Musings
- Book Reviews
Here we are gathering book reviews on information and network security, management, and leadership.
Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart - October 31st, 2008
Book Review: Crimeware, by Jakobsson and Ramzan - July 12th, 2008
Book Review: Dreams from My Father, by Barack Obama - February 4th, 2008
Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen - January 11th, 2008
Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath - January 2nd, 2008
Book Review: Geekonomics, by David Rice - December 27th, 2007
Book Review: End-to-End Network Security, by Omar Santos - December 6th, 2007
Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone - November 27th, 2007
Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor - October 31st, 2007
Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb - October 27th, 2007
The Best Security Books to have in your library - October 25th, 2007
Book Review: The Age of Speed, by Vince Poscente - October 2nd, 2007
Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz - August 21st, 2007
Book Review: Seduced by Success by Robert J. Herbold - June 26th, 2007
Book Review: Selling Blue Elephants, by Moskowitz and Gofman - June 25th, 2007
Book Review of Snow Crash leads to Second Life - April 18th, 2007
Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause - February 20th, 2007
Book Review - Information Security Law: Control of Digital Assets - February 19th, 2007
Book Review - Cisco Network Admission Control - January 1st, 2007
Book Review: The Art of Software Security Assessment - December 19th, 2006
Book Review: Crimeware, by Jakobsson and Ramzan
July 12th, 2008
By Stephen Northcutt
Version 1.1
Crimeware, by Jakobsson and Ramzan, sets a new standard for security books. It is both eminently pragmatic and, at the same time, a scholarly work. I thought I knew a bit about malware, but I learned tons from the book. I struggled a bit with 16.2 Crimeware-Resistant Authentication and encourage the authors to take another look at that when they do a second edition, and this book simply must have a second edition. It will also be interesting to see if the taxonomy, Chapter 2, takes hold. It would seem like we need a bit more of a classification system than Joanna Rutkowska's type 1 - 3 for our community.
While most authors waste the first few chapters with background information, this book gets right down to it. Now, to be sure, this is background, but it is pretty deep background. My favorite chapter is 7, Botnets, but 6.3 JavaScript is very well done and immediately useful information to know. For a high speed pass, Chapter 8, Rootkits, will get you up to speed, but that needs a whole lot more material to really cover the topic.
As this is an election year, and a crazy one at that, Chapter 10 is a must read; it details a number of ways the election could be impacted. I think a bit about evoting machines might make a scary chapter even scarier. As soon as I finish this review, I need to send a note to a friend of mine concerned about click fraud; the authors do a great job on that in Chapter 11.
And, the best thing, the authors do not just tell you how bad things are - they spend a lot of time talking about defense. And, if I can offer a thank you to the fifty or so researchers that helped with the book, thank you very much, the defensive information community is far better off for your efforts. A must own, must read, and must read soon, if there ever was such a thing. Order it now!