substantiated reasons) made me skeptical of several ideas of the author. But, the reasons for him holding those views is, in and of itself, interesting. He does have several good and controversial ideas and his experiences are quite valuable to read. Most of the time, I found myself flying high with him as he stated things that really need to be said which ran against conventional thought. Other times, I found myself raising my eyebrows in bewilderment. After all, it really is a book about his thoughts so take it as such. His book, his soapbox.

The book reads well but really trails off towards the end. I found myself finishing the book just so I could say I was through with it. The opening chapters are quite entertaining. Read a few chapters that you find interesting and leave it at that.

Nice, but dont expect to learn much
This is a nice little, light book that you can read after a hard day's coding and yet keep smiling. The language and style of writing is really good and makes reading quiet effortless. The topics being probed are of course bound to make you think. I would say, read this collection of essays to help you ponder further, but dont take the opinions too seriously. ... Read more

Amazon.com
Steven Levy's classic book explains why the misuse of the word "hackers" to describe computer criminals does a terrible disservice to many important shapers of the digital revolution. Levy follows members of an MIT model railroad club--a group of brilliant budding electrical engineers and computer innovators--from the late 1950s to the mid-1980s. These eccentric characters used the term "hack" to describe a clever way of improving the electronic system that ran their massive railroad. And as they started designing clever ways to improve computer systems, "hack" moved over with them. These maverick characters were often fanatics who did not always restrict themselves to the letter of the law and who devoted themselves to what became known as "The Hacker Ethic." The book traces the history of hackers, from finagling access to clunky computer-card-punching machines to uncovering the inner secrets of what would become the Internet. This story of brilliant, eccentric, flawed, and often funny people devoted to their dream of a better world will appeal to a wide audience.Book Description
Today, technology is cool.Owning the most powerful computer, the latest high-tech gadget, and the whizziest web site is a status symbol on a par with having a flashy car or a designer suit.And a media obsessed with the digital explosion has reappropriated the term "computer nerd" so that it's practically synonymous with "entrepreneur."Yet, a mere fifteen years ago, wireheads hooked on tweaking endless lines of code were seen as marginal weirdos, outsiders whose world would never resonate with the mainstream.That was before one pioneering work documented the underground computer revolution that was about to change our world forever.With groundbreaking profiles of Bill Gates, Steve Wozniak, MIT's tech Model Railroad Club, and more, Steven Levy's Hackers brilliantly captures a seminal moment when the risk takers and explorers were poised to conquer twentieth-century America's last great frontier.And in the Internet age, "the hacker ethic"--first espoused here--is alive an well. ... Read more

Customer Reviews (81)

A well-written account of computer pioneers - just make sure you're interested in this stuff
As the description mentions, Steven Levy's "Hackers" is not about computer criminals, but refers to the more traditional definition of "someone who delights in having an intimate understanding of the internal workings of a computer and computer network."I purchased this book because I was intrigued with Sierra On-Line, and was interested in learning more about some of the founding software companies and people who became rich from the computer boom of the early 80s.Having just finished Where Wizards Stay Up Late: The Origins Of The Internet about the creation of the Internet, and being bored out of my mind with it, I was hoping "Hackers" would be a little more exciting.Unfortunately, the first half of the book mirrors "Wizards" in a lot of ways and discusses much of the same content.What's more, before purchasing, I had no idea this book was published in 1984 and that it would naturally only discuss computers up to the early 80s.

"Hackers" is divided into three parts:

1.True Hackers - 1946 - mid 70s.This section focuses on the early computer pioneers at MIT, such as the Tech Model Railroad Club, the Lincoln Laboratory, and experimenting with large mainframes such as the PDP-1 and TX-0.It describes in detail how they would spend hours punching in code for these computers to come up with the simplest hacks. I struggled to get through this section. It was so incredibly detailed and filled with minutiae that it took me two months and several breaks to get through the 200+ pages.Some of it was interesting, but there was just so much information I didn't need to know or care about.

2.Hardware Hackers - Mid 70s - 1980.All about the Homebrew Computer Club and the development of early personal computers, focusing on the Altair 8800, TRS-80, development of BASIC, and Stephen Wozniak's creation of the Apple and Apple II Personal Computers.This section was definitely more lively than the first, but there is still nothing that couldn't have been summed up in a 4 or 5 page magazine article or a visit to Wikipedia.

3.Game Hackers - Late 70s - 1982.This section is largely about the development of the game company Sierra On-Line, although the first few chapters spend a lot of time discussing arly game development.This section was the most interesting in the book, especially to gain some insight into the culture that existed in the gamin industry back in its development, but not as exciting as I thought it was going to be.Since the book was published in 1984, there is no mention of the incredibly popular King's Quest series that launched Sierra to the top of the industry.

The main underlying theme of this book is the "hacker ethic," characterized by open access to computers (no passwords), mistrust of authority, computers are beneficial to changing people's lives, and all information should be free.It is very heavily discussed throughout the book and it's implications on the industry and the people in it.If this were a thesis paper about the hacker ethic I would have given Mr. Levy an A+ for staying so on focus.Unfortunately, it's not a thesis paper.If you are purchasing this book for entertainment purposes, make sure you are REALLY interested in early hacker culture.I thought I was but the book was just too dry for me. Not to mention it was hard to keep up with the hundreds of people introduced in the book. On the plus side, it is exceptionally well-researched and hardly seems dated at all.Until I got to the last few chapters, I had no idea the book was over twenty years old.

The positive side of hacking
It's so relieving to see Levy's capture of the positive side of the qualification to be able to hack. I believe the progress in the software and hardware development has been greatly advanced be the qualifications theses people have shown.
When it later comes to the aspect of what this qualification has been used for, the results are more dubious. It is sad, however, that todays meaning of the term hacker seems to cover only the negative side of the history.

Couldn't put it down
Great read on the early days of computer hackers, only wish it was updated (the book ends in the 80's but does include a small update/list of where the main players are in later years (the 90's))

Very well written, it was easy to follow and understand.From the early days at MIT to the later years with Sierra On-Line, this tells of the early hackers and thier acheivements.There are some especially great stories behind the scenes in the later parts of the book.

An amazing insight into the mind of a computer enthusiast
Steven Levy has written a masterpiece, and I will be forever grateful to him for it. Although when I read it (circa year 2001) computers were much more mainstream than the period this book covers (1960s-80s), the book still broke new ground for me. It was before the blogging era, and especially before all the aspiring hackers of the world "united" via a network of blogs, forums, feeds, "planets" (feed collections on specific topics) and link accumulators like Reddit and Digg. In other words, it was much more difficult for me to find people with interests similar to mine.

Or maybe I didn't look hard enough. This is not the point, anyway. The point is that this book took me "out of the closet" as a hacker, proud of my hobby, instead of wondering whether I'm some kind of an autistic freak. Reading it, I understood two things of utmost importance:

1. There were, and there are, many people with my interests and peculiarities. And these are the people that made the computer revolution happen.
2. Somehow, Steven Levy managed to explain in words the reason people find computers and programming so fascinating. In some sense it was a revelation. I kept saying to myself "yes, exactly!" and "ahh, now I understand" very frequently while reading the book.

Here are a couple of great quotes from the book regarding (2):

"What kept him going was his fascination with the machine, how it let you build complicated systems completely under your control."

I heard people referring to this as instant gratification. Engineering is fun, solving problems is fun, and building solutions is fun - this probably has strong roots in the ancestral humans, shaped by evolution to be smarter than other animals. As opposed to other, more "physical" disciplines of engineering, like electrical, mechanical or structural engineering, programming allows you to actually create real and useful things with a computer as your only tool. An electrical engineer may wait for a long time until his board will be produced, and only then he can "play with it". For a computer programmer, things are much simpler. It is very easy and quick to build systems and use them.

"[...] computers were an infinitely flexible artistic medium, one in which you could express yourself by creating your own little universe."

"Code is art" is a very popular notion these days, perhaps coined by Knuth in his "The Art of Computer Programming" books. People do art for fun - they draw, play and compose music, write and design pretty gardens. In this sense, programming is not much different - it is an act of creation and self-expression. It is fun.

As I said, this book is a treasure chest of insightful quotes like the ones above. Levy interviewed most of the who-and-whos in the world of computing from the 1960s in the MIT labs and through the 1980s in the Californian game development companies. In addition to being explanatory of the "hacker nature", the book is also a great historical reference for the early years of computing. How lucky we are these days to have the opportunity to hack so easily. Just a few decades ago, people interested in computers had to use clanky, slow, terminals or worse, batch-processing machines. There are so much free open-source development tools one really doesn't need to spend money on anything further than the hardware - and PCs are cheap and powerful.

I can't recommend this book enough to anyone interested in computing, and programming in particular. As an aid to discovering your internal motivations, you own yourself to read it.

Oh, what might have been...
SL does a fine job of charting the early history of hacking at MIT and Stanford and beyond.As a member of the 3rd-generation-of-hackers generation (though, regretfully, not a hacker myself), I remember well the first personal computers and computer game systems, and the passion of friends and classmates of mine who were among the first to own and cut their programming teeth on them.It's amazing to think how far computers have come in my lifetime, a true technological revolution.SL's book reminds us not only how very near the beginnings of personal computing history we are, but how very far we've drifted from the intellectual and social ideals that marked those beginnings.What a shame that the Hacker utopias Levy describes are no more, and that computers and computing, today, are so enchained to commerce (granted that there are of course many extraordinary applications of computer technology, today, and many more to expect in the future, as well).I can only imagine how disappointed the Greenblatts, Nelsons, Felsensteins, etc., of yesteryear must be.The passing of the Hacker age -- if, indeed, it has passed -- is no less than the passing of a culture, as Richard ("last of the Hackers") Stallman laments.Reading Hackers, especially the opening chapters about the MIT AI-lab hacking community, I found myself wishing that I, too, had been 'present at the creation' and blessed with enormous hacking talent.SL's book is a long trip down many others' very pleasant -- in equal parts exciting and frustrating -- memory lane.As later chapters explore the computer gaming scene, and subsequent generations of hackerism, the subject-matter of Hackers becomes less compelling, and the writing a bit tiresome.I could, for instance, have done without SL's incessant harping on the social akwardnesses and missed sexual gambits of the gamers he profiles, material that reads sophomorically in the extreme.This aside, Hackers is an entertaining and informative piece of sociological journalism.FYI, "Artificial Life", by the same author, is a far better written first-rate piece of science journalism.Hackers is a could-read; Artificial Life is a should-read. ... Read more

Customer Reviews (2)

How It Helped Me!
It has been 26 years since I graduated from college. I just recently retired and have started back to college again. Things like writing research papers have certainly changed during my hiatus from the academic world. I really needed a reference to help me with the papers and someone at the college suggested this book (A Writer's Reference with Help for Writing in the Disciplines). The suggestion was an excellent one, and the book is an enormous help. It's very easy to use, but at the same time is filled with everything and anything you might need. I would definitely recommend it to anyone, but especially someone in my situation.

Easy to read, visually stimulating, clear and concise
I initially ordered this book as a requirement for an undergraduate university program. Although I love researching articles and getting to the bottom of things, I was pretty (embarassingly) unexperienced as far as proper sourcing according to MLA and/or APA styles.


This book is great because it's organized with colourful dividers and easy to read sections, providing the latest up do date info for MLA AND APA formatting. It's actually fun to read because you quickly feel you're getting a hand on this intimidating subject, and it makes it accessible in a clear and concise way. With the sections and dividers you can quickly flip to specific stuff you're looking for without being overwhelmed with the details of other material.

Definitely a must have for anyone considering to write research papers, or delving into other writing adventures...especially for getting into graduate level work! ... Read more

Customer Reviews (26)

A pocket style manual
its an excently book to have handy. its very helpful for every class thats consists of writting.

Pocket Size Portfolio
The pocket size portfolio I received was in great condition and came in a timely manner.

very useful in content and portability.
this book is great because it's compact and has all the info you could ask for involving documentation,grammar,etc.worth the price!

Not for me
Ordered this for my sister, not for me.She needed it for a class.It came pretty fast.

Handy little guide
Pretty niftyactually if a bit pricey for the size. Spiral bound, nicely presented, small enough to fit in a computer bag or purse. It has a section on clarity (tightening sentences, etc.), grammar, punctuation, and mechanics (capitalizing, abbreviating, etc.). There is also a big section on research paper styles, including MLA, APA, and Chicago. Nice layout, clear type, color coded page edges so you can find your section easier. (I've added some sample pictures I scanned of the pages.)

The only reason I didn't give it 5 stars was because of the quality of the cover. Since it is spiral bound it is a bit flimsy. It would be nice if it had a heavier cover to give it some resistance to damage. ... Read more

Customer Reviews (2)

Excellent Writing Resource
This Book is the best writing reference book I have ever used. Just about every writing situation is explained and gives great ideas and provides alternative methods for writing.

Excellent book
This book is excellent for the ones who are learning the rules for writing properly in English. Also, it has exercises online so you can practice what you have learned. ... Read more

Book Description
Prepare for the CEH certification exam with this official review guide and learn how to identify security risks to networks and computers. This easy-to-use guide is organized by exam objectives for quick review so you’ll be able to get the serious preparation you need for the challenging Certified Ethical Hacker certification exam 312-50. As the only review guide officially endorsed by EC-Council, this concise book covers all of the exam objectives and includes a CD with a host of additional study tools. ... Read more

Customer Reviews (10)

Good Summary: However Brief; Some Questions with Errors
I have won Defcon CTF competition now two years in a row and have decided to try to get the CEH certification.I purchased this book primarily for additional questions.This material does not have much depth, however, maybe that is all that is required to pass the CEH exam.I would recommend a preliminary hacking course offered at SANS or BlackHat before trying to read this book.The experience will help you to get more out of the book, and most certainly will assist with your skills development.

Terminology errors would confuse someone not already familiar with the subject matter.
My good friend's 5-year old daughter could have technically proof-read this book more effectively. Errors within the text are about at least 1 per 5 pages. Items from incorrectly using terms like IRQ instead of IRC to including denial of service as an example of gaining access rather than disrupting access - see page 5 of the on-line view. As well a using the term "owning" as having access. Having access does not imply root-level privs. Having root-level privs is real system owning. Assuming the material covered in this book is a accurate reflection of what the test covers (because of the presence of the term "Official" in the title), anyone worth his/her salary in the computer security industry should do just fine taking the test without prep. Based on the very high-level and sometimes mis-leading descriptions of how attacks work and why they are possible, I would equate this cert's value with that of certain vendor certs testing one's ability to click a check-box without truly understanding what checking the check-box does

When choosing to pursue a certification, personally only the ones that prove technical competency are of value to me and become a serious critique for those I hire. CEH does not appear to be a technical cert. It appears to state only that one can run someone else's tools without truly understanding the why, even hinting at the ability to create a tool on one's own, or apply critical thinking to the situation.

Being in the computer security field for a number of years, this book and related letters one would earn after one's name is an embarrassment. This is a horrible book reflecting poorly on any credibility the certification may grant.

Perhaps my expectations are too high when the word "hacker" is involved.

Great book
This is a great study / review guide for anyone ready to take the CEH Cert test. The last week before the test just cram this book into your memory and you should be fine.

IS Auditor's Good Guide
Everything an auditor who need to do network security reviews should know is explained nicely

Not only for the CEH exam
This book is great.Why? Well it's not just because its a great study guide for the CEH exam (Certified Ethical Hacker), but also for the amount of info crammed into a small book.If you're wanting to learn the basics of ethical hacking, then this is the book.Its a quick read, packed full of interesting workable senarios.

What this book is:
1.A great book for your junior security people.
2.Very easy to work through the chapters as labs.
3.Lots of references to cool programs you can find and download.

What this book isn't:
1.Your not going to learn any code.
2.If you're already a better than average hacker this book is not for you.
3.You won't get CEH certified with this book as a stand alone.
4.You do need a basic understanding of networking, security and systems.(This book isnt hacking for dummies). ... Read more

Book Description
David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle and then it shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure. ... Read more

Customer Reviews (4)

Interesting Reading
After reading it I thought "...well what were you expecting?, the keys to the house of Larry Ellison also?". It has interesting information for a non hacker like me, but much of the security problems are in the Oracle source code, and therefore there is not much I can do about it. Yes, now I know what not to do in the new code I program. You have to be a programmer to make sense of the code listings and have seen like dumps of snifers before. The language used by the author is clear for me.

Hope this helps

Nice to read a book with no waffle !!!
Have just read this book this week and it was a nice read, especialy after some of the c***p I have been reading lately!

Basicaly - If your systems estate has Oracle - Then you MUST read this.

I like this book, its good and the author really does know his stuff - its a light weight (easy to carry) book and good value for money

Some nice C / Java Snipets - so it helps if you know C.

This book is like a knife... you can cut the bread or you can kill with it...
When I have started with this book I was amazed and afraid both. By this book all those tricks of SQL injections in Oracle has started to be a public knowledge. So this book is like a knife... you can cut the bread or you can kill with it. :) But let's be honest. It is always better to know especially when you are DBA, because of you are always far behind the attackers who probably spend their lifetime on browsing the code for security flaws. For that reason everyone how is responsible for practical Oracle security should read this book and learn how to defend. I belive that this book will grow in the future and will provide more & more examples. That is the game we use to play. New releases, new bugs, new flaws, new workarounds and finally some vendor final fixes. That is how oracle security process cycle should work. It is worth to be mentioned that in terms of quality, David Litchfield has started completly new period in cycle.

Oracle Hacker's Handbook review
The Oracle Hacker's Handbook (OHH) is a collection of techniques that could be used by an attacker to gain unauthorised access to an Oracle database server upto and including 10gR2. Most of these techniques are currently not public, so OHH is both new knowledge for an attacker and vital warning to those responsible for securing Oracle servers.
In a nutshell the new attacks include how to gain the version number remotely, brute force usernames, gain passwords/hashes from the OS, attack the listener, escalate privilege internally through PLSQL Packages and Triggers both directly and indirectly as well as defeating VPD. These attacks are illustrated both directly and through application server. By using these techniques and by accessing the Oracle files directly through the OS an attacker would be able to gain DBA privileges on most secured servers. Additionally using the code examples included an attacker could gain password hashes and then the actual DBA clear text password from the network using the password decryption code included. This will work even with complex quoted passwords.
This is the most effective public analysis of security vulnerabilities in Oracle products so far.
OHH is a technical book and not really an introduction to the subject though it could be picked up reasonably quickly as the text avoids unnecessary jargon.
The book could be enhanced by including more on defense strategies, such as, how to prepare and respond to an attack where the attacker has gained the clear text DBA password.
OHH has a free download site for pre-written proof of concept code which will helps avoid unnecessary typing. From a general readability point of view the book is concise and to the point. The sections are logically laid out and the examples have worked when tested. I would recommend those involved in Oracle security to read this book as soon as they can. ... Read more

Customer Reviews (14)

A rule of thumb
A formidable book aimed at helping young students to master the rules and syntax of the English grammar.

GOOD BUY!!!!!
The prompt delivery was a plus, and the product was in better quality than I thought. Buy from this guys they are good.

School Books
Good book for rules on writing.Excellent for anyone in any kind of writing class, or if you just want the rules on writing.

Rules For Writers
Comprehensive grammar book.Great sections on APA and MLA format writing.

The best writing reference I've found for the SAT Writing Section
I'm an SAT tutor, and I haven't been thrilled with many of the grammar/usage/writing SAT books on the market.They usually do a decent job on a few topics but not all topics.I'm getting this book for every one of my students (and my own son) because it will not only help them with the SAT writing section but it serves as the best ongoing reference for their use in school.I haven't tried the CD-ROM yet (sold separately) but it has over 1000 practice exercises. ... Read more

Customer Reviews (17)

review
The Bedford Handbook
I was satisfied with my order, and was delivered as it said

good
i ordered it and got it in a very good condition and in time. customer service is awesome. my blessings. keep up the good work.

Hacker lite, but not light enough
Diana Hacker has an English comp book for any possible usage, she grinds them out every few years.My college requires me to use this book as a handbook.That is unfortunate.

Of course, this book provides a basic explanation of English composition, grammar, documentation, and document design and critical reading.However, the attempt in this case is to present something that is lighter than Rules for Writers, a full scale manual that is sufficient to use as the only text for a college composition course or as a full writers reference, and her Writers Reference, which is a good handy handbook that is inadequate as a full course book, but is great as a rule book to be used by students taking a course using another text.

Usuing this book, I have had to create supplements from web material for issues that I expect to be covered fully in a college handbook such as the requirements of formal writing.

To be sure there are interesting illustrations and graphics and like her other books, the text is intimately linked with the enormous online network that Hacker and her publishers have created. It is not an awful book to use, but I would prefer Rules for Writers, Jane E. Aaron's Litte Brown Handbook, or Writer's reference.

definately a help!
this book is good for when you're writing essays and you can't remember a certain format or something and you can flip through the book real quick for examples of essays, outlines and thesis statements, although I wish i had the cd version of it so i can always have it with me instead of toting around the book. they could have made the format of the book better.

for instance i remember seeing a book called "A Writers reference" both are MLA format and one came from my community college and just the way its put together is better over all than this one.

An Excellent Guide
The Bedford Handbook is an excellent guide for anyone enrolled in a college English course. The book gives details on correct grammar usage, as well as descriptions of different essay styles. The book is very helpful to me with my English class. ... Read more

Book Description

The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.

Customer Reviews (8)

Everything needed for readers to test their skills
HACKER'S CHALLENGE 3: 20 BRAND-NEW FORENSIC SCENARIOS AND SOLUTIONS comes from too-tier security experts who offer 20 new real-world network security incidents to allow readers to test computer forensics skills and responses. From phishing and internal corporate hacking to wireless and Linux hacks, each challenge includes an in-depth explanation of the incident, how it was detected, and provides technical logs and network maps: everything needed for readers to test their skills at solving the incident. And yes, detailed analysis of successful results appear at the end.

Diane C. Donovan
California Bookwatch

Still entertaining, still educational
I read and reviewed HC1 in Nov 01, and HC2 in Jan 03.Now in Aug 06, I'm happy to be reading Hacker's Challenge 3 (HC3).Like its predecessors, HC3 is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.

The 20 challenges cover the following: phishing, DNS cache poisoning, Web app hacking (multiple), anonymous FTP abuse, wireless misconfigurations and abuse, social engineering, disgruntled soon-to-be-ex-employees, malware, password reuse, p2p abuse, router exploitation, XSS, and an iSCSI compromise.The last of these was my favorite because I have not seen this in the field yet.Almost all of the other exploits will seem familiar to anyone performing security consulting.

I believe all of the HC books are wonderful learning and discussion tools for junior security analysts.I would caution them to not accept the "approved solutions" as the proper way to conduct incident response and forensics, however.In 4 or perhaps 5 of the 20 cases, the IR process commenced with direct examination of suspected systems.In other words, admins or security folks jumped right onto possibly compromised hosts and began searching for clues of intrusion.

This is not the proper way to perform IR, yet I saw it demonstrated in Chs 4, 6, 9, and 12.Ch 12, p 119 was especially disappointing -- "the obvious place to begin the investigation is the Oracle server."Wrong -- unless you want to contaminate evidence, tip off the intruder, or introduce other problems into the security equation.

One of Anton Chuvakin's cases demonstrated a better way to approach the IR problem -- look for application logs, firewall records, and network traces first.Avoid touching suspected victims until there is no other option, and then do so carefully.

I do not intend to say through my comments that this process was universally ignored in HC3.Several times proper host-based IR procedures are followed, when using forensic live CDs or obtaining hard drive images.However, please keep my comments in mind while reading HC3.Since the book claims to be based on real events, it's possible the authors are retelling flawed investigations by their customers!

Overall, I definitely recommend reading HC3 if you are new to security or if you need to quiz your newer employees.The book is technically sound (except for a mention of Windows 2002 on p 265) and entertaining.Kudos for the HC3 team for sharing their creative ideas with us.

Reads like a suspense novel!
One of the best ways to teach is via the use of examples. This book is chock full of real world forensic scenarios along with their solutions. As the author of a forensics book myself, I understand and appreciate the hard work that these four brilliant individuals have put into this excellent text. We need to see more books like this in the future!

A Digest of the New World of Hack Attacks
What struck me about this book is that the attacks are all brand new.This isn't just a rehash of the same old attacks we read about over and over again, nor is it a rehash of the attacks - but on steroids - from the previous Hacker's Challenge books.The day of the simple port scan and null session enumeration are long gone.Today's world is much more complicated and scarier.Hacker's Challenge 3 proves it.

And these aren't off-the-wall attacks cooked up in hidden computer labs by researchers.They're the type of threats now, unfortunately, becoming more commonplace to any one in information security.

The chapters on phishing are real-life and could've been taken right out of the playbook of an actual attack perpetrated against a real bank.The steps for investigating, tracking down and bringing down malicious phishing sites closely follow those actually taken by information security professionals on the job.

Another attack presented is pharming, a new and frightening type of DNS poisoning that threatens financial and e-commerce web sites.The description of the attacks is very accurate.It's almost as if you were working with the team trying to block the attack.

Hacker's Challenge 3 is written by a star-studded cast of well-known industry players, each a top notch expert in their specialty in the field.

For each attack, this book provides a complete set of steps for detection, resolution, prevention and evasion of future attacks.There are detailed examples of the forensics examination used to track down both the attack and its offending attackers, including samples of analyzed logs and data that would be used by an actual threat and incident management team in action on a case.

Each chapter has a series of questions that add to the material and provide thought-provoking points for further discussion.

This is a digest of the new world of Twenty-First Century attacks that should be read by every information security professional.

Fun and informative read
What I like about this book is that the technical information is at a level where amateurs will not be overwhelmed while seasoned pros will not be bored.

The format is also very nice because you become involved in the solution rather than just having technical information thrown at you.

Finally, and most important to me, the solutions to the challenges are technically correct.

The book is certainly a good read.
... Read more

Book Description

The CEH certification shows knowledge of network penetration testing skills. The CEH exam takes three hours and 125 questions, requiring a broad and deep knowledge of network security issues. The CEH Exam Prep is the perfect solution for this challenge, giving you the solid, in-depth coverage you'll need to score higher on the exam.

Along with the most current CEH content, the book also contains the elements that make Exam Preps such strong study aides: comprehensive coverage of exam topics, end-of-chapter review, practice questions, Exam Alerts, Fast Facts, plus an entire practice exam to test your understanding of the material. The book also features MeasureUp's innovative testing software, to help you drill and practice your way to higher scores.

Customer Reviews (15)

Great book
This book is a great. Not recommended to people with low expirience in Computers or Information Technology. You should have a strong foundation in systems and different Operating Systems. This book has tons of relevnat, strong, new age information on todays Systems and software. GREAT BUY!

Excellent preparation book for the exam, makes you not a Ethical Hacker.
This book I used for reference material to prepare for the CEH Exam. There is also a review guide for CEH, see Amazon for this book (CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50 by Kimberly Graves). Beware: this is a REVIEW guide. Personally I think that this book (Certified Ethical Hacker Exam Prep, Que Publishing by Michael Gregg) is great for a start and you don't need the other review book.

The exam consists of 150 questions with sometimes deep technical detailed questions. You'll need certainly a good knowledge about protocols and typical behaviour of it but nevertheless this will not make you an ethical hacker. This takes much much more experience, dedication and years of work in the field.
Besides that; you will need lots and lots of other material to prepare yourself for the exam and to build up knowledge in general. For example; buy the guide of "professor Messer" to get additional knowledge on the Nmap tool. The book is however a great guide in the sometimes complex material.

I think this book is easy to read, the author did a great job on this. Second there is a good roll up of all the issues that where discussed in every chapter. I think CEH is a typically focussed on the Windows Platform. This not a problem for me because this is my expertise area anyway but unix and linux is touched lightly.

With that in mind, great guide for preparing, buy some other stuff or search the internet for additional material.

Rob Faber [CISSP, CEH, MCSE]
Security Consultant
The Netherlands

Some errors but hackers don't care about grammer.
My teach kept saying how he threw the book at the wall when he saw the first error. So don't believe everything word for word in this book. Try some of the stuff out it tells you about to help ya learn about it. The book has a lot of good information. It'd be nice though if they could get a new edition out with the errors fixed.

Exam Prep is definitely a help
I purchased this book after taking the 5 day CEH course so I could focus on practicing questions.The book compliments the course, but please do not think that studying this book alone prepares you for the exam or qualifies you to be a Certified Ethical Hacker.The writing style makes it easy to read, and I appreciate the few jokes inserted here and there.The book covers most of the topics for the exam, but I feel you need to go to the ec-council site to understand what will be convered on the exam.I did some of the exercises in this book, and they were helpful and interesting.However they are nothing compared to the exercises you do in the actual CEH class.In conclusion, I suggest using this book as an aid in preparing for the exam, but it doesn't replace the depth of knowledge and experience you get in the class.I would buy other books from the author.

Very effective book
The previous poster did bring up a good point: this book will not teach you how to hack.It WILL help you pass the CEH exam. It lays a very good foundation, and the only reason I give it 4 stars was because it was lacking the detail and depth to be fully comprehensive.

Keep in mind, that this book is meant for people who do have an administration background and who happen to be pretty familiar with Linux and Windows.The book is written for that group of people because without that experience, you probably won't have the experience necessary to be a CEH.

I happen to read all 3 books for the CEH that are listed on Amazon.The Sybex book, the EC-council book, and this book.By far, this book was the best out of the 3.The Sybex book was a waste of money as it wasn't as good as this book and it had even less depth.The EC-council book had a bit more detail in some topics, although it lacked cohesion and was poor at presenting the thought behind it.I think this book and the EC-council book compliment each other, and give you a pretty good idea of what you actually need to know. I would start with this book and finish up with the EC-council book and/or courseware.My reasoning is that you should set the foundation first and this book does that.

Also, as with hacking, google is an excellent resource.These two books won't be enough to fill all the holes, but the internet is a damned good filler.

In conclusion this book provides for pretty good preparation for the actual test, and is a comfortable read.

ABOUT THE TEST:

150 questions, you have 4 hours.I took only 2 and scored an 86%. 70% is passing.I studied for only two weeks, but have extensive background in the subject area.

The test is very specific, and you are expected to know the material in detail - NOT just concepts.The test is geared towards people with security experience, and the test questions are true to that purpose.It will be very difficult to pass if you:
1) Don't know linux
2) Don't understand Microsoft's OS and operations
3) never actually used any of the hacking tools

Linux is not a MAJOR part of the test, but there are enough questions on linux command line operations to make a difference.

Keep in mind, just reading alone will not let you pass this test.It is very important that you try out the most popular and important tools (firsthand!).You will be asked about specific commands, and be expected to know them.Know nmap, snort, hping2, tracert and tcpdump down cold. Know the ICMP codes and types. The only way you learn this stuff is to actually practice it.

This really isn't an entry level test at all.Even if you know all your stuff, the test isn't easy to pass.I'd strongly encourage that people take some practice with actual pen testing before they try this test (use vmware to simulate a target if you cant throw a home made lab together).If you don't actually try this stuff out, your odds of passing will plummet.

About 10% of the questions are what I'd consider bad questions - either they are unclear, or ambiguous or poorly word... Without violating the NDA - one of the questions parallel the following examples: Can you establish tcp sessions while spoofing your ip address?The answer is: it depends - are you sniffing the outgoing traffic? If so, then it is certainly possible.. otherwise there is no way you'll establish a tcp connection. What if the question doesn't specify, and the answer hinges on this?This type of ambiguous situation happened on at least 10 questions. This will lose you points right off the bat, because to no fault of your own you won't be able to determine the valid answers.

Good luck!

... Read more

Customer Reviews (1)

Good supplement
The exercises in this manual are very good--challenging and appropriate extensions to the concepts introduced in Hacker's book (which is, by the way, an outstanding reference book).However, I would have appreciated answers to all of the exercises, not just some of them.As an English teacher, I can deduce the correct answers, but some of the questions lend themselves to multiple interpretations, and it is not always clear what Hacker and Van Goor have in mind as correct answers.For example, in a section on concise sentences, they suggest that a long sentence can be compressed into ten words (I am estimating, as I do not have the book in front of me).I could come up withan eight-word sentence and a twelve-word sentence, but I was left guessing as to what might be the ten-word sentence they had in mind.

I use this book for tutoring and not classroom teaching, however.I can see the value of the book for high school or college teachers whose students have copies of the book and who are asked to complete the exercises on their own.The lack of a complete answer key, then, can be an asset. ... Read more

Book Description

Like other kids in the Bedford-Stuyvesant neighborhood of Brooklyn, Ejovi Nuwere grew up among thugs and drug dealers. When he was eleven, he helped form a gang; at twelve, he attempted suicide. In his large, extended family, one uncle was a career criminal, one a graduate student with his own computer. By the time Ejovi was fourteen, he was spending as much time on the computer as his uncle was. Within a year he was well on his way to a hacking career that would lead him to one of the most audacious and potentially dangerous computer break-ins of all time, secret until now.

Customer Reviews (3)

I think even my mother would like this book!
The first part of the book deals entirely with the authors plight of growing up in a very rough area of town and the struggles that he faces with on a day to day basis.Apart from the first 4 or 5 pages, which contained a fast moving account of what happens when a rogue Chief Technology Officer gets sacked, for the first 71 pages I was wondering whether a differnet book had been slipped inside the jacket of hacker cracker as there was no mention of computers at all. The story was still pretty interesting though.Eventually he gets round to his first experience with computers and his encounters with hacking and the addictiveness of it all.Eventually the story ends up with a moving account of being at the site of the twin towers on 9/11 and a very touching part about a strange whistling noise (which I won't explain as it is a bit of a spoiler).An easy read and not really the usual hacker biography type book. I think this is partly due to the fact that the author is assuming his readers are not technical as some of the explanations (IRC for example) are very basic and some are almost "media stereotypical assumptions" of what really goes on.
As the theme of the book is the struggle to overcome and make life a lot better for his family, the target audience for this book is increased beyond the geek and I think even my mother would like this book!

Intercity computer whiz-kid(pretty good book)
Ejovi Nuwere is from Bedford Stuyvesant a neighborhood in brooklyn he comes from somewhat of a brokenhome doesnot really know his father and has a mother who does just about anything in the world for her children but she is a drug addict and has Aids he lives with his grandmother uncle and brother and numerous others that hang out at his grandmothers apartment were something is always going on.

He faces the struggles most other intercity kids face with the gangs,drugs poverty and violence but he seems to pick up on the fact that the gangs and drugs are a losing way to go.In one part of the book while he attend a school for the performing arts he ends up joining a gang just for his own protection but it seem a somewhat differant type of gang besides the violence they where teaching the members. While in school he had a few brushes with some basic IBM computer but when he hooked up with the principal and asst. principal who had apple mac he started to develop a real interest in computer and this interest was fed by the uncle who also lived with who had a computer and would let Ejovi many 10-14 hour days on.
Along with another computer hacker he had met in school they begin getting into hacker chat rooms and learning and developing their skills and trying to make a name as is the thing to do in the hacker community.With his knowledge and desire to succede he ends starting to get jobs while still a teenager and as time goes on decides that full time may not be the way to go one thing for sure it does not pay the bills
Alot of the computer hacking involves stolen credit cards and manufactured cards one story when Ejovi couldnot stand it and decided to buy his own computer with a stolen number and has the computer delivered to a run down building nextdoor and the FBI ends up coming was pretty funny story.

This is a pretty good book about somebody having the drive and desire to succcede even living in tough and living through tough conditions and making it along the way he also takes up a form of kung fu.It was a little difficult at times understanding some of the computer stuff for a novice like me but there are definitions in the back of the book and he describes thing pretty good.

American Dream Story
This is an amazing story of a young man who goes from nothing to something, using technology. After reading this I was inspired to do something with my life!

If you like hacking, if you like feel good stories, if you like excitement, this book has all of that! ... Read more

Book Description
Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download. ... Read more

Customer Reviews (7)

Coverage of many databases, but not as coherent as it should be
The Database Hacker's Handbook (TDHH) is unique for two reasons.First, it is written by experts who spend their lives breaking database systems.Their depth of knowledge is unparalleled.Second, TDHH addresses security for Oracle, IBM DB2, IBM Informix, Sybase ASE, MySQL, Microsoft SQL Server, and PostgreSQL.No other database security book discusses as many products.For this reason, TDHH merits four stars.If a second edition of the book addresses some of my later suggestions, five stars should be easy to achieve.

The first issue I would like to see addressed in a second edition of TDHH is the removal of the 60 pages of C code scattered throughout the book.The code is already provided on the publisher's Web site, and its appearance in a 500 page book adds little.The three pages of characters (that's the best way to describe it) on pages 313-315 in Ch 19 are really beyond what any person should be expected to type.

The second issue involves general presentation.Many chapters end abruptly with no conclusion or summary.Several times I thought "Is that it?"Chapters 2, 5, 7, 10, 13, 15, 18, 21 and 22 all end suddenly.The editor should have told the authors to end those chapters with summaries, as appear in other chapters.On a related note, some of the "chapters" are exceptionally short; Ch 9 and 12 are each 3 pages, for example.Chapters that short are an indication the book is not organized well.

The final issue involves discussion of various databases.I preferred the "Hacking Exposed" style of the 2003 book SQL Server Security, which included Dave Litchfield and Bill Grindlay as co-authors.That book spent more time introducing the fundamentals of database functions before explaining how to break them.For example, more background on PL/SQL would be helpful.With 60 pages of code removed, that leaves plenty of room for such discussion in the second edition.

On the positive side, I thought TDHH started strong with Ch 1.The Oracle security advice was very strong.I thought the time delay tactic for extracting bit-by-bit information from the database was also exceptionally clever.

Although I have not read it, I believe Implementing Database Security and Auditing by Ron Ben Natan might be a good complement to TDHH.Natan's book appears to take a functional approach, whereas TDHH takes a product-specific approach.The drawback of the product-centric approach is repetition of general security advice, such as enabling encryption, disabling default accounts, etc.

At the end of the day TDHH is still a revealing and powerful book.Anyone responsible for database security should refer to the sections of the book covering their database.I also recommend keeping an eye on the Next Generation Security Software Web site for the latest on database security issues.You should also see the authors speak at security conferences whenever possible.

Just as good as I expected
So, there I was. I was about to buy a new book and I really had to think hard about what to buy - after reading The Shellcoders Handbook, I was really interested in grabbing a copy of this book, in the end, that's exactly what I did.

I am happy with my decision to the fullest extent. Not only was it a great brother to The Shellcoders Handbook, but it was also just good reading in general. It covers seven of the most popular databases around, and each section of the book goes over it's history, it's flaws, how to propogate after a successful exploit, and finally how to lock down your database. You'd be suprised at how easily and how asinine some of the flaws found in database servers are - it's almost laughable, some of the flaws that many servers have been prone to are ridiculous.

The book, like it's brother, covers information that is somewhat dependent on context, but the general concepts you will see and learn are going to remain relevent to all types of research related to the topic at hand for a long time to come.

If you own the Shellcoders Handbook -- or even if you don't --, you should not at all miss on this, The Database Hacker's Handbook: Defending Database Servers is something security enthusiasts everywhere should have on their shelfs.

Dave is amazing!
Wow - I had to have this book. They are right, he explains everything wrong with Oracle and all about vulnerabilities and exploits.

Important Book For Database and Security Admins
David Litchfield is arguably the foremost expert and evangelist when it comes to database security. He, and his team of compatriots from Next Generation Security Software, have written a book that any database or security administrator should be familiar with.

Even if some of the attacks or exploits described in the book were previously obscure or unknown, the fact that they have been outlined in this book means that administrators need to know about them and defend against them before the "bad guys" read this book and take advantage of them.

One of the best aspects of this book is the way it is organized. Splitting the book into sections devoted to specific database systems makes it exceptionally simple and convenient to use. If you only use MySQL, you can skip all of the information regarding Oracle or Microsoft SQL Server, and just focus on the section of the book that applies to you.

Within each section, the authors provide a tremendous wealth of knowledge. Aside from describing weaknesses, potential exploits and protective measures to defend against them, they also look at the general architecture and the methods of authentication used by the database.

Any database admin should have a copy of this on their desk.

Attacking Database Servers
My review relates only to the Oracle chapters.

This is the first book to actually expose real Oracle hacks. Most security books are just glorified papers on Oracle security, written by people in grey suits with image consultants.

The real fun of this book is in the "Attacking Oracle" chapter. These guys gave the phrase "thinking outside of the box" real meaning. They look for a feature or bug open to the security attack, then they shake it until it breaks. You will see exploits of AUTHID, PL/SQL injections, app. server, dbms_sql.parse bug,... most of them relevant to 9i and 10g versions.

The hacks are mainly in the sections called "Real-World Examples". Most of the exploits are already patched by Oracle and they are also available on hacking forums, but there were some new ones that were quite a revelation.

The security recommendations in the "Securing Oracle" chapter were too general, you can probably find Internet white papers on hardening Oracle that give more details. But, this book is not really about hardening Oracle, even if it says "Defending Database Servers" with small, blue letters on the front cover. This book is about attacking database servers.

I have seen David Litchfield's previous work and I am sure he knows (and has tried) more than what is written here. Can we expect to see that in "The Hacker's Handbook" part II? ... Read more

Customer Reviews (2)

Good Title - Expected More From the Update
I have the previous version of the book and enjoyed it.I was hoping for more of an update when I bought this version.There is a lot of the material that is still the same.However, it you don't own a previous copy it's a good security book to check out. 3 to 4 stars.

Still a great book on essential security tools
I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002, and the second edition (AHT:2E) in June 2004.AHT:3E was published in February 2006.I continue to like AHT, because it addresses many of the tools an operational security professional should know how to use.I'll point out the differences between AHT:2E and AHT:3E, then offer some suggestions for AHT:4E.

The introduction lists the same "changes in the third edition" that are listed in AHT:2E.I would expect this part of AHT:3E to be different from AHT:2E!Ch 1 adds Netcat6 and mentions SBD.Ch 3 adds Virtual PC and Gnoppix.Ch 4 drops NetScan Tools, SuperScan, and Udp_scan.Ch 5 is updated to talk about Win XP SP2 and Win 2k3 Server.Ch 6 drops HFNetChk but adds MBSAv2 and updates Winfingerprint to 0.6.2.Ch 7 adds Libwhisker and Burp, while dropping Stealth, Achilles, and WebSleuth.Ch 8 drops PassFilt.dll and adds PWDump3 and PWDump4.Ch 9 adds Clamav.Ch 12 drops STAT, Retina, and Internet Scanner, and adds Cain and Able.Ch 18 adds Shokdial.Ch 21 adds FTK Imager and SMART.Ch 22 adds Dcfldd and Split.Ch 24 adds ReadPST, ReadDBX, Encase Forensic, FTK, NetAnalysis, and Web Historian.Ch 25 drops Xvi32.Ch 26 is entirely new, albeit 8 pages.

The following chapters were largely the same: 2, 10, 11, 13-17, 19, 20, and 23.A few may have had a new case study or a minor tweak.Security pro Mike Shema seems to have done a lot of the work revising old material.You can see his command prompt and tool output timestamps showing references to mid-2005.

However, old material from AHT:1E remains, like talk of FreeBSD 4.3 BETA and Red Hat Linux 6.1 (kernel 2.2.12) in Ch 1.TheVnode discussion on pp 653-4 no longer works on FreeBSD, but I posted a new method to my blog.

I believe AHT:3E would merit a fifth star if it dropped clearly old material and beefed up its newer sections.For example, AHT:3E spends 17 pages explaining Tripwire (free and commercial), despite the use of newer open source alternative like Osiris, AIDE, or Samhain.AHT:3E devotes almost 20 pages to really old back doors and remote access tools like Netbus, Back Orifice, SubSeven, and Loki.The book includes 10 pages on Ipchains, which went out of style years ago.I think sections like those should be cut entirely, or maybe moved onto a CD-ROM or Web site, to make room for more detail on Cain and Able and other newer projects.

Overall, I still like AHT:3E, but I would like to see a more thorough scrub in AHT:4E.If you don't have AHT:2E or AHT:1E, you should buy AHT:3E.If you have either of those books, you might want to wait for AHT:4E. ... Read more

Book Description

LAN Switch Security: What Hackers Know About Your Switches

A practical guide to hardening Layer 2 devices and stopping campus network attacks

Eric Vyncke

Christopher Paggen, CCIE® No. 2659

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.

Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches.

After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks.

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars.

Christopher Paggen, CCIE® No. 2659, obtained a degree in computer science from IESSL in Liège (Belgium) and a master’s degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area.

Contributing Authors:

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.

Steinthor Bjarnason is a consulting engineer for Cisco.

Ken Hook is a switch security solution manager for Cisco.

Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco.

• Use port security to protect against CAM attacks

• Prevent spanning-tree attacks

• Isolate VLANs with proper configuration techniques

• Protect against rogue DHCP servers

• Block ARP snooping

• Prevent IPv6 neighbor discovery and router solicitation exploitation

• Identify Power over Ethernet vulnerabilities

• Mitigate risks from HSRP and VRPP

• Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols

• Understand and prevent DoS attacks against switches

• Enforce simple wirespeed security policies with ACLs

• Implement user authentication on a port base with IEEE 802.1x

• Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press—Security

Covers: Ethernet Switch Security

$60.00 USA / $69.00 CAN

LAN Switch Security: What Hackers Know About Your Switches

A practical guide to hardening Layer 2 devices and stopping campus network attacks

Eric Vyncke

Christopher Paggen, CCIE® No. 2659

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.

Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches.

After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks.

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars.

Christopher Paggen, CCIE® No. 2659, obtained a degree in computer science from IESSL in Liège (Belgium) and a master’s degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area.

Contributing Authors:

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.

Steinthor Bjarnason is a consulting engineer for Cisco.

Ken Hook is a switch security solution manager for Cisco.

Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco.

• Use port security to protect against CAM attacks

• Prevent spanning-tree attacks

• Isolate VLANs with proper configuration techniques

• Protect against rogue DHCP servers

• Block ARP snooping

• Prevent IPv6 neighbor discovery and router solicitation exploitation

• Identify Power over Ethernet vulnerabilities

• Mitigate risks from HSRP and VRPP

  ... ... Read more

  Customer Reviews (8)

  Good switching book
  This is a thin book, its about an inch thick. I like the way the book is layed out. First there is an overview of the technology, then the vulnerability is discussed, then a recommendation is made to correct the problem. I think the authors make excellent explanitions of the technologies without a lot of code and command line examples.
  
  I think the detailed explanitions of the technologies are insiteful for experts as well as understandable and helpful for thoughs new to the field. This book is not going to give exaustive commandline text output. It does help explain each subject using meaningful words.

  A truly needed book
  This book leaps into layer 2 action with a MAC flooding attack. In the next chapter we take aim at Spanning Tree Protocol (STP). Surely this is an intentional decision by the authors to get the reader saying where is the defense?
  
  Chapter 4, is one of my favorites, a security discussion on VLANS including an introductory use of the attack tool, Yersinia ( the swiss army knife of layer 2 attacks). The material is challenging, very technical, but the authors take pains to be as clear as possible.
  
  As the book moves on, with the solid foundation we build, we then consider DHCP, ARP, IPv6 discovery, Power over Ethernet, HSRP, more esoteric protocols. A real jewel is found in part II of the book, I learned so much about how a switch works ( or can be made not to work ). We finish off with Denial of Service, netflow, RMON, and worms. Well, not exactly, great book, you will never think about layer 2 the same way again. You will never think of a switch as a mindless toaster or an appliance that is not significant from a security perspective.
  
  The beginning and the ending of the book is the reason I did not score it five stars, but let me be clear, the middle of the book is more than worth the cost of buying LAN Switch Security and the time it takes to read it. Just start at Chapter 2.
  
  I wish the authors could have skipped chapter 1, the introduction to security. It is such a high level overview that it really does not help. Cisco book do this a lot, may I suggest that the title series manager create a really good introduction to security and just have all the Cisco books link to it. Anyone who has a prayer of understanding the stuff after Chapter 1, already knows all the content in Chapter 1. They also try to cover 802.1X in a chapter, wheeee! Other than those two nits, you have to give this book two thumbs up!

  Fills a void that had existed far too long
  Vyncke and Paggen delve deep into Layer 2 in "LAN Switch Security", and with a twist: where the run-of-the-mill switching work mainly discusses how Layer 2 works, this book is exclusively focussed on how it breaks.
  
  They start with straightfoward stuff, e.g. how a bridge learns MAC addresses, and how this process can be frustrated by means of flooding a switch with large numbers of spoofed MAC addresses, or how ARP poisoning can be used to play man-in-the-middle. Quickly, however, they move into more avdanced topics, like manipulating the spanning tree protocol process, VLAN hopping by means of stacking .1q tags, and a variety of indecent tricks to play on a HRSP or VRRP redundant router
  setup. And that is but a tiny subset of the range they treat. Other technolgies extensively discussed areDTP, DHCP, IPv6, PoE, CDP, VTP, CoPP, NetFlow, ACLs, .1x, and .1ae. In each case the intriguing angle is "OK, we know how it works, can we learn how it breaks?".
  
  The text is well enriched with examples, down to IOS CLI examples, and examples of attack tooling like yersinia. These examples are rather Cisco centric, but it is easy to see how the same ideas would apply generically, so that is not a big issue. What I also like it that the authors sometimes take a step back from the bits and bytes, and try to see a bigger picture, e.g. discussing the fundamental differences between data plane attacks and control plane attacks.
  
  For each topic, the authors discuss various alternatives of mitigation, sometimes to the point where it seems rather obvious ("Disable this functionality when you do not need it", "Do not expose trunk protocols towards end stations"). I feel especialy the later chapters could have benefitted from the scruntity of a professional editor, as the text sometimes drifts away into vagueness. That is a pity, as on the whole, the book is well written.
  
  What got me most excited about "LAN Switch Security" is that, as far as I know, no previous book was ever dedicatedly devoted to breaking Layer 2. Also, for many of the protocols discussed (CDP, VTP, DTP) it is almost impossible to find usefull detailed information in a high-level book, as these protocols are mostly only discussed in the context of certification course material, which the generally interested reader would not so easily read, and with good reason.
  
  In my opinion this book is mandatory reading for two categories of readers. First, the network designer / administrator who is busy on a day-to-day basis designing / administrating a corporate network should read this, so he becomes actutely aware of the tremendous amount of rope they he has in his hands, and how he probably has been hanging himself with it.
  
  Secondly, the IT security architect who has a deep knowledge of how complex systems invariably become insure systems, should read this so he gains a better knowledge of relevant aspects of Layer 2 networking.
  
  As my colleague recently put it: "Layer 2 is big fun". I could not agree more, and heartily thank Vyncke and Paggen for finally writing the book that fills a void that had existed far too long in this area.
  
  Dr. Jan Joris Vereijken, CISSP

  Good intro into layer 2 attacks
  LAN Switch Security by Eric Vyncke and Christopher Paggen is a strong introduction to an overview of the types of Layer 2 vulnerabilities and attacks that are possible today.I am impressed that Mr. Paggen assisted on this book, as he is a respected leader within Cisco concerning layer 2, and has had valuable contributions in other works (aka Christophe Paggen).
  
  Chapter 5 shows a detailed DHCP snoop.I enjoyed chapter 6, which discusses different ARP attacks.Chapter 13, concerning control plane policing, gives a good introduction to an area of study that is lacking in documentation.
  
  As other reviewers have mentioned, there are some glaring typos within this book.The intro to MACOF on page 28 I must have read 10 times to understand what their were expressing.Page 173 is weak on discussing VTP attacks and mitigations.
  
  One concern I have with this book is the heavy reliance on a layer 2 attack tool called Yersinia.My issue is more simply because I am such a newbie to UNIX, that I have been unable to install Yersinia properly.While this is admittedly my fault, because I cannot use Yersinia, I am unable to mimic large portions of this book.While the screen shots of the effects of using Yersinia leaves me wanting to mimic the attacks, I am forced to sit on the sidelines.
  
  I must admit that I am rather shocked by Richard Betjlich's 3 star review of this book and his comment concerning Hacking Exposed Cisco Networks Exposed (HECN).I am of the opposite consideration, and would rather look at LAN Switch Security, first, rather than turn to HECN.This is more because I am so unimpressed with HECN than because of the value of this book (see my Amazon review of HECN).I greatly respect Mr. Betjlich's view, and his lowly review of this book makes me question my own judgment.
  
  I am still attempting to load Yersinia, and if so, I hope to better be able to utilize the examples in this book.I believe this book gives the best evidence available in a book as to what to look out for in terms of layer 2 vulnerabilities and how to mitigate these risks.
  
  I give this book 4 pings out of 5:
  !!!.!

  Great idea, but not executed as well as the subject deserves
  I really looked forward to reading LAN Switch Security (LSS), simply because it covered layer 2 issues.These days application security, rootkits, and similar topics get all the press, but the foundation of the network is still critical.Unfortunately, LSS disappointed me enough to warrant this three star review.I'm afraid those before me who wrote five star reviews 1) don't read enough other books or 2) don't set their expectations high enough.
  
  Let me first say I am not anti-Cisco, nor anti-Cisco-book.For an earlier Cisco Press book I wrote "I really enjoyed reading Cisco Router Firewall Security (CRFS) by Richard Deal. This book delivers just what a technical Cisco book should: discussion of concepts, explanation of command syntax, and practical examples." LSS, however, is not what I like to see in a Cisco book.It suffers the major flaw found in almost all technical books featuring large numbers of writers (LSS has 2 authors, 4 contributors, 2 tech editors): incoherence and overlapping discussions.Furthermore, many of these contributors do not write clearly.I found large sections to be disjointed and inconsistent.It is clear that no one stepped up to the plate to see if the finished product made any sense from the reader's perspective.
  
  The second major problem with this book is that older books easily overpower LSS.For example, in March 2006 I gave Hacking Exposed: Cisco Networks (HECN) four stars.HECN covers many of the same topics as LSS, more clearly, with more syntax, and better explanations.Anyone who wants to buy a book about layer 2 security should start with HECN.If you don't want to buy a book, just download the free 86-page Cisco IOS Switch Security Configuration Guide published by NSA.
  
  If you read HECN or the NSA guide, you'll be struck by the amount of configuration syntax in those resources.If you glance through LSS you'll see syntax, but (and this bothered me greatly) not for all the features discussed.For example, LSS ch 16 (Wire Speed Access Control Lists) features sections titled "Working with RACL", "Working with VACL", and "Working with PACL".That's great -- six pages (pp 263-268), with no command syntax!Sure, you can read about using VACLs for traffic capture, but where are the examples?If you tell me they are the same as other examples, I want to see the proof.This is the sort of glaring omission that really frustrated me.
  
  I did like some of LSS.I thought attacks against link aggregation protocols, discussions of control plane policy, and spanning tree protocol were interesting.Adding discussions of ARP spoofing a remote gateway using Yersinia would have been helpful.There's a decent number of typos (POP != "point of presence", replace "Ethernet" with "IP" on p 235), but technically the book seemed sound.(One of the authors was kind enough to confirm the p 235 typo; I wanted to be sure I hadn't missed something important.)
  
  I notice Cisco is publishing a book titled Router Security Strategies: Securing IP Network Traffic Planes in December.Presumably that will be a counterpart to this title, except at layer 3.I hope that new book avoids the mistakes made by LSS. ... Read more