Security

CD Cracking Uncovered: Protection Against Unsanctioned CD Copying

Author(s): 
Kris Kaspersky
Description: 

A manual on protecting CDs against illegal copying, this book shows how crackers copy CDs using various access methods. The methods covered include the CDFS driver, cooked mode, SPTI, ASPI, the SCSI port, and the MSCDEX driver. Explained is how to prevent cracker break-ins using protections based on nonstandard CD formats such as the CD driver and weak CD sectors. Information on CD functioning fundamentals and tips related to CD protection in a format free of math and assembling-such as data formats, the scrambler, the Reed-Solomon coder/encoder, the CIRC coder/encoder, and a weak-sectors generator-are also provided. The main program interfaces, which provide direct control via peripheral devices on the application level in UNIX, Novell, and Windows 9x/NT/2000/XP, are considered, as is how to read and write RAW sectors.

Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C

Author(s): 
Bruce Schneier
Description: 

This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography-the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.

What's new in the Second Edition?
* New information on the Clipper Chip, including ways to defeat the key escrow mechanism
* New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher
* The latest protocols for digital signatures, authentication, secure elections, digital cash, and more
* More detailed information on key management and cryptographic implementations

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

Author(s): 
Jack Koziol
David Litchfield
Dave Aitel
Chris Anley
Sinan "noir" Eren
Neel Mehta
Riley Hassell
Description: 

Stop hackers from wreaking havoc on your software applications and operating systems. This innovative book provides tools to discover vulnerabilities in C-language-based software, exploit what you find, and prevent new security holes from occurring.
* Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
* A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
* Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
* Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques

Snort Cookbook

Author(s): 
Jacob Babbin
Simon Biles
Angela D. Orebaugh
Description: 

If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as:

* installation
* optimization
* logging
* alerting
* rules and signatures
* detecting viruses
* countermeasures
* detecting common attacks
* administration
* honeypots
* log analysis

But the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don't have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Author(s): 
Michal Zalewski
Description: 

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

Security in Computing

Author(s): 
Charles P. Pfleeger - Pfleeger Consulting Group
Shari Lawrence Pfleeger - RAND Corporation
Description: 

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.

New coverage also includes

* Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
* Web application threats and vulnerabilities
* Networks of compromised systems: bots, botnets, and drones
* Rootkits--including the notorious Sony XCP
* Wi-Fi network security challenges, standards, and techniques
* New malicious code attacks, including false interfaces and keystroke loggers
* Improving code quality: software engineering, testing, and liability approaches
* Biometric authentication: capabilities and limitations
* Using the Advanced Encryption System (AES) more effectively
* Balancing dissemination with piracy control in music and other digital content
* Countering new cryptanalytic attacks against RSA, DES, and SHA
* Responding to the emergence of organized attacker groups pursuing profit

Security Warrior

Author(s): 
Anton Chuvakin
Cyrus Peikari
Description: 

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.

What's the worst an attacker can do to you? You'd better find out, right? That's what "Security Warrior" teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, "Security Warrior" reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.

"Security Warrior" places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.

"Security Warrior" is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

Hacker Disassembling Uncovered

Author(s): 
Kris Kaspersky
Description: 

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.

Text shows how to analyze programs without its source code, using a debugger and a disassembler. Covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. For intermediate to advanced level programmers. Softcover.

Network Security Tools

Author(s): 
Justin Clarke
Nitesh Dhanjani
Description: 

If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include:

* Writing your own network sniffers and packet injection tools
* Writing plugins for Nessus, Ettercap, and Nikto
* Developing exploits for Metasploit
* Code analysis for web applications
* Writing kernel modules for security applications, and understanding rootkits

While many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions--without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.

Hacking: The Art of Exploitation

Author(s): 
Jon Erickson
Description: 

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

* Program computers using C, assembly language, and shell scripts
* Corrupt system memory to run arbitrary code using buffer overflows and format strings
* Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
* Outsmart common security measures like nonexecutable stacks and intrusion detection systems
* Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
* Redirect network traffic, conceal open ports, and hijack TCP connections
* Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Syndicate content