Early Review of Ghost in the Wires

Kevin Mitnick was kind enough to send me a galley copy of his upcoming autobiography Ghost in the Wires. Amazon.com won't let me post a review yet, so I'll write what I would have supplied to the site.In 2002 I reviewed Kevin Mitnick's first book, The Art of Deception. In 2005 I reviewed his second book, The Art of Intrusion. I gave both books four stars. Mitnick's newest book, however, with long-time co-author Bill Simon, is a cut above their...

Read More

Review of Windows Internals, 5th Ed Posted

Amazon.com just posted my five star review of Windows Internals, 5th Ed by Mark Russinovich and David Solomon, with Alex Ionescu. Microsoft Press provided a free review copy. From the review:Windows Internals, 5th Ed (WI5E) by Mark Russinovich and David Solomon, with Alex Ionescu, is a remarkable technical achievement. I read the book to better understand Windows to improve my security knowledge. I am not a Windows programmer, but I thought WI5E...

Read More

Review of Windows System Programming, 4th Ed Posted

Amazon.com just posted my five star review of Windows System Programming, 4th Ed by Johnson M. Hart. Addison-Wesley provided a free review copy. From the review:I read Windows System Programming, 4th Ed (WSP4E) by Johnson M. Hart after finishing Windows via C/C++, 5th Ed (WVCP5E) by Richter and Nasarre. While I liked WVCP5E, I found WSP4E to be the better book for the sort of understanding I was trying to achieve. I'm not a professional Windows...

Read More

Review of Windows via C/C++, 5th Ed Posted

Amazon.com just posted my four star review of Windows via C/C++, 5th Ed by Jeffrey M. Richter and Christophe Nasarre. Microsoft Press provided a free review copy. From the review:I will admit right away that I am probably not the target audience for this book, because I am not a professional Windows programmer. However, I am very interested in learning how Windows works, and Windows via C/C++, 5th Ed (WVCP5E) is one of the books that will help...

Read More

Review of Beginning Visual C++ 2010 Posted

Amazon.com just posted my five star review of Beginning Visual C++ 2010 by Ivor Horton. Wrox provided a free review copy. From the review:I read Ivor Horton's Beginning Visual C++ 2010 (BVCP2) to gain some familiarity with the C++ programming language. Prior to this book I read Mr Horton's Beginning C book. Between the two books, I hoped to learn enough about C and C++ to prepare me to read a third book titled Windows via C/C++, 5th Ed by Richter...

Read More

Review of Beginning C Posted

Amazon.com just posted my five star review of Beginning C by Ivor Horton. Apress provided a free review copy. From the review:I read Ivor Horton's Beginning C to gain some familiarity with the C programming language. As a security professional, being able to grasp the essence of C helps me understand security advisories and related discussion of vulnerabilities in exploits. Beginning C is a great book for a person like me, but it also appears to...

Read More

Review of Programming Amazon EC2 Posted

Amazon.com just posted my four star review of Programming Amazon EC2 by Jurg van Vliet and Flavia Paganelli. O'Reilly provided a free review copy. From the review:Because this is a short book, I'll write a short review. Programming Amazon EC2 (PAE) explains how to use certain elements of Amazon Web Services to deploy applications in Amazon's cloud infrastructure. The discussion centers on the authors' experiences deploying live, production Web...

Read More

The Ninja Turtle/Color Code (Hartman) Personality Test

Personality tests have always been pretty interesting to me. I enjoy taking tests to find out a bit more about myself and how I work. The most famous tests that I am aware of are the Hartman Personality Profile (also know as the Color Code) and the Myers-Briggs Type Indicator test. Today I want to present a new test:The Ninja Turtle Personality Test! Read article...

Read More

UBM Cancels GTEC, Bejtlich Considers Alternatives

I received word this week that the venue hosting my special session of TCP/IP Weapons School 3.0 was cancelled! That means no GTEC and no extra DC class. I'm sad to hear this because I'm receiving word from students wondering what happened.As best I understand it, the current Federal budget situation made hosting this conference a tough prospect for the DC crowd. At this point I'm evaluating options, including hosting a class myself. If you would...

Read More

Cooking the Cuckoo's Egg

In February I spoke at the DoJ Cybersecurity Conference. My abstract for the talk was the following:In 1989 Berkeley astronomer Cliff Stoll wrote the most important book in the history of computer incident response, The Cuckoo's Egg. Twenty years after first reading the book, Richard Bejtlich, [then] Director of Incident Response for General Electric, re-read The Cuckoo's Egg in search of lessons for his Computer Incident Response Team (GE-CIRT)....

Read More

How to do Sleeve Faces

Doing sleeve faces (or record faces) is a fun thing you can do with all your old records! Here are some tips for how you can get the most out of it. Read article...

Read More

APT Drives Up Bomber Cost

Bill Sweetman wrote a good article on the new Air Force bomber program titled USAF Bomber Gets Tight Numbers. I found the following paragraph interesting:One factor will drive up the cost of the bomber’s R&D: its status as a SAP [Special Access Program]. SAP status — whether the program is an acknowledged SAP, as the bomber is likely to be, or completely black — incurs large costs. All personnel have to be vetted before they are read into the...

Read More

Aviation Week on China's Military Capabilities

Today Richard D. Fisher, Jr. and Bill Sweetman published an online article for Aviation Week titled Sizing Up China's Military Capabilities. Of interest to my readers might be the following:It is no secret that long-term U.S. Air Force and Navy planning is focused on China...A decade ago, many U.S. analysts were unimpressed by the People’s Liberation Army (PLA)... By 2011, such hubris has given way to palpable concern...The elements of this capability...

Read More

Answering Questions on Reading Tips

A few of you asked questions via Twitter or comments on my All Reading Is Not Equal or Fast post, so I'll try answering them here.When you review a book that was less than perfect or heck even one that was perfect could you also suggest some alternatives?I'll be honest. That could be more work than I'm willing to do in a free forum like Amazon.com and this blog. Sometimes I mention alternatives because they're fresh in my mind and I like the other...

Read More

Review of Web Application Obfuscation Posted

Amazon.com just published my four star review of Web Application Obfuscation by Mario Heiderich, Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay. From the review:I had really no idea what to expect when I started reading Web Application Obfuscation (WAO). I hoped it would address attacks on Web technologies, perhaps including evasion methods, but beyond that I didn't even really know how to think about whatever problem this book might address....

Read More