Home » Books, Poetry & Writing » Books » Self-help books

Hacking The Next Generation

1 Comment
- Rate this book
- Your Comments

12 Like

Like 12

Pin It

Ranked #8,300 in Books, Poetry & Writing, #292,473 overall

Hacking The Next Generation Book

"Hacking, The Next Generation" by Nitesh Dhanjani, Billy Rios and Brett Hardin, O'Reilly, 2009, ISBN: 978-0-596-15457-8.

Chapters:
1. Intelligence Gathering: Peering Through the Windows to Your Organization
2. Inside-Out Attacks: The Attacker Is the Insider
3. The Way It Works: There Is No Patch
4. Blended Threats: When Applications Exploit Each Other
5. Cloud Insecurity: Sharing the Cloud with Your Enemy
6. Abusing Mobile Devices: Targeting Your Mobile Workforce
7. Infiltrating the Phishing Underground: Learning from Online Criminals?
8. Influencing Your Victims: Do What We Tell You, Please
9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
10. Case Studies: Different Perspectives

Rate this book
More Security Books
Your Comments

Buy the book from Amazon

Hacking The Next Generation Book Review

Overall, this is a good book and I recommend it. Hacking, The Next Generation, lends itself to both the technical and managerial information security professional though it is heavily technical. The book has a wealth of code snippets and almost plain English explanations of the actual exploits which are reasonably easy to understand by the less technical information security professional.

Throughout the book the authors make it clear the human element in information security is still the weakest link. Many of the exploits rely heavily on tricking people into taking action they should not take, through either simple phishing or downright fraud.

Intelligence gathering is covered with a focus on utilization of social networking to gather information or social engineer the information from others.

Social networking exploits run from account compromise to exploiting data so readily displayed with seemingly no concern for identity protection on the part of the user or the social networking application.

Considerable detail is presented on multiple web-based exploits associated with cross-site scripting and un-patchable vulnerabilities in protocols such as FTP, SMTP and ARP. Explanations are good with some exploit code presented and explained.

Cloud-based vulnerabilities are well covered with an emphasis on cloud vendor images for operating systems and applications. The authors point out the known and unknown weaknesses in these offerings and offer recommendations on ways to avoid those problems. As with social networking, knowing the vendor offerings and utilizing a vendor with the best security mechanisms is best.

Interesting was the short life span of bogus sites used by phishers and the success that can be obtained in that short life span.

Another interesting part was the chapter on combining exploits of existing vulnerabilities, combined with the use of social engineering techniques to lead to an almost assured compromise. User education is paramount here and it needs management support and real world examples to back it up.

Mobile devices take a hit, too, and the authors point out multiple vulnerabilities. Capturing data through unprotected hot spot sniffing to targeted theft and wireless compromise in hotels, airports and other businesses are still in use. Add to that the apps available on smart phones for social networking site usage and the risk increases markedly.

Regardless of the exploit, the technical safeguards and obstacles, the weak link is still the people to whom an organization must provide access and this book makes that very clear. Throughout almost every chapter compromised employees, users, are the main entry into corporate information systems. Keeping our users educated on the most recent real world threats with real examples is paramount.