Sponsored links

Valid XHTML 1.0!
Valid CSS!
Product: Book - Paperback
Title: Effective Java Programming Language Guide
Publisher: Addison-Wesley Professional
Authors: Joshua Bloch
Rating: 5/5
Customer opinion - 5 stars out of 5
Best technical book I've read in years.

I've spent the last few weeks reading one or two of Joshua Bloch's maxims a day, and letting the information settle in over the course of 24 hours. I've alternated between wholehearted agreement with a point, to embarrassment regarding recent and/or repeated violations of one of his excellent rules.
I've been a programmer for 20 years, and a Java programmer for the last 7 years, and I learned a lot from this book. I recommend it highly.

Product: Book - Paperback
Title: Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition
Publisher: Wiley
Authors: Bruce Schneier
Rating: 5/5
Customer opinion - 5 stars out of 5
The essential bible for communications security

Schneier's book is a surprisingly down-to-earth encyclopedia of the data scrambling technology which secures electronic communication worldwide, and which the US Government has tried for years to keep in the bag. Understanding cryptography is a must for anyone interested in the technology behind privacy on-line, and Schneier's book is the best source there is.

Product: Book - Paperback
Title: Hacking Linux Exposed, Second Edition
Publisher: McGraw-Hill Osborne Media
Authors: Brian Hatch, James Lee, George Kurtz
Rating: 5/5
Customer opinion - 5 stars out of 5
Worth it many times over!

Hacking Linux comes in six parts, each of which is worth the price of the book in whole. Part one: security overview covers all the basics like file permissions, setuserid problems, buffer overflows/format string attacks, tools to use before you go online, and mapping tools like nmap. Part two comes in from more of the hacker angle with social engineering and trojans, attacks from the console, and then concludes with two excellent chapters about netowrk attacks and TCP/IP vulnerabilities.
All the stuff to this point assumes the hacker is on the outside. Part three takes over and shows you what the hacker will do once they've gotten on, such as attacking other local users including root, and cracking passwords. It becomes obvious that you need to protect things from insiders as much as from the outsider, because the outsider will usually get in as a normal user first, and if you can prevent him or her from getting root access, the damage cannot be nearly as severe. A lot of books don't cover this angle at all, and it's done superbly here.
Part four covers common problems in internet services. First they discuss mail servers. Sendmail, Qmail, Postfix, and Exim each get covered in detail - it's nice to see more than just Sendmail discussed in a security book. Of course, it'd be even nicer to see something other than Sendmail installed on a Linux machine by default. Next they cover problems with FTP software and problems with the FTP protocol. I'd never seen "beneath the hood" and realized how wierd FTP really was, and why it's not supported by firewalls very well, and the authors show you the inner workings of it so anyone can understand the problems. They continue with Apache and CGI/mod_perl/PHP/etc problems, both from a coding standpoint and how to secure against outsiders and your own web developers. Next it's on to Firewalls (iptables and TCP wrappers) and lastly (distributed) denial of service attacks. The countermeasures for the DOS problems are excellent, and a must for anyone with a server.
Part five covers everything a hacker can do once they've broken in. They describe trojan programs, trojan kernel modules, and configuration changes that can be used to keep root access, or hide the hacker activity, or let them get back in should the computer be partially fixed. This was not only complete, but scary in how many different things they showed. It works both as a blueprint for what you need to defend against, how to clean up after a hacker has gotten in, and also how you could back door a machine if you get in. I'll leave the ethics up to you.
Lastly we have part six, which is the appendicies. While most times I ignore appendicies, these are really an integral part of the book, and are referenced throughout the book all over. (This very good, because it keeps the book from having too much repeated countermeasures.) They discuss post-breakin cleanup, updating your software and kernel, and turning off daemons (both local and network ones) and a new case study. The book is good about covering Linux from a distribution-agnostic standpoint (it doesn't assume you use RedHat, unlike everything else out there) but in these appendicies they cover the differences you may encounter. They show you how to use dpkg/apt-get as much as RPM as much as .tgz packages, discuss both inetd and xinetd, and even svscan/supervise. They are extreemly complete.
Hacking Linux Exposed 2nd Edition is required reading for anyone with a Linux machine, period.

Product: Book - Paperback
Title: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
Publisher: Anchor
Rating: 5/5
Customer opinion - 5 stars out of 5
A coded review, 269B:

Ajdfg jco werr wqoitl. 9 A kpuym dhr sueet wcdk. 14 Cel apre hgh vo ddplkw ru owplt! 8 Lo pyunr digh jido rr plint. 61 Fdyu th tfre nds lokputy bnk fo. (875) Sqy treop hu gin cpy. 010 Hf oie wangt thuy fiu sotp vjk wrq. 77 Bravo, a wonderful read! 9