Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing the Network

Posted by timothy on from the next-week-shoplifting dept.

Blaine Hilton writes "Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks." Read on for his overview of the book. Stealing the Network: How to Own the Box author Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig pages 328 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1931836876 summary An interesting fictionalized approach to hacking and other aspects of information security.

I'm leery of books that are written by multiple authors because the writing style always seems to keep me off beat from jumping around, however in this book it works out well since the book is organized as a series of short stories. Each story describes somebody involved in information security -- either somebody trying to access a system, or a person trying to keep the bad guys out.

If you are looking for a step-by-step guide to locking down your computer and network, this is not the book for you. Instead, this book is more to help people who already have at least a basic understanding of information security to see from another perspective. Stealing the Network looks at other reasons why people can break in: everything from being told to go to industry conferences to not collecting access cards when an employee leaves the company. What this book left deepest in my mind is to trust nothing, and assume even less.

After the ten short stories of how hacking is really done, there is a nicely done appendix along with Ryan Russel's "Laws of Security," which finishes this fictionalized book in a very non-fictional way. The laws cover most of the problems with current IT infrastructure, but do not go in-depth with what I believe is the biggest security hole, the user. Many of the stories touch on this fact but that's about the extent of it. I believe this may be because there are not any easy solutions to human behavior. This book says it best with "people are lazy."

At 328 pages (in pretty large text), this is a great easy read, though the book would be better with a lower price tag. However if you work with or around computers and the Internet, this book is very enlightening, if not completely informative.

Table of Contents
  • Acknowledgements
  • Contributors
  • Forward
  • Chapters:
    1. Hide and Sneak
    2. The Worm Turns
    3. Just Another Day at the Office
    4. h3X's Adventures in Networkland
    5. The Thief No One Saw
    6. Flying the Friendly Skies
    7. dis-card
    8. Social (In)Security
    9. BabelNet
    10. The Art of Tracking
  • Appendix - The Laws of Security

Most of the book's authors have websites you can hit for more information; follow these links to find more from Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky and Mark Burnett, as well as Jeff Moss (who wrote the forward).

You can purchase Stealing the Network from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

10 of 141 comments (clear)

  1. Woo Hoo! by ryanr · · Score: 5, Informative

    One of my books finally made it onto Slashdot. I wrote the "Worm Turns" chapter with Tim Mullen, acted as tech editor for the book, and wrote the overall outline. Pretty easy book to be a tech editor on. I'll be watching this thread if there are any questions I can answer.

    1. Re:Woo Hoo! by ryanr · · Score: 5, Informative

      On some books, they do. When I "registered" my copy of this book, I was given a link to download a .PDF of it. Be aware that on some books (mostly older ones) the .pdf file(s) were contained in a Windows .exe.

      If enough people care, I'll make them produce a HTML file or something.

  2. Learning through fiction by nacturation · · Score: 5, Interesting

    This is a very valuable technique. After reading the Clavell novels (primarily Shogun) I was able to pick up and understand a small vocabulary of Japanese as it wasn't "dry" information. Hopefully this will be a great way to get management to clue in a little better to security without PHBs realizing that they're learning valable material.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  3. Great, thanks! by Anonymous Coward · · Score: 5, Informative

    A whole book review that consists of the Contents listing, and a whole paragraph that says "I liked the writing style, even though it was written by more than one person." Gee thanks. Next time save your time and just give us a link direct to the Amazon listing why not?

  4. Re:fp! by ryanr · · Score: 5, Funny

    In one of the stories, a book author beats the anonymous coward for first post on his book review story.

  5. Question: by mao+che+minh · · Score: 5, Funny
    Yes mister Ryanr, I have a question that demands your expertise. How do I perform what is commonly refferred to as "teh haxX0r" on the internet? And is the art of "haxX0ring" related to "hacking" in any way? I am routinely laughed out of IRC chat rooms because I am not "l33t", as they put it.

    Thank you.

  6. Amazon by Meeble · · Score: 5, Informative

    here is the Amazon Link.

    I'm always wary of amazon reviews anyhow though, half the time their anonymous and most likely the publishers, authors, and editors. With my lack of trust does that mean I'm as knowledgeable as I would be from reading the book ? ;)

    --
    Fear Breeds Knowledge
  7. very good by towaz · · Score: 5, Informative

    I downloaded this as an ebook from syngress its cheaper :)

    The stories were all well written, covered a varied amount of subjects and were not heavily technical.

    Hope to see more books take this different angle, the only one that seemed to be written the same style recently was Art of deception.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
  8. I read the first chapter at Barnes & Noble... by bc90021 · · Score: 5, Informative

    ...while I was waiting to see TM:R. I started reading it, and in half an hour was through fifty pages already. It was compelling, to say the least.

    The reviewer is quite correct - this book is different from most normal security books. Instead of "here's the attack, here's how to defend", it is a collection of fictional stories. Since I only read the first one, I can't comment on the rest of them, but the first was enough to make me want to read the rest.

    Needless to say, when I got home that night, I ordered it. Since then, I've been like Calvin waiting for his red beanie - every evening I come home and it's not there... but the next day I am psyched that it will be! (It should be arriving today! I am quite anxious to read the rest.)

    My recommendation is that you check it out if you get a chance. :)

    --
    libertarianswag.com
  9. The laws of security: by cyt0plas · · Score: 5, Funny

    1) By the time you finish reading these laws, they will be hopelessly out of date

    2) Don't use anything that Microsoft got near, even if the interaction was nothing more than an underling squinting at it over his morning coffee - It might be tainted, don't risk it.

    3) The nice thing about being a security consultant is that if the customers knew enough to judge your work, they wouldn't need you in the first place.

    4) "Security Consultant" is a important-sounding title that carries very little real responsibility.

    5) It doesn't matter how good your security is, some manager will give out his password to his wife/kids/secretary/dog, and data _will_ be lost. Don't wait for it to happen, back up the data _now_.

    --
    Contact Me (got tired of viruses emailing me).