Stealing the Network: How to Own a Shadow Review

Average Reviews:

(More customer reviews)Are you looking to buy Stealing the Network: How to Own a Shadow? Here is the right place to find the great deals. we can offer discounts of up to 90% on Stealing the Network: How to Own a Shadow. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Stealing the Network: How to Own a Shadow ReviewDid you enjoy the previous three Stealing the Network books? Are you looking for more? Then move along now, nothing to see here.
The prior books were interesting because they introduced the reader to new ideas or new angles on old ideas, then moved on without belaboring them. If you wanted more details, there were often URLs provided. The last two tied the stories together with the intriguing Knuth character. But the folks running the project chose to switch to a new format, with fewer characters and stories, not to mention fewer authors, and fewer ways to split the profits.
After three books with the same (proven) formula, it's understandable the authors would want to try something new. Alas, it's a disaster.
Welcome to "How to Own a Shadow," aka "The SQL Injection Adventures of Pawn." Pawn is one of the new characters in this volume, and is the first StN character I hoped would get shot to death by the cops in a mini-mall parking lot. Yes, he's that irritating. Particularly after reading 40 pages about his childhood as a high-functioning autistic (or something like that), and around 100 pages of him performing SQL injection attacks. Most of which is totally unrelated to Knuth. Note to the authors: SQL injection is interesting, but if you want to write a book about it, just write a book about it. I even gave you a title, what more do you want? You can even recycle much of this book, like you recycled part of the last one here.
Oh, you noticed the real subtitle of the book, "The Chase for Knuth." First, one chases _after_ fugitives, and hunts or searches _for_ them. Not that it matters, because there's not much chasing or hunting going on in this book. There isn't much Knuth, either. We see him in the first hundred pages, which is mostly about his son analyzing poker software. That's the last we see of either of them. Because, really, this is "The Biography of Pawn." We do get 50 pages of Knuth at the end of the book, but don't get excited: it's all from the last book, added as obvious filler.
Speaking of filler, there's a 17 page advertorial thrown in for BiDiBLAH, which is commercial software by SensePost. Oddly enough, they're listed as technical advisors for the book. I'm sure it's a fine app, but the authors have forgotten about Knuth again, since it has nothing to do with the story. If it had been relevant, it might have been a less obnoxious addition.
Not everything is bad. There's a brief bit about RFID, which of course turns into how to use RFID for SQL attacks. We get to meet Knuth's supposedly dead wife, and a charming shrew she is. All in all, though, this book isn't worth reading unless you're a truly devoted fan of the series, or SQL. I'm still a fan of the previous books, and I hope the authors can recapture what made them so intriguing for their next book. I won't be buying that one until I'm sure it's not Book Two of the Pawn Saga, however.Stealing the Network: How to Own a Shadow OverviewThe best-selling Stealing the Network series reaches its climactic conclusion as law enforcement and organized crime form a high-tech web in an attempt to bring down the shadowy hacker-villain known as Knuth in the most technically sophisticated Stealing book yet.Stealing the Network: How to Own a Shadow is the final book in Syngress' ground breaking, best-selling, Stealing the Network series. As with previous title, How to Own a Shadow is a fictional story that demonstrates accurate, highly detailed scenarios of computer intrusions and counter-strikes. In How to Own a Thief, Knuth, the master-mind, shadowy figure from previous books, is tracked across the world and the Web by cyber adversaries with skill to match his own. Readers will be amazed at how Knuth, Law Enforcement, and Organized crime twist and torque everything from game stations, printers and fax machines to service provider class switches and routers steal, deceive, and obfuscate. From physical security to open source information gathering, Stealing the Network: How to Own a Shadow will entertain and educate the reader on every page. The book's companion Web site will also provide special, behind-the-scenes details and hacks for the reader to join in the chase for Knuth. The final book in the Stealing the Network series will be a must read for the 50,000 readers worldwide of the first three titles The companion Web site to the book will provide challenging scenarios from the book to allow the reader to track down Knuth Law enforcement and security professionals will gain practical, technical knowledge for apprehending the most supplicated cyber-adversaries

Want to learn more information about Stealing the Network: How to Own a Shadow?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

Google Hacking for Penetration Testers, Volume 1 Review

Average Reviews:

(More customer reviews)Are you looking to buy Google Hacking for Penetration Testers, Volume 1? Here is the right place to find the great deals. we can offer discounts of up to 90% on Google Hacking for Penetration Testers, Volume 1. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Google Hacking for Penetration Testers, Volume 1 ReviewWhile Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
Google Hacking for Penetration Testers, Volume 1 OverviewGoogle, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don't realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker's search. Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage. *First book about Google targeting IT professionals and security leaks through web browsing. *Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic. *Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

Want to learn more information about Google Hacking for Penetration Testers, Volume 1?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

Google Hacking for Penetration Testers Review

Average Reviews:

(More customer reviews)Are you looking to buy Google Hacking for Penetration Testers? Here is the right place to find the great deals. we can offer discounts of up to 90% on Google Hacking for Penetration Testers. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Google Hacking for Penetration Testers ReviewThis review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.
The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.
Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.
I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.
The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.
The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.
Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.
The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.
The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.
I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.
To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.
At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.Google Hacking for Penetration Testers OverviewA self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.-Johnny Long.Learn Google Searching BasicsExplore Google's Web-based Interface, build Google queries, and work with Google URLs..Use Advanced Operators to Perform Advanced QueriesCombine advanced operators and learn about colliding operators and bad search-fu..Learn the Ways of the Google HackerSee how to use caches for anonymity and review directory listings and traversal techniques..Review Document Grinding and Database DiggingSee the ways to use Google to locate documents and then search within the documents to locate information. .Understand Google's Part in an Information Collection FrameworkLearn the principles of automating searches and the applications of data mining..Locate Exploits and Finding TargetsLocate exploit code and then vulnerable targets..See Ten Simple Security SearchesLearn a few searches that give good results just about every time and are good for a security assessment..Track Down Web ServersLocate and profile web servers, login portals, network hardware and utilities..See How Bad Guys Troll for DataFind ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information..Hack Google ServicesLearn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

Want to learn more information about Google Hacking for Penetration Testers?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...