Archive

Archive for the ‘Books’ Category

Richard Clarke sucks [updated]

April 23rd, 2010 1 comment

Today I read a review on Threat Level tearing apart Richard Clarke’s new pile of hardbound bullshit.  I really hate Richard Clarke.  At least when it comes to cyber-anything, he’s full of shit and I don’t know why anyone considers him any kind of expert.

Rather than my usual obscene rant, I’m just going to provide some choice video clips.  These are my two favorite segments from the PBS Frontline titled “Cyberwar” from a few years ago.

Update:  I found a photographic record of Richard Clarke and his brave three hundred pushing enemy packets off the edge of the internet.

"Those packets look thirsty, boys!"

Categories: Books, FAIL

Surely a misprint

August 2nd, 2009 Comments off

The assurance that the components are enforcing the abstract idea of the reference monitor is proved through testing and functionality.

— Shon Harris, All-In-One CISSP Exam Guide 4th Ed., p. 328

Nnnnnnnno, actually testing can’t possibly give that kind of assurance, and I’m not sure what “functionality” is supposed to mean here – it runs fine, so it must be working as expected?  The Third Commandment of the Reference Monitor, which had just been given in the text, is that it must be small enough to be completely verified.  That verification is the assurance.

Categories: Books, FAIL

I got a new book

June 13th, 2009 Comments off

And I died a little inside.

Sigh.

Sigh.

Categories: Books

Gray Hat Python by Justin Seitz – Errata

June 10th, 2009 43 comments

I found solutions to both of the problems I mentioned in my previous post about Gray Hat Python – everything works fine on my laptop, which runs 32-bit Windows XP.  I’m loving the book so far.  However, I ran across several errors in the code listings, so eventually I found an email address for Mr. Seitz and let him know.  He said he’d send them on to the publisher to post corrections on the book’s web page.  In the mean time, I’ll go ahead and list them out here in case any other readers are struggling.  I’ll update it if necessary as I progress through the book.

Gray Hat Python in the Stacksmash International Testing Laboratory.

Gray Hat Python in the Stacksmash International Testing Laboratory.

So, here we go. Read more…

Categories: Books

Gray Hat Python by Justin Seitz

May 17th, 2009 10 comments

Update: for a little actual discussion of things in the book, I have a post on errata in the code listings here.

Recently, I got the book Gray Hat Python: Python Programming for Hackers and Reverse Engineers by Justin Seitz.  I like books published by No Starch Press, I like Python, and I like “hacker and reverse engineer” stuff.  So now that I finally got all done with college and graduation (the reason for the gap in posting here), I decided to start reading the book.

After a bit of introduction, the very first thing Seitz shows you how to do is build a debugger, using Python and the ctypes library to call into Windows kernel APIs.  That’s pretty cool, but I ran into a problem when it came to attaching to existing processes – no matter what, Kernel32.DebugActiveProcess returns 0 (fail) with error code 50 (NOT_SUPPORTED).  I can’t find anything directly related to this problem.  However, at the beginning of the text, Seitz says he assumes a 32-bit Windows platform.  I’m on 64-bit Vista.  I had hoped to get away with using the 32-bit version of Python et al., but it doesn’t look like it’ll work.

So I wanted to drop Seitz an email to ask him about it, maybe see if he could put something on the book’s web page saying “Hey, this won’t work at all under 64-bit or Vista or whatever.”  Problem is, I don’t see an email address for him in the book, nor on the book’s page, nor at his employer Immunity’s site.  I thought maybe he has a blog, so I’ll Google his name and see what I can find.

Read more…

Categories: Books

Book Review: Computer Security Handbook, nth Edition

March 8th, 2009 Comments off

I see they’ve somehow come out with an even bigger, two-volume edition of the Computer Security Handbook, by Seymour Bosworth, M.E. Kabay, and a crapload of other authors.  I haven’t had a chance to actually read the new edition.  If someone sent me a review copy for some reason, I would probably not open it.

See, I did get to know the previous edition (#4 in the series).  It was used as the textbook for one of my classes.  I traded about a hundred dollars for it, thinking, “Hot dog!  There must be all sorts of cool things to learn in here!”  Well, after finishing that class, let me sum up my review of that book in three easy steps:

1) It’s garbage.

2) One of the chapters begins with a dictionary definition of its topic.  Yeah, I can remember times I opened an essay with a dictionary definition.  In third grade.

3) I have found a way to slowly get my money’s worth out of the book.  I believe I’m putting it to the best possible use this way, although kindling for a campfire is a close second.  Check it out:

This book is GREAT! as a monitor stand.

This book is GREAT! as a monitor stand.

Yep.  As far as this book goes, my recommendations are  “get something else,” or if it’s too late, “put something on top of it.”

Categories: Books