Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Black Hat Physical Device Security", Drew Miller

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Black Hat Physical Device Security", Drew Miller
Date: Fri, 12 Aug 2005 08:50:24 -0800 
BKPHDVSC.RVW   20050615

"Black Hat Physical Device Security", Drew Miller, 2005,
1-932266-81-X, U$49.95/C$72.95
%A   Drew Miller jdrewm@gmail.com
%C   800 Hingham Street, Rockland, MA   02370
%D   2005
%G   1-932266-81-X
%I   Syngress Media, Inc.
%O   U$49.95/C$72.95 781-681-5151 fax: 781-681-3585 amy@syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/193226681X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/193226681X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/193226681X/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   363 p.
%T   "Black Hat Physical Device Security"

The introduction asserts that products are insecure, and also tries to
say something about trust.  There is no clear statement in regard to
the purpose or intent of the book, however.  In addition, there are an
alarming number of grammatical and spelling errors, and this error
rate doesn't get any better in the course of the text.

Chapter one notes that it is possible to program safely.  Most systems
have bugs, notes chapter two, but despite the fact that we have to
rely on insecure systems, the document points out that we can retrofit
security onto systems.  Encryption is covered in chapter three, which
also contains ten pages of C language source code, which apparently is
an attempt to convince you how simple encryption is.  There is also
some discussion of standard authentication forms and biometrics: it
seems rather odd, but is tied in towards the end of the chapter with a
discussion of how encryption can protect authentication data.  Chapter
four describes a number of attacks involving input, and suggests
mitigating procedures.  Monitoring of data submitted is recommended in
chapter five.  Various hardware security devices are considered in
chapter six.  Chapter seven is mostly authentication, and a little bit
of cryptography.  There is more on monitoring in chapter eight. 
Chapter nine closes off with discussions of notification.  

Given no stated purpose for the book, it is very difficult to say
whether it reaches its own, or any other, objective.  There are scraps
of useful information contained in these pages, but little structure
and no apparent purpose.

copyright Robert M. Slade, 2005   BKPHDVSC.RVW   20050615


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
If a train station is where a train stops, what happens
                        at a workstation?       - Frederick Wheeler
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



------------------------ Yahoo! Groups Sponsor --------------------~--> 
<font face=arial size=-1><a 
href="http://us.ard.yahoo.com/SIG=12hjq9prn/M=362329.6886308.7839368.1510227/D=groups/S=1705007140:TM/Y=YAHOO/EXP=1123869058/A=2894321/R=0/SIG=11dvsfulr/*http://youthnoise.com/page.php?page_id=1992
">Fair play? Video games influencing politics. Click and talk back!</a>.</font>
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Black Hat Physical Device Security", Drew Miller, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [HIPAA-CISSP] Requesting help for Product Comparison., Roshan Yacob George
Next by Date:  [HIPAA-CISSP] RE: [cissp-ethics] Requesting help for Product Comparison., McGovern, James F (HTSC, IT)
Previous by Thread:  [HIPAA-CISSP] Requesting help for Product Comparison., Roshan Yacob George
Next by Thread:  [HIPAA-CISSP] RE: [cissp-ethics] Requesting help for Product Comparison., McGovern, James F (HTSC, IT)
Indexes:  [Date] [Thread] [Top] [All Lists]