Black Hat

CWitz writes "I'll be honest: I'm not terribly technical. In fact, I'll probably have to get someone to help me add in the tags necessary to convert this review to readable HTML. But what I lack in technical skills, I more than make up in apprehension about the darker aspects of the internet. When I get an unexpected e-mail, I'm sure it's from some identity theft villain full of virtual lock picks just dying to snatch all my private information. John Bigg's new book Black Hat: Misfits, Criminals, and Scammers in the Internet Age is an entertaining and educational book that provides me with more than enough information about how to protect my vulnerable computer." Read on for the rest of his review; it's not aimed at experts, but Scott makes it sound like a good read for the interested layman. Black Hat: Misfits, Criminals, and Scammers in the Internet Age author John Biggs pages 176 publisher APress rating 8 reviewer CWitz ISBN 1590593790 summary An introduction to the morass of malice that threatens any internet-connected personal computer; gives a broad overview of both social engineering and purely mechanical attacks, and advice on avoiding them.

Biggs is a technical journalist with more than seven years of real-world IT experience (programming and management), and he handles complex topics on the page in a fun, easy to understand manner. The book begins with the tale of a hapless spam victim in Germany, and moves on to introduce us to Alan Ralsky, the "spam king of Detroit."

Ralsky describes himself as an honorable marketing professional, but a Detroit Free Press article in November of 2002 pointed out that his computers vomit out more than 650,000 emails each hour. While his label of spammer or marketer may be debatable, there's no question about his efficiency. From the interview with Ralsky, Biggs moves into telling the story of his own struggle with spam. The discussion then turns to various relevant legal and social issues, and this shift is a hallmark of the book's positive qualities.

Black Hat effortlessly moves from straightforward factual reporting to first-person narratives to social and political commentary. The factual sections are just-the-facts-ma'am-reporting that would seem at home in any newspaper or technical journal. The first-person narrative sections are funny and reassuring. For leery technophobes like me, it's nice to know the experts struggle with many of the same computer bugaboos that plague me. The political and social commentary sections succinctly explain legal and cultural influences that shape the world of the internet today.

A good example of the political commentary is the chapter entitled "Upload or Perish: Pirates." As an aspiring author myself, I've always found myself believing that "sharing" intellectual property was inherently wrong. So I chose not to use Napster or Kazaa or the other options and totally agreed with efforts to prosecute active Napster users. But in this chapter, Biggs points out the misguided attempts of the industry by targeting the wrong people in their fight against sharing and piracy. In Eastern Europe and China, there are CD-pressing factories spewing out thousands of copies, complete with jewel case, printed insert, and full-color printing that are almost impossible to distinguish from the real product.

Biggs writes: "BMG Music representative Rob Anderson told me that many of the pirates have better CD and DVD reproducing equipment than even the large, official distributors." The discussion of industry actions targeting the wrong people continues with "Record companies can sue as many 12-year-olds as they want...but the equation will always be the same: piracy cannot be stopped." Detailed explanations of key landmark piracy lawsuits follow and the chapter ends with Biggs providing some suggestions for how the industry can help themselves in more effective ways, rather than attacking kids with home computers and a Jones for Metallica. Quite simply, he states the industry should use the technology to effectively deliver their product, at a reasonable cost, to the consumer. If listeners are going to share files, then the industry should harness the technology instead of stomping their feet and demanding that teenagers continue to trek down to the local mall and spend twenty dollars on a CD that may only have one or two good songs.

Personally, I'm still not sure that I believe in file sharing. Just because something isn't tangible (it's music or it's words or it's code) doesn't mean someone didn't work hard for it and invest in it. But Biggs' illuminating discussion certainly made me see how the industry has mismanaged their very lifeblood. I may not be file sharing anytime soon, but I won't be part of the angry mob hunting down file sharers any longer.

In Black Hat, Biggs manages to clearly explain certain technical aspects of spam, viruses, and other internet parasites. For instance, we've all seen that pile of gibberish at beginning of spam e-mails and Biggs explicates that mess in a way that anyone can understand. Like those rare moments in high-school English class when the teacher explains a poem that you always thought was unintelligible garbage, and the light goes on, and suddenly that long-haired Brit makes sense -- after reading Black Hat, I now understand much of what was to me only gibberish before.

In the chapter entitled "Shockwave: Worms and Viruses," Biggs dissects a simple, working worm. The worm was written by 16-year-old in Austria named Second Part to Hell with a taste for programming to White Zombie. Biggs interviews the worm writer and delves into the world of programmers he likens to sword makers, steeped in art and tradition. They do not include any dangerous payloads in their worms, but the possibility that someone could use the worm for malevolence isn't their concern, any more than the sword maker worries about how the weapon is being used. The dissection of Second Part to Hell's worm begins by actually showing the PHP web-programming code. Biggs then walks through each section, explaining how the worm selects which files to infect, creates a copy of itself, and processes its code to spread, and finally appends itself to the top of each file so it can seek out new victims.

The book goes on to discuss Nigerian 419 scammers, malicious virus writers, hacking legends like Lord Digital, spyware, and ultimately what a user can do to protect their computer and data. Entertaining and educational, Black Hat was a valuable read to a non-technical person like me. Best of all, John Biggs' suggestions for protecting my computer against the frightening aspects of the internet have made my cyber activities more comfortable and secure.

You can purchase Black Hat: Misfits, Criminals, and Scammers in the Internet Age from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

What level of experience is this book?

[quantax]

I am just curious cause I've been looking for something like this to explain to my parents, both of whom are self-described computer-stupid, and are in need of such knowledge due to some past issues. They're the type of people who might use the acronym CPU and mean a hard drive, if you know what I mean, when describing computer problems. Is this something I could give to them and they'd understand, or is this something I give to someone who's already has a technical understanding of computers?

At least...

[causality]

At least works like this will help to increase the awareness that the fact that people could be out to screw you over does not disappear and give way to a fairy-tale world just because you go online. People who would feel insecure not locking their cars and their houses do some amazingly stupid things online because there's still this idea that Microsoft or the Web site (think online shopping) or their ISP will take care of all security matters for them. I hope the book sells well, as awareness in this area is sorely needed, plus it sounds entertaining.

Re:My take

Not to start a flame war but I realy don't get spam.

Use the simple aprach of 3 email address types:

Work / Personal only HUMANS get this.

Websites that you trust. This is where you send mail that you get from ebay ect. Also used for stites that you might forget your passward ect. Tends to get a fair amount of psudo spam from things like dell saying "10% off laptops" ect but you may want to look into these things so there not realy spam.

And finaly A new hotmail address every month or so for sites that want personal info to log in ect where you want to look at something but you think you might get spam. Think of it as giving microsoft a DNS attack with every new spam this act needs to deal with.

Basicly, use defence in depth and a willingness to change your email address every once in a while and your golden.

PS: use a web from to handle new customers / tec requests instead of email address on a website and you don't get spam.

Re:Er?

>>If you are afraid of something, learn about it.

>Um, that's probably the reason the reviewer bought the book.

If you are already fearful of the Internet, purchasing a book titled Black Hat: Misfits, Criminals, and Scammers in the Internet Age is probably more to validate your fears rather than calm them.

Hard work doesn't necessitate a return on investme

[Donoho]

Personally, I'm still not sure that I believe in file sharing. Just because something isn't tangible (it's music or it's words or it's code) doesn't mean someone didn't work hard for it and invest in it.

I believe the growth of intangibles in our society will require a cultural/corporate paradigm shift. As much as we'd like to believe otherwise, the amount of effort we exert is not the only factor which determines our effort's worth. Supply and Demand.

The proliferation of books and music has traditionally be limited by access and the physical space they take up amongst your personal belongings (unless you go to your Library - Does anyone know if there have been similar historical issues with brick and mortar libraries?). The internet has become a digital library with no return date but, current laws make this illegal.

Here's an idea... How about instead of creating wrapper technologies which block sharing songs, books, and code, all are freely available but wraped in technologies which allow for easy donation to the effort's creator? An encoder which integrates certificates and paypal. I got nothing against middle (wo)men... they can maintain the servers. I can't imagine that this doesn't exist somewhere already...

Re:uhhh

[theCat]

Indeed. I've noticed a direct correlation between not understanding the Internet, and fearing it.

Case in point: I knew an administrative assistant once who kept a towel draped over the front of her monitor when she wasn't using the computer so people connected elsewhere on the LAN couldn't watch her paint her nails on the job. This was around 1990 at a university, and they were just then pushing out the administrative network to departments. She didn't want LAN access when it first arrived. Kept pulling the coax out of the back of her PC, and then the bit with the towel. She was really that scared. Really opened my eyes, I'll tell you.

This sort of thing (though more subtle) is more common than most of us realize.

But most of all I just don't care.

[machine+of+god]

You don't like it, but I hoped that it would be funny. Which makes it more effective than explaining that I don't feel that this guy is very credible, because he seems to feel that the next best thing to understanding something is fearing it.

CV of reviewer?

Doesn't it make sense for slashdot to at least post a biographical blurb of the reviewer?

So at least we know some of the potential conflicts of interest or biases that the reviewer may have.