Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing the Network

Posted by timothy on from the next-week-shoplifting dept.

Blaine Hilton writes "Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks." Read on for his overview of the book. Stealing the Network: How to Own the Box author Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig pages 328 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1931836876 summary An interesting fictionalized approach to hacking and other aspects of information security.

I'm leery of books that are written by multiple authors because the writing style always seems to keep me off beat from jumping around, however in this book it works out well since the book is organized as a series of short stories. Each story describes somebody involved in information security -- either somebody trying to access a system, or a person trying to keep the bad guys out.

If you are looking for a step-by-step guide to locking down your computer and network, this is not the book for you. Instead, this book is more to help people who already have at least a basic understanding of information security to see from another perspective. Stealing the Network looks at other reasons why people can break in: everything from being told to go to industry conferences to not collecting access cards when an employee leaves the company. What this book left deepest in my mind is to trust nothing, and assume even less.

After the ten short stories of how hacking is really done, there is a nicely done appendix along with Ryan Russel's "Laws of Security," which finishes this fictionalized book in a very non-fictional way. The laws cover most of the problems with current IT infrastructure, but do not go in-depth with what I believe is the biggest security hole, the user. Many of the stories touch on this fact but that's about the extent of it. I believe this may be because there are not any easy solutions to human behavior. This book says it best with "people are lazy."

At 328 pages (in pretty large text), this is a great easy read, though the book would be better with a lower price tag. However if you work with or around computers and the Internet, this book is very enlightening, if not completely informative.

Table of Contents
  • Acknowledgements
  • Contributors
  • Forward
  • Chapters:
    1. Hide and Sneak
    2. The Worm Turns
    3. Just Another Day at the Office
    4. h3X's Adventures in Networkland
    5. The Thief No One Saw
    6. Flying the Friendly Skies
    7. dis-card
    8. Social (In)Security
    9. BabelNet
    10. The Art of Tracking
  • Appendix - The Laws of Security

Most of the book's authors have websites you can hit for more information; follow these links to find more from Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky and Mark Burnett, as well as Jeff Moss (who wrote the forward).

You can purchase Stealing the Network from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

9 of 141 comments (clear)

  1. Short Review? by Anonymous Coward · · Score: 1, Insightful

    Why cant I just Amazon for review like this?

    1. Re:Short Review? by Anonymous Coward · · Score: 1, Insightful

      I didn't know this book existed.

      Now I do, and I'm better off for it.

      I don't go browsing through Amazon looking for reviews to read.

  2. Re:Woo Hoo! by ryanr · · Score: 3, Insightful

    If I couldn't have fun with the trolls, then Slashdot would be less enjoyable.

  3. Great Pedagogical Technique, this by Phoenix666 · · Score: 3, Insightful

    I think this is an excellent direction to take education in. The difference between book learning and real world knowledge is always context. Book learning teaches you math out of context, teaches you grammar out of context, and what have you. It's the real world that teaches you the actual context for applying the book learning. Whereas a book like this, presenting the knowledge in the way it does, actually takes you back to the original purpose for stories: to teach.

    Remember Aesop's Fables? They weren't meant primarily to entertain, but to teach a moral lesson. The same with the little incidental stories we tell each other daily about, for example, how so-and-so got fired because he was surfing porn on the company network. The entertainment value is incidental.

    Given that bodies of knowledge, IT and otherwise, are multiplying so rapidly, it seems like the only way to get a reasonable handle on it as a society is to create these kinds of stories to put it in context.

    Great work, guys.

    --
    Do what you can, with what you have, where you are.
  4. Personally, I like the idea... by The+Angry+Mick · · Score: 3, Insightful


    ...of using a fictional approach to highlight security vulnerabilities. How many times have we sysadmins tried to point out the dangers of a particular practice (say, passwords pasted to monitors), only to be asked "what's the worst that could happen" and asked to prove the risk?

    Other than spending a large chunk of time Googling for news stories, there's not a lot of real and readily accessible information out there about the serious consequences of a lame security approach. Nor is there a pile of information that comes in an easy to understand form that upper management can grasp. Trying to explain the technical aspects will only make their eyes glaze over, and appealing to their sense of security is more often than not perceived as questioning the morality of staff.

    Anecdotal "tales" such as this, may actually help the technologically adverse see the nightmare scenarios that many of us admins lose significant sleep over, and can do so in a way that makes them understand that even the best intentions can go horribly awry.

    --

    I'm not tense. I'm just terribly, terribly, alert.

  5. Re:reminds me of... by ryanr · · Score: 2, Insightful

    Great book, one of my favorites. The difference is that his is a true story. Well, that and he's a much better writer than I am.

  6. Re:Looks like Mr. Russell has been hacked himself by Anonymous Coward · · Score: 1, Insightful

    Is that supposed to reflect on me in some way?

    Yes, in fact, it does. This is something that has obviously eluded you. You claim to be a security "expert", but you can't even keep hackers out of your own box. Very simple, you claim to be something that you are not.

    And, gee, don't you send all your emails from @thievco.com? Isn't your own email worth protecting? Hardly some "crap" stored on some canadian ISP. Wouldn't mr. security expert take care to secure his own private emails?

    Also, why do you write this book? All it does is create more FUD about hacking and hackers in general. You didn't even use real stories, likely because any real hacker would not be associated with an imposter such as you.

    Signed,

    BlueBoar Fan Club

  7. Re:Looks like Mr. Russell has been hacked himself by Anonymous Coward · · Score: 1, Insightful

    First of all, Mr. Russell, I did not hack your box. I don't even know or care who did, but I do empathize with the person(s) that taught you a lesson.

    If having a box compromised means that person isn't an expert, then there are no experts.

    Its not just that. You don't know anything. Look in your own damn Slashdot journal. You don't even know how to code in C!!!!! Maybe you should start with html, then graduate to something more on your skill level.

    that nothing important was on that box when it was compromised.

    Your personal email isn't important? Emails about your child's medical conditions aren't important? You have a messed up concept of what is important.

    By your definition, no the "real hackers" (the guys currently illegally breaking into stuff) wouldn't want to be associated with me.

    No, I did not share my definition of "hacker" with you. You shoved that down my throat, which is one of your known tatics and why so many people dislike you.

    Do you honestly not understand why so many do not like you, and do not prefer your company? Censoring releases to bugtraq and vuln dev (which you obviously lost your job over)? Putting out "hacking" books that are nothing but shameless marketing ploys? Downing the name of real experts?

    I was beginning to worry that you guys forgot about me.

    You have been made mostly irrelevant. You lost your censorship position at securityfocus. Your private emails are circulating on the internet. You have been relegated to publishing fictional stories hoping to make money off of hollywood "hacker fear". Your dog ran away from home. There isn't much left, you have been destroyed.

  8. Read it through today ... by cobrabyte · · Score: 2, Insightful

    After reading about the book this morning on /., I went to B&N and actually caught sight of the book (inadvertently). I picked it up and it was such an interesting read, I didn't put it down until I had read it all. As mentioned, it's interesting in the fact that they're all 'make believe' stories carrying an underlying lesson in each chapter. A lot of different scenarios are covered and it would be a pretty good read for anyone even remotely connected to network security. Now, I am not saying that it gives you the XYZ of keeping your network safe from prying eyes ... it's far from that. In fact, the appendix is really the only thing that contains a 'true' lesson. The stories, however, illustrate the 'outside-the-box' thinking that some hackers possess. All in all, I give it about a 7 out of 10.