Good book with novel attack vectors | Hacking: The Next Generation (Animal Guide)

Great Book! | Hacking: The Next Generation (Animal Guide) | Nitesh Dhanjani, Billy Rios, ...

books:


	• Hacking: The Next Generation (Animal Guide) Nitesh Dhanjani, Billy Rios, ... O'Reilly Media, 2009 - 304 pages average customer review:based on 9 reviews view larger image
	for more information click here

highly recommended

No serious programmer should be without this expose

Also recommended for such a collection is Nitesh Dhanjani, Billy Rios and Brett Hardin's HACKING: THE NEXT GENERATION, a survey of hacking and internet issues and emerging attack vectors. From new hacks that try to exploit technical flaws to hacks from individuals via social networking sites and abuse in cloud formations, no serious programmer should be without this expose.

Good book with novel attack vectors

I do agree with previous positive reviews. This book describes some novel attack vectors (e.g. related to social networking), which haven't been covered before anywhere else. It's a mile wide and an inch deep, but it will make you reconsider security of your organization.
Do get it. It's an easy read, thin, and a good addition to your bookshelf.
[...]

for more information click here

Great Book!

This is a great read if you are interested in understanding what types of things make your systems and identity vulnerable to hacking. I basically read it cover to cover in a single sitting, I could not put it down. This is not a book that tells you how to secure your systems against various threats, but rather explains in detail how threats arise and how they are exploited. If you are a software professional interested in building secure systems or just interested in how to protect yourself online I highly recommend this book.

for more information click here

A Good Introduction to Today's Top Threats

It's almost cliché to talk about how quickly things change in the IT world. When you're talking about IT security, though, "quickly" is an understatement. Why, then, do many of today's "hacking" books seem like they might have been written in 1999? Attackers have progressed beyond the scan-and-exploit phase; shouldn't your understanding of the threatscape evolve to match?

That is precisely the premise of "Hacking: The Next Generation." In fact, the title is a bit of a misnomer. It's not talking about the next generation of hacking at all; it's talking about the *current* one, albeit a generation of hacking that many security organizations haven't caught up with yet.

I first saw this book in the store, and a quick glance through the Table of Contents got me pretty excited. I saw topics like mobile security, the phishing underground, targeted attacks against company executives and (the big selling point for me) attacks against cloud computing. In fact, I was so excited to read it that I ordered it from Amazon on the spot, through my phone. After having read this book, I can say that it lived up to most of my expectations.

First off, this is a book about high end attackers, professionals who select their targets carefully, do their research and have a clear goal in mind. The authors' focus seems to be primarily organized crime, but they also cover motivated insiders and to a much lesser extent, nation-state actors. Collectively, these types of attackers are known in the trade as "Advanced Persistent Threats", or "APT".

Secondly, I really liked the fact that the book emphasizes what I will call an intelligence-based approach. APT is notorious for doing their homework and uncovering a shocking amount of information about their targets before the attack itself ever even begins. It's appropriate, therefore, that the book begins with a chapter on information gathering via search engines and other public sources. It also has an entire chapter describing how an attacker could use this public information to identify likely targets in an organization and map out their social and professional connections to identify potential weaknesses to exploit via social engineering.

One of the standout chapters was Chapter 5 ("Cloud Insecurity: Sharing the Cloud with Your Enemy"). There are many definitions of "cloud" computing, the this chapter picks two leading examples (Amazon's EC2 and Google's App Engine) and discusses how these services work and several ways an attacker with access to these same public clouds could begin to attack systems deployed there. Even if you have no experience with cloud computing, this chapter provides enough background to allow you to understand and evaluate the risks that the authors bring to light.

There are a few areas for improvement in this book, though, that kept me from being able to assign a full five stars to this review. For a book about the "next" generation of hacking, many parts read like they could have been written 5, 10 or even 15 years ago. Chapter 3 ("The Way it Works: There is no Patch") discusses password sniffing, email spoofing and ARP poisoning, all techniques that are over a decade old. Although they are still seen in the real world, each of them has been covered better elsewhere. This chapter is just a glaring anachronism compared to some of the others, and it detracts from the "Next Generation" focus in a very distracting way.

Chapter 6 ("Abusing Mobile Devices") is also pretty weak. In a "Next Generation" chapter on mobile devices, I expected to see coverage of iPhones, BlackBerries and other popular smart phones. Instead, the authors' chose to focus on laptops and insecure Wi-Fi access. If you really want to know how to spoof an access point to read someone's email in the local Starbucks, I'd suggest buying another book that covers the topic in more detail. As it is, I was very disappointed that the authors chose to waste space on this topic when there are much more modern techniques being used in the real world.

Overall, "Hacking: The Next Generation" is a solid overview of the techniques used by some of today's top threats. It provides a good overview of the kind of intelligence-driven attacks you're likely to see from APT. Although parts of this book seem like they're looking backwards rather than forwards, the rest of the book more than makes up for those flaws.

for more information click here

Timely, Meaningful, and Useful

"Hacking: The Next Generation" is a unique and valuable book -- it covers an important topic (hacking) in a meaningful and useful manner and it addresses issues of immediate import. This is not a book that will "date" itself due to its "current affairs" bent -- this publication covers issues and ideas that will remain relevant in the future.

I found this book's coverage of "people" as a security concern on par with "technology" to be on the mark. While technical topics such as blended threats and cloud infrastructure are covered in significant detail, this publication balances detail with the bigger picture and perspective well.

The authors, Nitesh Dhanjani and Billy Rios, provide some interesting and useful case studies to underscore and contextualize their points. Well-written and eye-opening, this is a book for anyone concerned with hacking.

Highly recommended.

for more information click here

With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.

You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.

Learn how "inside out" techniques can poke holes into protected networks Understand the new wave of "blended threats" that take advantage of multiple application vulnerabilities to steal corporate data Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited Prevent attacks against the mobile workforce and their devices containing valuable data Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations

for more information click here

reviews: page 1, 2

hot