Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing the Network

Posted by timothy on from the next-week-shoplifting dept.

Blaine Hilton writes "Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks." Read on for his overview of the book. Stealing the Network: How to Own the Box author Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig pages 328 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1931836876 summary An interesting fictionalized approach to hacking and other aspects of information security.

I'm leery of books that are written by multiple authors because the writing style always seems to keep me off beat from jumping around, however in this book it works out well since the book is organized as a series of short stories. Each story describes somebody involved in information security -- either somebody trying to access a system, or a person trying to keep the bad guys out.

If you are looking for a step-by-step guide to locking down your computer and network, this is not the book for you. Instead, this book is more to help people who already have at least a basic understanding of information security to see from another perspective. Stealing the Network looks at other reasons why people can break in: everything from being told to go to industry conferences to not collecting access cards when an employee leaves the company. What this book left deepest in my mind is to trust nothing, and assume even less.

After the ten short stories of how hacking is really done, there is a nicely done appendix along with Ryan Russel's "Laws of Security," which finishes this fictionalized book in a very non-fictional way. The laws cover most of the problems with current IT infrastructure, but do not go in-depth with what I believe is the biggest security hole, the user. Many of the stories touch on this fact but that's about the extent of it. I believe this may be because there are not any easy solutions to human behavior. This book says it best with "people are lazy."

At 328 pages (in pretty large text), this is a great easy read, though the book would be better with a lower price tag. However if you work with or around computers and the Internet, this book is very enlightening, if not completely informative.

Table of Contents
  • Acknowledgements
  • Contributors
  • Forward
  • Chapters:
    1. Hide and Sneak
    2. The Worm Turns
    3. Just Another Day at the Office
    4. h3X's Adventures in Networkland
    5. The Thief No One Saw
    6. Flying the Friendly Skies
    7. dis-card
    8. Social (In)Security
    9. BabelNet
    10. The Art of Tracking
  • Appendix - The Laws of Security

Most of the book's authors have websites you can hit for more information; follow these links to find more from Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky and Mark Burnett, as well as Jeff Moss (who wrote the forward).

You can purchase Stealing the Network from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

7 of 141 comments (clear)

  1. Re:Woo Hoo! by Chris_Stankowitz · · Score: 3, Interesting

    I do have a question. Does Syngres still offer their books in a downlodable text? I try to find this feature in most of my tech books and unfortunatley not many companies publish them this way.

  2. Learning through fiction by nacturation · · Score: 5, Interesting

    This is a very valuable technique. After reading the Clavell novels (primarily Shogun) I was able to pick up and understand a small vocabulary of Japanese as it wasn't "dry" information. Hopefully this will be a great way to get management to clue in a little better to security without PHBs realizing that they're learning valable material.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  3. don't forget The Cuckoo's Egg by paulmcd · · Score: 2, Interesting

    This is a clasic that shouldn't be forgotten. "The Cuckoo's Egg", by Clifford Stoll

  4. Our Thoughts Writing STN by Effugas · · Score: 4, Interesting

    Heh. STN made Slashdot. Scanrand on the shelves...cool :-)

    Stealing the Network is a relatively unique book. Remember Swordfish? Remember Antitrust? Wish there was a cheap procedure to repair that psychic damage? Because that's what got me involved. Syngress was as tired of the hype as we were. Spindly kids playing with 3D modelers to make worms was not reality. Syngress had a basic request: Show us what really happens. Make it interesting, tell a story, but at the end of the day, take the gloves off.

    Most of us had worked with Syngress before -- we'd done Hack Proofing Your Network for them, which was actually pretty well received. It was a strange experience, travelling half-way round the world to Black Hat Asia and seeing my Defcon talk on sale in a Singaporean bookstore :-) So when Syngress said they wanted to do this -- we put this together.

    We've actually put together a surprisingly good package. Everything from dumpster diving to printer abuse to some of the first real documentation of my personal scanrand techniques shows up. If there's interest, I'll put together a summary of some of the cooler things in here. And of course, if there's any questions, bug me here or in email :-)

    Yours Truly,

    Dan Kaminsky

  5. Re:Woo Hoo! by Mooncaller · · Score: 2, Interesting
    How would you feel about submiting to a /. interview. Tech writting is an important part of any tech carrer. I have done quite a bit of it myself, including a 200+ page process procedure. I like to write SF short stories. When ever I do tech writing I pay as much attention to sentence structure and flow as when I write a story. The result is "wawawawawa". Nothing sticks. The prose is too smooth. That makes for a lousy procedure. The problem is that the procedure lacks a good plot.

    I'm interested in tech writiting and would like to do it better. I'm sure there are there /.ers who feel the same way. It would be nice to get the perspective of some one whos been there.

  6. Re:Woo Hoo! by ryanr · · Score: 2, Interesting

    Clearly, from the amount of whoring I've already done in this thread which is only tangentially about me, I'd love to do an interview.

    There are any number of details about how I perceive writing, what it's like to work with Syngress, etc... that I'd love to talk about.

    I can see where writing procedures, where there is little or no opportunity to include any personality, would drive one insane. I have no formal training on writing, other than the classes they have you take in college. And I read a lot. I was a little concerned about that when writing fiction... but that's what editors are for (to tell you you suck.)

  7. Looks like Mr. Russell has been hacked himself by Anonymous Coward · · Score: 1, Interesting

    Hey, looks like this guy has been hacked quite a bit himself:

    Wired Article

    You can also see the contents of his home dir and some of the "sites" he likes to visit:

    Ryan Russell's home dir

    Not quite a security expert, I would say....