Rating:
(29 reviews)
Author: Visit Amazon's Michal Zalewski Page
ISBN : 1593270461
New from $26.98
Format: PDF
Free download Free Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks from 4shared, mediafire, hotfile, and mirror link
Review
A series of explorations that take our ‘professional paranoid’ mentality and examine some issues we seldom consider. --
Internet Review Project, July 2005A very good introduction to the intricacies of certain security problems and a very extensive guide to passive reconnaissance. --
Help Net Security, June 24, 2005An innovative twist on otherwise boring aspects of network security… hours of enjoyable reading for any self-proclaimed security enthusiast. --
TechIMO, June 3, 2005 http://www.techimo.com/articles/i249.htmlDo-it-yourself ethos pervades the book... this broad mindset can uncover major security flaws — but not where you’d think. --
Enterprise Systems, June 22, 2005 http://www.esj.com/Security/article.aspx?EditorialsID=1426I was hooked... I give this book a 7 out of 10 for an interesting read. --
Edmonton Linux User Group, June 2005If you are a 'hacker' type in the old sense of the word... you will probably find this book intriguing. --
;login:, October 2005Not only thinking outside the box, but twisting the box, shaking it, and finding a way to exploit it. --
WatchGuard Wire, June 13, 2005 http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.SotWThe discovery of a technical book in this style is cool. --
IEEE Cipher, May 14, 2005 http://www.ieee-security.org/Cipher/BookReviews/2005/zalewski_by_bruen.htmlThis follows the story of a piece of information from the first key-press to the other end of the wire. --
Book News UK, May 17, 2005 http://www.booknews.co.uk/What makes it a joy to read are the author's appealing humility, sense of humor and vast knowledge. --
Open.ITWorld.com, June 1, 2005 http://open.itworld.com/5040/nls_unixsilencewire050602/page_1.htmlAbout the Author
Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's "Browser Security Handbook," and numerous important research papers.
Direct download links available for Free Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
- Paperback: 312 pages
- Publisher: No Starch Press (April 15, 2005)
- Language: English
- ISBN-10: 1593270461
- ISBN-13: 978-1593270469
- Product Dimensions: 7 x 9 inches
- Shipping Weight: 1.2 pounds (View shipping rates and policies)
Free Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
I received Silence on the Wire (SOTW) almost one year ago. When I first tried reading the book, I couldn't get past Ch 1. In fact, I didn't try reading anything for three months, hoping I could re-engage SOTW. Eventually I put SOTW aside and read other books, only to return to SOTW this week. I'm glad I gave SOTW a second chance. There's plenty to like in this book if you look for the details that interest you.
Don't get me wrong; SOTW is one of the most innovative and original computing books available. You will find it even more interesting if you are not familiar with many of the works the author summarizes or describes. Those of you who have been active for the last 5-10 years will recognize research on poor Initial Sequence Numbers, various timing attacks, remotely counting hosts behind NAT, and so on. In some cases the author added novel insights to this old research, or presented related but obscure new variations. NAT detection via MSS clamping (Ch 11) is one example.
In some cases the author describes really cool techniques based on research I had not encountered. Parasitic storage and getting remote hosts to solve computational problems (Ch 16) are amazing ideas. Kudos to the author for including a bibliography, with references to many interesting papers.
SOTW suffers from one major flaw. SOTW sometimes wastes far too much time getting to "the point." For example, Ch 2 spends 20 pages explaining internal CPU workings and logic gates before finally talking about timing attacks. This bothered me on two fronts. One, many readers do not need a rehash of computing basics. Two, I was less inclined to slog through those 20 pages because I did not know why they were included.
Irrespective of the myriad proclamations of systems or products being hackerproof, bulletproof and the like; given enough time and money, everything is breakable. Security purists may argue that one-time pads are provably and perfectly secure. While that is correct in the pristine halls of academic cryptography, the real world is littered with many one-time pads of dubious security.
The fact that everything is breakable from an information security perspective is good news to Luddites and bad news for the paranoid. Hopefully, most people fall between those two opposites and with that, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is an fascinating book on knowing when to be suspicious and when to be complacent.
The premise of the book is that there are countless ways that a potential attacker can intercept information and sniff data. The title points out that these silent stealth-like attacks are often difficult to detect, and all the more so to defend against. The better you understand the threats, the better you can monitor and defend against them.
The author writes about his work with data reconnaissance and details how computers and networks operate, with a special emphasis on how they process and transmit data. With such transmissions, there are significant security threats; which is what this book details.
Make note that this is not a For Dummies type of book. It is written for security engineers and experienced system administrators that have a heavy background in networking and security. Electronic engineers will feel very much at home with the many schematics and encodings in the code. The book is written for those that are very comfortable with programming and complex networks.
-
Download Link 2