Time, Once Again, For Amazon.com to Empty My Wallet

So I was wandering through a local bookstore the other day, and I noticed they'd finally organized the computer section into a more logical breakdown. They'd finally put all the books on Cisco networking in one place, all the books on Microsoft administration in one section, all the books on security in one section, etc. . . and even done a little cross-referencing, so you could find books on "Microsoft Security" out of the security section, for example. In any case, I came across some books that will now be inhabiting my shelf, once I get paid again, and I thought I'd share:

I actually picked up Hacking Exposed 5th Edition at the RSA security conference this year, so I don't need to buy it. It seems that McGraw-Hill's raking in money, because there's a whole slew of new books I'm going to be drooling over until Amazon delivers:

Hacking Cisco Networks Exposed

Hacking VoIP Exposed

Hacking Wireless Exposed

I may even check out Hacking Web Applications Exposed, depending on if I really want to get dragged back into the web-development world. I wasn't as impressed with their Hacking Windows Server 2003 Exposed book. I thought it was okay, but not as good as some of the others.

I'm waiting for updates to Hacking Linux Exposed and Hacking Computer Forensics Exposed. They both looked really good, when I paged through them at the store, but they're a little dated. Another book that littered the stack next to my chair at the bookstore was Rootkits: Subverting the Windows Kernel from Addison-Wesley Publishing. It looked pretty cool, but probably a bit over my head, (for now). Some people swear by the Hacking Exposed books, others aren't impressed. I, for one, enjoyed the Hacking Exposed Fifth Edition, and the three new titles that just came out look really good. So, there's going to be a set of new, thick, books adorning my desk at work sooner than later.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Sie

Feeling a little 'exposed' slowhand?

Seriously though: have they not released the 5th Edition over here yet? cannot find it on www.amazon.co.uk.

Anyone know when its due out?

sprkymrk

I love buying new books, but at $50 a pop for most computer books I try to keep it down to 1 a month. What really bites is that 2 years later you can't get $5 for that $50 book. As a matter of fact sometimes you can't get $1 and have to donate it to the library to avoid hundreds of books cluttering up the house. I have what amounts to three 6' tall by 3' wide book shelves (5 shelves each) devoted to just computer books.

sexion8

Man I can't overemphasize www.bestbargainbook.com ... I get most of my Cisco books from anywhere between .99 (that's cents and its not a misprint) to the most I've paid was 43 including shipping. 99.99999999999999% of the books I've bought were in surprisingly immaculate condition... The only thing I don't like about going there is I have to search for the books thoroughly since their search engine sucks... Also, what they have on their website is barely updated so I either call them or visit them on eBay http://stores.ebay.com/Best-Bargain-Books

sexion8

On Ebay right now...

Second Year Companion Guide (Cisco Networking Academy) $0.01
Cisco CCNP Remote Access Exam Certification Guide (Ci.. $0.01
Acrc Exam Certification Guide $0.01
Cisco Networking Academy Program: Engineering Journal.. $0.01
Cisco Networking Academy Program: Lab Companion, Volu.. $0.01
Dictionary of Internetworking Terms and Acronyms $0.01
CCSP SECUR Exam Cram 2 (642-501) $0.05
Cisco Internetwork Design ((CP) CERTIFICATION) $0.06
Access VPDN Solutions Guide $0.24
Cisco Internet Architecture Essentials Self-Study Gui.. $0.39
Cisco Ccnp Switching Exam Certification Guide (Cisco .. $0.40
CCNP CIT Exam Cram 2 (642-831) $0.42
Cisco CCNP Remote Access Exam Certification Guide (Ci.. $0.46
Access VPDN Solutions Guide by Cross, Sue; Cisco Sys.. $0.46
CCNP Routing Exam Certification Guide $0.46
Building Cisco Remote Access Networks $0.46
Building Scalable Cisco Networks: Prepare for CCNP an.. $0.47
OSPF Network Design Solutions by Thomas, Tom $0.48
Cisco CID Exam Certification Guide $0.49
Practical Cisco Routers (Practical Series) $0.57
CCSP SECUR Exam Cram 2 (642-501) $0.78
CSIDS Exam Cram 2 (Exam Cram 642-531) $0.85
CCSP SECUR Exam Certification Guide (CCSP Self-Study,.. $0.87
CCNP BSCI Exam Certification Guide (CCNP Self-Study, .. $0.88
Managing Cisco Network Security $0.96
Cisco CCNP Support Exam Certification Guide (With CD-.. $0.98
Cisco IOS 12.0 Network Security $1.02
Cisco Security Professional's Guide to Secure Intrusi..
IP Telephony Unveiled $1.97
CCIE Routing and Switching Exam Certification Guide $1.99
CCNP BCRAN Exam Certification Guide (CCNP Self-Study,.. $2.09
IP Telephony Unveiled $2.18
CCSP Cisco Secure PIX Firewall Advanced Exam Certific.. $2.27
CCIE: Cisco Certified Internetwork Expert Study Guide $2.66

I've ordered 10 books in one clip for under the price of one new book. Sure some might be a little outated, but I've managed to get newer ones (2004+) for under 10.00

sexion8

Slowhand wrote:

Hacking Cisco Networks Exposed

Hacking VoIP Exposed

Hacking Wireless Exposed

I've always snickered at books with the terms "hacking" in them. In fact I always shake my head in amusement... As for Hacking VoIP though... I've conversated with the authors when I created a SIP fuzzy tool that just missed making the book. They're actually pretty cool and down to earth. If you're interested in VoIP security then join the www.voipsa.org mailing list... Sorry I couldn't post this in my previous responses...

I personally feel there is little you can learn from books in relevance to true hacking... You can get a baseline on what people do, but the best methods of learning is building up things and tearing them down. Understanding how they work fully before trying to break them. FYI, I reported about 3 vulnerabilities within the last quarter for everything from Asterisk, to Windows, to completely shutting down Solaris x86 running on a core duo... I've been slowly working on a Skinny protocol attack, but I've been reading through the RFC's before I even make any programs. I did the same when I wrote Asteroid (www.infiltrated.net/asteroid) as when I wrote a BGP attack tool (unreleased)... I had to go back to RFC's in order to fully understand how dampening and flapping worked along with the tcp parameters used in BGP transactions...

I started also working on a multicast routing attack vector, but am so caught up with work studies and family so that will take a long time. Besides I don't have *THAT* many resources to test it therefore it remains theoretical based on what I read and my interpretations of that...

So which books did I read for most of this stuff? None. RFC's, mailing lists, implementations, curiousity, and a different perspective...

Slowhand

sexion8 wrote:

I've always snickered at books with the terms "hacking" in them. In fact I always shake my head in amusement...

...........

I personally feel there is little you can learn from books in relevance to true hacking... You can get a baseline on what people do, but the best methods of learning is building up things and tearing them down. Understanding how they work fully before trying to break them. FYI, I reported about 3 vulnerabilities within the last quarter for everything from Asterisk, to Windows, to completely shutting down Solaris x86 running on a core duo... I've been slowly working on a Skinny protocol attack, but I've been reading through the RFC's before I even make any programs. I did the same when I wrote Asteroid (www.infiltrated.net/asteroid) as when I wrote a BGP attack tool (unreleased)... I had to go back to RFC's in order to fully understand how dampening and flapping worked along with the tcp parameters used in BGP transactions...

I started also working on a multicast routing attack vector, but am so caught up with work studies and family so that will take a long time. Besides I don't have *THAT* many resources to test it therefore it remains theoretical based on what I read and my interpretations of that...

So which books did I read for most of this stuff? None. RFC's, mailing lists, implementations, curiousity, and a different perspective...

No one can make you read the books, nor do I expect to be a "hacker" by the time I've read them. They are good sources of information for, as you stated, learning a baseline and wrapping your brain around the basic concepts. I, personally, enjoy reading books for knowledge. I like mailing lists, whitepapers, exploring on my own, but I tend to start with books as my preferred medium. You learn from whatever source you can learn from. For the most part, I don't find the prices on Amazon too bad, compared to the actual bookstores where I usually see the books at first. For some things, buying a book that's a year or two old isn't a big deal, but sometimes you just need the latest release, (especially when studying for certs, like most on this forum). For example, I had gotten the fourth edition of Hacking Exposed from a tradeshow a few years ago. I read through it, and getting the fifth edition was a nice update, because there were some new things in it I hadn't really thought about before, and that didn't exist when the fourth edition came out.

Again, these books are pretty new, and I thought I'd share them with whoever was interested. It's always nice to see when something new is out, and I like to share it with my friends. If anyone else comes along something new they'd like to share, don't hesitate to share it. And, sexion8, thank you for sharing the eBay listings and the alternate book site. It'll be worth checking out, as are all venues for new information, (and new toys).

sprkymrk

sexion8 wrote:

I've always snickered at books with the terms "hacking" in them. In fact I always shake my head in amusement...

Why? Is it because of the book and it's content, or because of the target audience? Why snicker at a book where the author has probably tested, tried, broke/fixed, and researched before printing? I would suppose the mailing lists and RFC's you speak of were also frequented by the book's author. I don't think anyone would have snickered at the SIP fuzzy tool you created had it actually made it into the book. I just thought that was a strange comment, sorry if I pulled it out of context.

sexion8 wrote:

Understanding how they work fully before trying to break them.

Wouldn't picking up a good book on the subject help with that?

sexion8

sprkymrk wrote:

sexion8 wrote:

I've always snickered at books with the terms "hacking" in them. In fact I always shake my head in amusement...

Why? Is it because of the book and it's content, or because of the target audience? Why snicker at a book where the author has probably tested, tried, broke/fixed, and researched before printing? I would suppose the mailing lists and RFC's you speak of were also frequented by the book's author. I don't think anyone would have snickered at the SIP fuzzy tool you created had it actually made it into the book. I just thought that was a strange comment, sorry if I pulled it out of context.

sexion8 wrote:

Understanding how they work fully before trying to break them.

Wouldn't picking up a good book on the subject help with that?

I've seen from first hand experience the author is RARELY someone in the security industry and has often pulled out excerpts from someone else work. Then again in this day and age... Who hasn't... As for researched, tested, tried and broke... I've seen hacking exposed via my coworker and pointed out a lot of how do I put this... Obsoleted, untried, outdated, errata filled errors. I guess it has its place somewhere...

Snickered at Asteroid...? Indeed they did. Firstly it was targeted towards Cisco when I was building it, and I was dealing with their PSIRT team for quite a while... When I first started baselining it, I sent the idea to Henning Schulzrinne @ Columbia who said I was off... I had to let go of the CCM I was using it against for production so I tested it against Asterisk and quickly blew it off the map... All versions. Re-wrote it along with about 60k different randumbpacket injections, and sent it back to Henning Schulzrinne... So guess what happened then... Henning now uses it at times for security testing in his classes... PSIRT, I still keep in touch with them since I have a modified version... Hacking VoIP authors... I sent it too late to be included in print... Was never my intention to get it into print... I did it out of boreDumb

I guess for me... I've always loved going back to the core (RFC's, Guidelines) before picking up books... I've yet to come across the one definitive "Damn he's a hardcore hacker" outside of Applied Cryptography. And I mean this in the strictest sense of the word "hacker" as in security black belt pimp

... Although I know about 7-8 Cisco employees who scare me. None have written any books though, they're more old school BBS, greyhat types. Oh and Lance Spitzner who is another cool guy... Grrr... and while I sat typing and thinking a friend of mine named Laura Chappelle...! If I could find the word for her it would be something along the line of uberpimp(stress?)?

Ciscopimpenator

If I was a hacker, which I'm not, I would use the Hacking exposed books as a tool not an "end all" solution.

sprkymrk

sexion8 wrote:

I've seen from first hand experience the author is RARELY someone in the security industry and has often pulled out excerpts from someone else work.

Can you disclose these authors names? I've actually seen the opposite to be true, although I guess a lot of it really depends on one's definition of what qualifies as "the security industry".

Kaminsky

Subject did make me chuckle.

You guys not heard of bit comet ? You'd be amazed what you find on there. Perfectly legal... well.. for now!

You might even bump into MIKE STORM !!!! (sorry... the caps are compulsary!)

keatron

sprkymrk wrote:

I love buying new books, but at $50 a pop for most computer books I try to keep it down to 1 a month. What really bites is that 2 years later you can't get $5 for that $50 book. As a matter of fact sometimes you can't get $1 and have to donate it to the library to avoid hundreds of books cluttering up the house. I have what amounts to three 6' tall by 3' wide book shelves (5 shelves each) devoted to just computer books.

I wish!!! I spend at least $200 to $300 per month on books (and yes I read A LOT). My home office is one half lab and one half library.

sprkymrk

keatron wrote:

sprkymrk wrote:

I love buying new books, but at $50 a pop for most computer books I try to keep it down to 1 a month. What really bites is that 2 years later you can't get $5 for that $50 book. As a matter of fact sometimes you can't get $1 and have to donate it to the library to avoid hundreds of books cluttering up the house. I have what amounts to three 6' tall by 3' wide book shelves (5 shelves each) devoted to just computer books.

I wish!!! I spend at least $200 to $300 per month on books (and yes I read A LOT). My home office is one half lab and one half library.

Notice I did say "I try"....

Slowhand

sprkymrk wrote:

sexion8 wrote:

I've seen from first hand experience the author is RARELY someone in the security industry and has often pulled out excerpts from someone else work.

Can you disclose these authors names? I've actually seen the opposite to be true, although I guess a lot of it really depends on one's definition of what qualifies as "the security industry".

I figured that I'd field this one:

The Hacking Exposed Authors seem to be mainly from FoundStone (now owned by MacAfee), which would definitely make them one of those 'rare' groups that are closely involved with the security industry. Most of them have plenty of experience, looking at their bios on the page.

It looks like the Hacking Web Applications Exposed authors have similar backgrounds, (and even some of the same authors and contributors), as do the ones from Hacking Linux Exposed and Hacking Windows Exposed. Ironically, most of these authors have similar backgrounds to the ones in Hacking VoIP Exposed. I just don't see how the VoIP team is much different from the authors of the other books, in terms of experience and industry involvement.

JDMurray

sexion8 wrote:

On Ebay right now...

...

I've ordered 10 books in one clip for under the price of one new book. Sure some might be a little outated, but I've managed to get newer ones (2004+) for under 10.00

Making sure that you're buying the latest edition of a book is important. I sold used books through Amazon for a while, and although I always included the edition in the description, I'd occasionally get a customer who thought they were buying the latest editor of a book and didn't think to check if they really were.

And if you like Syngress books, the prices at the Syngress Outlet are usually worth a look.

JDMurray

keatron wrote:

I wish!!! I spend at least $200 to $300 per month on books (and yes I read A LOT). My home office is one half lab and one half library.

I wish that I had a corporation to buy me books and write them off on its taxes.

sprkymrk

Slowhand wrote:

sprkymrk wrote:

sexion8 wrote:

I've seen from first hand experience the author is RARELY someone in the security industry and has often pulled out excerpts from someone else work.

Can you disclose these authors names? I've actually seen the opposite to be true, although I guess a lot of it really depends on one's definition of what qualifies as "the security industry".

I figured that I'd field this one:

The Hacking Exposed Authors seem to be mainly from FoundStone (now owned by MacAfee), which would definitely make them one of those 'rare' groups that are closely involved with the security industry. Most of them have plenty of experience, looking at their bios on the page.

It looks like the Hacking Web Applications Exposed authors have similar backgrounds, (and even some of the same authors and contributors), as do the ones from Hacking Linux Exposed and Hacking Windows Exposed. Ironically, most of these authors have similar backgrounds to the ones in Hacking VoIP Exposed. I just don't see how the VoIP team is much different from the authors of the other books, in terms of experience and industry involvement.

Thanks, and likewise I was thinking of authors like:

Eric Cole (Hacker's Beware and Insider Threat)
Ed Skoudis (Malware: Fighting Malicious Code and Counter Hack)
Steven Northcut (Network Perimeter Security)
etc.