Showing posts with label encryption. Show all posts
Showing posts with label encryption. Show all posts

Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives Review

Posted by Ashley Baker on 5/12/2013 / Labels: , , , , / Comments: (0)
Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives
Average Reviews:

(More customer reviews)Are you looking to buy Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives? Here is the right place to find the great deals. we can offer discounts of up to 90% on Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives ReviewThis is not a book about security and defending yourself from spying but the basics of why one might consider spying on other members of their family. Whether because they suspect infidelity, criminal activity or some other concern there are a lot of reasons why people might want to find out what others are doing on their computer. A very important point made in the beginning of the book is the question of the ethics of spying including the effect it has on the trust of a relationship. The authors also point out that sometimes spying is much less of an ethical consideration. Sometimes it might be part of protecting your children from online predators or other real dangers.
The book covers the basics of spying including creating a plan, getting the right software or hardware to implement the plan and actual implementation. The authors do a good job of pointing out how we leave tracks behind and how to get rid of those tracks as well as how to exploit them.
Written for the novice user it starts at the very beginning with things like how to open the command prompt and running explorer. From there it goes on to look at more basic as well as intermediate level techniques. The authors even include information on some rather advanced software such as ethereal (one of my personal favorites). It does give you a solid understanding of what the different software is capable of doing but really doesn't provide a thorough treatment of any of them. In the case of Ethereal and Snort both have complete books written about how to use them effectively so obviously part of a chapter barely scratches the surface of what can be done.
For the most part it teaches the easier ways of finding out information without using difficult advanced tools. It includes how to access areas where passwords, usernames, etc. are stored as well as directories and files that do not show up in explorer unless you know how to hand-enter the path to them.
Whether you are spying on someone's web browsing, e-mail, internet chat, or instant messaging the basics are all here. They even include information on how to remove evidence of your activities and ways to tell if you are being watched.
These techniques are mainly for local network spying and not for use over the Internet. Although still subject to many ethical and other considerations, for the purpose of finding out what is going on within your local network Cyber Spying is highly recommended.Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives OverviewThis book shows everyday computer users how to become cyber-sleuths. It takes readers through the many different issues involved in spying on someone online. It begins with an explanation of reasons and ethics, covers the psychology of spying, describes computer and network basics, and takes readers step-by-step through many common online activities, and shows what can be done to compromise them. The book's final section describes personal privacy and counter-spy techniques. By teaching by both theory and example this book empowers readers to take charge of their computers and feel confident they can be aware of the different online activities their families engage in.Expert authors have worked at Fortune 500 companies, NASA, CIA, NSA and all reside now at Sytex, one of the largest government providers of IT services. *Targets an area that is not addressed by other books: black hat techniques for computer security at the personal computer level. *Targets a wide audience: personal computer users, specifically those interested in the online activities of their families.

Want to learn more information about Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

CWSP Guide to Wireless Security Review

Posted by Ashley Baker on 4/04/2013 / Labels: , / Comments: (0)
CWSP Guide to Wireless Security
Average Reviews:

(More customer reviews)Are you looking to buy CWSP Guide to Wireless Security? Here is the right place to find the great deals. we can offer discounts of up to 90% on CWSP Guide to Wireless Security. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

CWSP Guide to Wireless Security ReviewLike how the information is presented throughout the book. Easy to read and contains good images. Many essential terms/subjects and a very good book for anyone wanting to learn about wireless networks and security.CWSP Guide to Wireless Security OverviewCWSP Guide to Wireless Security is a hands-on guide to defending wireless networks against attacks. It prepares students for the Certified Wireless Security Professional (CWSP) certification from Planet3.

Want to learn more information about CWSP Guide to Wireless Security?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Stealing the Network: How to Own a Shadow Review

Posted by Ashley Baker on 11/30/2012 / Labels: , , , , , , , , , / Comments: (0)
Stealing the Network: How to Own a Shadow
Average Reviews:

(More customer reviews)Are you looking to buy Stealing the Network: How to Own a Shadow? Here is the right place to find the great deals. we can offer discounts of up to 90% on Stealing the Network: How to Own a Shadow. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Stealing the Network: How to Own a Shadow ReviewDid you enjoy the previous three Stealing the Network books? Are you looking for more? Then move along now, nothing to see here.
The prior books were interesting because they introduced the reader to new ideas or new angles on old ideas, then moved on without belaboring them. If you wanted more details, there were often URLs provided. The last two tied the stories together with the intriguing Knuth character. But the folks running the project chose to switch to a new format, with fewer characters and stories, not to mention fewer authors, and fewer ways to split the profits.
After three books with the same (proven) formula, it's understandable the authors would want to try something new. Alas, it's a disaster.
Welcome to "How to Own a Shadow," aka "The SQL Injection Adventures of Pawn." Pawn is one of the new characters in this volume, and is the first StN character I hoped would get shot to death by the cops in a mini-mall parking lot. Yes, he's that irritating. Particularly after reading 40 pages about his childhood as a high-functioning autistic (or something like that), and around 100 pages of him performing SQL injection attacks. Most of which is totally unrelated to Knuth. Note to the authors: SQL injection is interesting, but if you want to write a book about it, just write a book about it. I even gave you a title, what more do you want? You can even recycle much of this book, like you recycled part of the last one here.
Oh, you noticed the real subtitle of the book, "The Chase for Knuth." First, one chases _after_ fugitives, and hunts or searches _for_ them. Not that it matters, because there's not much chasing or hunting going on in this book. There isn't much Knuth, either. We see him in the first hundred pages, which is mostly about his son analyzing poker software. That's the last we see of either of them. Because, really, this is "The Biography of Pawn." We do get 50 pages of Knuth at the end of the book, but don't get excited: it's all from the last book, added as obvious filler.
Speaking of filler, there's a 17 page advertorial thrown in for BiDiBLAH, which is commercial software by SensePost. Oddly enough, they're listed as technical advisors for the book. I'm sure it's a fine app, but the authors have forgotten about Knuth again, since it has nothing to do with the story. If it had been relevant, it might have been a less obnoxious addition.
Not everything is bad. There's a brief bit about RFID, which of course turns into how to use RFID for SQL attacks. We get to meet Knuth's supposedly dead wife, and a charming shrew she is. All in all, though, this book isn't worth reading unless you're a truly devoted fan of the series, or SQL. I'm still a fan of the previous books, and I hope the authors can recapture what made them so intriguing for their next book. I won't be buying that one until I'm sure it's not Book Two of the Pawn Saga, however.Stealing the Network: How to Own a Shadow OverviewThe best-selling Stealing the Network series reaches its climactic conclusion as law enforcement and organized crime form a high-tech web in an attempt to bring down the shadowy hacker-villain known as Knuth in the most technically sophisticated Stealing book yet.Stealing the Network: How to Own a Shadow is the final book in Syngress' ground breaking, best-selling, Stealing the Network series. As with previous title, How to Own a Shadow is a fictional story that demonstrates accurate, highly detailed scenarios of computer intrusions and counter-strikes. In How to Own a Thief, Knuth, the master-mind, shadowy figure from previous books, is tracked across the world and the Web by cyber adversaries with skill to match his own. Readers will be amazed at how Knuth, Law Enforcement, and Organized crime twist and torque everything from game stations, printers and fax machines to service provider class switches and routers steal, deceive, and obfuscate. From physical security to open source information gathering, Stealing the Network: How to Own a Shadow will entertain and educate the reader on every page. The book's companion Web site will also provide special, behind-the-scenes details and hacks for the reader to join in the chase for Knuth. The final book in the Stealing the Network series will be a must read for the 50,000 readers worldwide of the first three titles The companion Web site to the book will provide challenging scenarios from the book to allow the reader to track down Knuth Law enforcement and security professionals will gain practical, technical knowledge for apprehending the most supplicated cyber-adversaries

Want to learn more information about Stealing the Network: How to Own a Shadow?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

UNIX and Linux Forensic Analysis DVD Toolkit Review

Posted by Ashley Baker on 9/05/2012 / Labels: , , , , , , , , , / Comments: (0)
UNIX and Linux Forensic Analysis DVD Toolkit
Average Reviews:

(More customer reviews)Are you looking to buy UNIX and Linux Forensic Analysis DVD Toolkit? Here is the right place to find the great deals. we can offer discounts of up to 90% on UNIX and Linux Forensic Analysis DVD Toolkit. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

UNIX and Linux Forensic Analysis DVD Toolkit ReviewThe title may mislead readers to believe that this book discusses actual forensics of Unix and Linux systems. It does not. The authors waste precious pages in this short book discussing their favorite cool Linux apps like Nessus and Metasploit but don't have any meaningful discussion about the various flavors of Unix: AIX, Solaris, *BSD, etc. Their "Unix and Linux" forensic book is almost entirely about Linux. There is no thoughtful discussion about filesystem forensics; no technical detail helpful to Forensic Examiners.
The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.
The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By "incomplete" I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).
There is a section entitled "Malware" except that no malware sample is actually examined. The reader is briefly introduced to Panda's AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner. Forensic Examiners should pay very close attention to AntiVirus product comparative reviews.
The book cover boasts that this is the "only digital forensic analysis book for *nix". Indeed there may be little in the way of books solely dedicated to Unix forensics but other books cover Unix forensics with greater detail than this one. For example, Brian Carrier's "Filesystem Forensic Analysis" or Jones, Bejtlich and Rose's "Real Digital Forensics".
The book cover also boasts that readers can "Hit the ground running" with the information within. Unfortunately, if readers expect the content to help them bridge a gap between Windows and Unix, they will hit the ground with a resounding thud. If any Forensics Examiner finds value in the content of this book for actual Unix forensic investigations, I would question that examiner's experience and training.
If the authors wanted to write a book about cool Linux tools or network scanning, they should have entitled the book differently. Perhaps "A Beginner's Guide to Using Linux and Linux Security Applications".
I felt the title was misleading and false advertising. The authors take advantage of the word "Forensics" to sell a book that is not about forensics. For $53.95 I expected much more and was extremely disappointed and disgusted at the inferiority of the content.UNIX and Linux Forensic Analysis DVD Toolkit OverviewThis book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis.The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM).The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems.Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers.The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis.The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else.Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills.* The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else.* This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author's own unique research and work.* The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators.

Want to learn more information about UNIX and Linux Forensic Analysis DVD Toolkit?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Steal This Computer Book 4.0: What They Won't Tell You about the Internet Review

Posted by Ashley Baker on 8/11/2012 / Labels: , , , , , , , , , / Comments: (0)
Steal This Computer Book 4.0: What They Won't Tell You about the Internet
Average Reviews:

(More customer reviews)Are you looking to buy Steal This Computer Book 4.0: What They Won't Tell You about the Internet? Here is the right place to find the great deals. we can offer discounts of up to 90% on Steal This Computer Book 4.0: What They Won't Tell You about the Internet. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Steal This Computer Book 4.0: What They Won't Tell You about the Internet ReviewOverall this is a good book. The first part is sorta stupid, though. It talks mainly about how not to only listen to one person but to get information from multiple sources. It could be summed up in about a page.
Chapter 4 talks about buying computers and software. It helped me out by giving me some tricks to do next time I buy a computer.
Chapter 5 tells you about keeping your files secure with encryption. It tells you about some different types of encryption algorithms and how to write your own encryption programs. It also shows you how to play some dirty tricks. It talked about using anonymous remailers to send anonymous email and talked about just how anonymous they were. It even told you how to surf the web anonymously so that people couldn't receive information about your computer, browser, and more.
Chapter 6 told about phone phreaking history such as captian crunch. Wallace then goes on by telling you possibly things that could've happened but didn't. When telling these stories he tries to make himself sound like a phreaker but he didn't even do anything. Then, he tells your some really obvious stuff like "To start phone phreaking, you need access to a telephone." and "phreaking from your own phone will let the telephone company trace it to your house." I don't know if he couldn't think of anything else or he thinks you are really stupid. After that, he talks about phreaking color boxes and then goes on to voice mail hacking. Then, he talks about cellular phone fraud and tv satellite descrambling.
Chapter 7 talks about defeating windoz 3.1/95/98 screen saver passwords which if you ever tried you should've done it on the first or second try. It also talks about cracking program passwords and then it goes on to defeating parental control software. If you can't access certain web pages, Wallace tells you how by having the html code emailed to you. He also shows you how to read banned books in secret.
Chapter 8 talks about harassing online services, how pedophiles stalk innocent children and what you can do to stop them. He tells you about generating fake credit card numbers and making your own online harassment program.
Chapter 9 talks about stopping spam. It shows you multiply ways to take revenge on spammers. If the spammer used a forged email address, Wallace shows you how to track down the spammer like two magnets attracting each other.
Chapter 10 shows some pictures of acctual hacked web sites and how to hack them.
Chapter 11 shows you how to track people down by using specific things about them. For example if you only had their SSC# how you could still find them no matter where they were. At the end of the chapter, he shows you how to hide yourself if you don't want to be tracked down or how to let someone easily find you if, for example, you gave your child up for adoption years ago and you don't want to contact him/her but you do want to let them find you if they ever wanted you.
Chapter 12 shows you about ConGames on the Internet. It shows you how to do them and how to protect yourself from them.
Chapter 13 Viruses Part I. ( I heard that the plural form of virus is exposed to be virii, just like the plural form or fungus is fungi but in the book it is written viruses so that's how I will spell it.)
This chapter expains what viruses are, the parts of them, how to tell if you have a virus on your computer, the different infection methods, if all viruses are bad and how to learn more about them.
Chapter 14 Viruses Part II.
This chapter shows the different methods of how an antivirus program works and what to do if you find a virus ( If you say any idiot knows that if you find one you should delete it, but you could also send it in to an antivirus program if you think it is a uncommon virus, keep a copy of it, modify the virus and make a new one and many other things.)
Chapter 15 tells you about writing your own computer virus. Wallace also tells you to watch out because viruses sometimes attack their own creators. He tells you some true things about antivirus companies like how they hire virus writers to help them detect viruses (makes sense, doesn't it) and how that their isn't any evidence of this, but that they may hire the virus writers to write a virus that only they have the antidote for so people will buy their program to detect it.
Chapter 16 is about Java applets. I haven't read all of it but so far so good.
Appendice A is the glossary with a decent amount of terms covered in the book. I really haven't used it too much because I never needed to.
Appendice B is Visual Basic 3.0 ( a very easy programming language that I suggest you learn ) source code for altering Mega$hack. A program he discusses in 12. ( it is used by cons but he alters it so they get a taste of their own medicine.) The source code is written on the page so you will have to type it into your Visual Basic Compiler.
Appendice C is about additional resources. It is compiled of online magazines, webpages, hacker conventions and more.
Summary: This book is for you if you are interested in the above things. The websites and newsgroups in the book lead to nothing except for a few like metacrawler that he obviously was paid to advertise for. If you are still unsure after unreading all the reviews, go to a local bookstore and see if they have this book there. If they do then look at it, see if you like it and if so, compare the prices of Amazon plus the shipping and time to the prices of the bookstore. I hope that this review helped you because I know what it is like to have one person rate it 5 stars and another person rate it 1 star. Sinse this is a pain, I figured that instead of giving my opinion, I would tell you what the book had in it.Steal This Computer Book 4.0: What They Won't Tell You about the Internet Overview

Want to learn more information about Steal This Computer Book 4.0: What They Won't Tell You about the Internet?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition Review

Posted by Ashley Baker on 7/23/2012 / Labels: , , , , / Comments: (0)
Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition
Average Reviews:

(More customer reviews)Are you looking to buy Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition? Here is the right place to find the great deals. we can offer discounts of up to 90% on Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition ReviewHardly a week goes by that CNN does not report a high-profile Web site being defiled or an e-commerce site being penetrated. While most people know why these incidents occurred, Hacking Exposed explains how they occurred and, more important, how to prevent them from occurring.
The cover of Hacking Exposed announces that "Network security is Y2K without the deadline." That alarmist statement, however, is the only hype in the book. The work is packed with real-world examples and links to tools needed to assess the security of any type of client/server and Web system. As they detail the myriad vulnerabilities in different types of systems, the authors provide countermeasures for each of them.
Well organized, the book progresses in an orderly fashion. It methodically goes through the process of exploiting a target to penetrate a system--from identification and enumeration to actual penetration. The authors provide detailed instructions and explanations for many security features and flaws in Unix, Linux, Windows, NetWare, routers, firewalls, and more. Topics covered include state-of-the-art computer and network penetration, as viewed by both the attacker and the defender; remote system identification; vulnerability identification; war dialers; firewall circumvention; and denial-of-service attacks. An appendix explores the security characteristics of Windows 2000.
Some may argue that books such as this one only serve to motivate and educate hackers. The truth is that hackers are already aware of the book's contents. This book is designed for system administrators and managers who need to know their systems' risks and vulnerabilities and how to address them. When they are done with this book, system administrators and managers will be familiar with such critical topics as back channels, port redirection, banner grabbing, and buffer overflows. Hacking Exposed is a must-read for anyone who wants to know what is really happening on their network....Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition Overview

Want to learn more information about Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD Review

Posted by Ashley Baker on 7/22/2012 / Labels: , , , , , , , , / Comments: (0)
Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD
Average Reviews:

(More customer reviews)Are you looking to buy Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD? Here is the right place to find the great deals. we can offer discounts of up to 90% on Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD ReviewI have just finished a marathon session of reading "Stealing the Network: The Complete Series Collector's Edition" and I have a very conditional review of it: It's a must-have if you don't already own the previous editions of these guilty pleasures. If you are already a fan, however, prepare to be let-down by the compilation.
The stories of the Stealing the Network series entertain in the same way that "war stories" from fellow hackers and security professionals often keeps a more intimate audience's interest: by mixing intriguing situations with juicy technical detail that can serve as a useful take-away. No one will accuse these books of containing fine literature, but that's not really the point. The stories are well written enough to keep you wanting to know what will happen next, while the technical information is as accurate as you're likely to see in fiction. Segments involving hacking are written and illustrated with enough attention to detail and length to serve as introductory educational tutorials for the topics (including web application hacking, reverse engineering, and wireless security). Most of these scenarios are believable as parts of larger-scale operations.
The first book of the series consists of independent short-stories based around characters of the authors' creation. The other three books in the compilation tell an over-arching story of a larger "operation", which involves many characters and their independent stories. The second book, "How to Own a Continent", is probably my favorite, along with the first ("How to Own a Box"), for keeping things simple, technical, and focusing on the individual stories. The third book, "How to Own an Identity" suffers from having worse editing then the rest of the series, and may lose some readers' interest. The fourth book ("How to Own a Shadow") reads a lot better, and wraps the overall story up well, however it focuses only on a relative handful of the series' characters.
As a compilation, this Collector's Edition leaves much to be desired. While the original description for this edition described the books contained within as being "author-annotated", this is not the case. The individual books are reproduced exactly as they were in their original editions, with no additional commentary from the authors, and with all the same problems as the originals. For example, screenshots in the first chapter of the first book are the same illegible black squares that were in the original edition of the book published 7 years ago. The annotations along with other features described in the original description (emails, photographs) that would provide a lot of interesting background material, would have made this compilation a must-buy.
The extra content that you are receiving is a brief new forward by Jeff Moss, and a "Final Chapter" by Ryan Russell. The new chapter is about 20 pages long, and gives the story-line a proper ending. I won't ruin anything about it, but I will say that I enjoyed it. Syngress has promised in the description of the book to make this content available separately in electronic form in six months.
The included DVD is described on the back-cover copy as being "full" of behind-the-scenes stories. In reality, you will only find 20 minutes of interviews with a few of the authors. I enjoyed these interviews, however, much like the print companion, I felt like more should have been done. Also beware that there are problems with the audio on the DVD. When played on my MacBook, there was noticeable crackling/popping in the audio of the DVD. The same noise was present, but less noticeable when played through a stand-alone DVD player through a television.
To summarize, I like the books, and find them as entertaining as I did when they were originally published, and I like the new hardcover binding. I do think that it is unfortunate that the "Stealing the Network: The Complete Series Collector's Edition" does not meet its potential to be more than the sum of its parts. There seems to have been intent at some point to add value to the set, but it wound up simply being a rough concatenation of the individual books.
If you haven't read these books, then I very much recommend picking up this set. It's 1,000 pages of interesting stories and technical material. If you already have the previous editions of the Stealing the Network Series, however, you might find it hard to justify paying for them again.Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD Overview
"Stealing the Network: How to Own the Box is a unique book in the fiction department. It combines stories that are fictional, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else: it provides a glimpse into the creative minds of some of today's best hackers, and even the best hackers will tell you that the game is a mental one." - from the Foreword to the first Stealing the Network book, How to Own the Box, Jeff Moss, Founder & Director, Black Hat, Inc. and Founder of DEFCON

For the very first time the complete Stealing the Network epic is available in an enormous, over 1000 page volume complete with the final chapter of the saga and a DVD filled with behind the scenes video footage!

These groundbreaking books created a fictional world of hacker superheroes and villains based on real world technology, tools, and tactics. It is almost as if the authors peered into the future as many of the techniques and scenarios in these books have come to pass.

This book contains all of the material from each of the four books in the Stealing the Network series.

All of the stories and tech from:


How to Own the Box

How to Own a Continent

How to Own an Identity

How to Own a Shadow

Plus:


Finally - find out how the story ends! The final chapter is here!

A DVD full of behind the scenes stories and insider info about the making of these cult classics!
* Now for the first time the entire series is one 1000+ page book* The DVD contains 20 minutes of behind the scenes footage* Readers will finally learn the fate of "Knuth" in the much anticipated Final Chapter

Want to learn more information about Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Google Hacking for Penetration Testers, Volume 1 Review

Posted by Ashley Baker on 4/30/2012 / Labels: , , , , , , , , , / Comments: (0)
Google Hacking for Penetration Testers, Volume 1
Average Reviews:

(More customer reviews)Are you looking to buy Google Hacking for Penetration Testers, Volume 1? Here is the right place to find the great deals. we can offer discounts of up to 90% on Google Hacking for Penetration Testers, Volume 1. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Google Hacking for Penetration Testers, Volume 1 ReviewWhile Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
Google Hacking for Penetration Testers, Volume 1 OverviewGoogle, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don't realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker's search. Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage. *First book about Google targeting IT professionals and security leaks through web browsing. *Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic. *Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

Want to learn more information about Google Hacking for Penetration Testers, Volume 1?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Penetration Tester's Open Source Toolkit Review

Posted by Ashley Baker on 1/30/2012 / Labels: , , , , , , , , , / Comments: (0)
Penetration Tester's Open Source Toolkit
Average Reviews:

(More customer reviews)Are you looking to buy Penetration Tester's Open Source Toolkit? Here is the right place to find the great deals. we can offer discounts of up to 90% on Penetration Tester's Open Source Toolkit. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Penetration Tester's Open Source Toolkit ReviewI am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. If you have no other security assessment books, you may find PTOST helpful. Otherwise, I don't believe this book offers enough value to justify purchasing it. Other books -- some published by Syngress -- cover some of the same ideas, and 5 of PTOST's chapters are published in other books anyway.
I was somewhat confused by PTOST's approach. The book features the logo of the Auditor live CD, along with a foreword by Auditor developer Max Moser. A version of Auditor is included with the book. However, PTOST isn't exactly a guide to Auditor. In fact, only on the back cover do we see a listing of the "CD contents." This list is odd since it does not distinguish between categories of tools (e.g., "Forensics") and the tools themselves (e.g., "Autopsy"). At the very least the book should have included an appendix listing the Auditor tools and a summary of their purpose.
PTOST does not feature enough original content to warrant buying the book. I think Osborne's Hacking Exposed, 5th Ed (HE5E) (or even the 4th Ed) addresses the phases of compromise in a more coherent and valuable manner. This is especially true for Ch 1 (Reconnaissance) and Ch 2 (Enumeration and Scanning); is there really anything original left to say on those subjects? I admit that coverage of certain SensePost tools was helpful, and SpiderFoot was cool.
Those looking to learn about database assessment (Ch 3) or Web hacking (Ch 4) would be better served by Syngress' own Special Ops: Host and Network Security for Microsoft, Unix, and Oracle. HE5E has a good chapter on Web hacking, and there's even a Hacking Exposed: Web Applications (HEWA) book. (A second edition of HEWA arrives this year, as does Syngress' new Web Application Security: A Guide for Developers and Penetration Testers.) However, I did like hearing about OScanner, SQLAT, and OAT in Ch 3.
Ch 5 (Wireless Penetration Testing Using Auditor), was one of my favorite chapters. It covered the material well enough, and it covered tools included with Auditor. The case studies were also helpful. Ch 6 (Network Devices) resembled Chs 1 and 2; it didn't contain anything really new. I could not understand why Ch 7 (Writing Open Source Security Tools) appeared in a book more or less about using a penetration testing live CD. The audiences for those using live CDs and those writing their own tools seem very different.
I also liked Ch 8 (Running Nessus from Auditor). Like Ch 5, it looked at the unique problems one encounters using a live CD for security work. For example, author Johnny Long offers multiple ways to update the Nessus plugins to a USB drive. This is exactly the sort of knowledge not found in other Nessus books. He also takes a look behind the scenes of the Nessus startup script on Auditor. Bravo.
I stopped reading PTOST after Ch 8. Why? Chs 9, 12, and 13 are published in Syngress' Writing Security Tools and Exploits (as Chs 9, 10, and 11). Chs 10 and 11 from PTOST are the same as Chs 3 and 4 from Syngress' Nessus, Snort, and Ethereal Power Tools. This tendency to reprint chapters from other books is worrisome.
I believe a second edition of PTOST would be more helpful if it focused strictly on tools found on a future assessment live CD, namely BackTrack. (BackTrack is a new live CD uniting the Auditor and Whax projects.) In fact, the authors might consider taking a case-based approach for the whole book. I thought the case studies in PTOST were some of the best material. For those looking for a comprehensive guide to security assessment, I recommend waiting for a second edition of Special Ops. Those who want a wide-ranging guide to security tools will like the recently published third edition of Osborne's Anti-Hacker Toolkit.Penetration Tester's Open Source Toolkit OverviewPenetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science. The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader "inside their heads" to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers * The book is authored by many of the tool developers themselves * This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Want to learn more information about Penetration Tester's Open Source Toolkit?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Google Hacking for Penetration Testers Review

Posted by Ashley Baker on 11/17/2011 / Labels: , , , , , , , , / Comments: (0)
Google Hacking for Penetration Testers
Average Reviews:

(More customer reviews)Are you looking to buy Google Hacking for Penetration Testers? Here is the right place to find the great deals. we can offer discounts of up to 90% on Google Hacking for Penetration Testers. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Google Hacking for Penetration Testers ReviewThis review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.
The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.
Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.
I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.
The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.
The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.
Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.
The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.
The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.
I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.
To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.
At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.Google Hacking for Penetration Testers OverviewA self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.-Johnny Long.Learn Google Searching BasicsExplore Google's Web-based Interface, build Google queries, and work with Google URLs..Use Advanced Operators to Perform Advanced QueriesCombine advanced operators and learn about colliding operators and bad search-fu..Learn the Ways of the Google HackerSee how to use caches for anonymity and review directory listings and traversal techniques..Review Document Grinding and Database DiggingSee the ways to use Google to locate documents and then search within the documents to locate information. .Understand Google's Part in an Information Collection FrameworkLearn the principles of automating searches and the applications of data mining..Locate Exploits and Finding TargetsLocate exploit code and then vulnerable targets..See Ten Simple Security SearchesLearn a few searches that give good results just about every time and are good for a security assessment..Track Down Web ServersLocate and profile web servers, login portals, network hardware and utilities..See How Bad Guys Troll for DataFind ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information..Hack Google ServicesLearn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

Want to learn more information about Google Hacking for Penetration Testers?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...