- You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)
Black Hat Physical Device Security: Exploiting Hardware and Software Hardcover – Oct 29 2004
|New from||Used from|
Special Offers and Product Promotions
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
Most Helpful Customer Reviews on Amazon.com (beta)
I don't know quite what the author was hoping to achieve, but I think it's somewhere along the lines of the philosophy behind security. Drew fails to deliver, instead we get rambling text, bad anecdotes, poor writing, and no focus. When we finally do get to some technical material, it's poorly presented (eg the crypto code in Chapter 3).
Errors are also rife throughout the text. For example, in chapter 3 the author attempts to describe connection attributes to enforce for a connection. One of these is the MAC address of a host 2 hops away. Anyone with any understanding of TCP/IP networking would know that if a host is 2 hops away, then the MAC address belongs to your router. The attack Drew describes isn't going to see the router change out from under the system.
While there's a lot of terms thrown around, there aren't any useful concepts really taught or well presented. I don't think anyone will learn much of anything from this book. The title of the book suggests that we'll be hitting hardware, too, but it's not until the last third of the book that this is introduced, and just as poorly as key concepts in software security (defense, attacks, etc), and only for one chapter.
I just don't have anything positive to say about this book, and for that I truly apologize to the author (and as a fellow author). This isn't personal (I don't know Drew, I believe, nor do I harbor any malice towards him or anyone he knows), it's just not a very good product. If you're looking for a comprehensive overview of infosec, look at something like Bishop's tome "Introduction to Computer Security".
The central theme of the book is to not trust. Every chapter discusses problems that can be traced to the incorrect assumption that certain input should be trusted. And the solution is to always validate, authenticate, encrypt, hash, and minimize storage and transmission of sensitive information. This applies even if the data is coming from a different part of the same system. The constant dire warnings about misplaced trust and the author's other suggestions are backed by analysis and anecdote, but not data. While I agreed with most of the advice, I felt the author spent too much effort conveying the possibility of attackers being able to decrypt secure tunnels and not enough attention to more likely attacks. But the attention to that possibility did make me realize how often I assume that because something is encrypted it is therefor safe.
Overall Black Hat Physical Device Security was poorly edited. I found many places where words were misspelled or even left out entirely. Sentences were sometimes poorly worded and redundant. And the code examples added almost nothing.
I enjoyed this book and picked up some great ideas. I don't regret reading it, but can't say I'd recommend it.
Recent intrusions into network and wireless infrastructures are just mere examples of products; however functional they may be, that, in general, lack any quality assurance specific to the types of attacks that are reviewed within this book.
Look for similar items by category
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > Internet & Social Media > Hacking
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Programming > Java
- Books > Computers & Technology > Programming > Languages & Tools
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Law
- Books > Textbooks > Computer Science & Information Systems > Programming Languages
- Books > Textbooks > Law