Book picks similar to
You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches by Josephine Wolff
non-fiction
tech
security
cybersecurity
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
Gordon Corera - 2015
The book is rich with historical detail and characters, as well as astonishing revelations about espionage carried out in recent times by the UK, US, and China. Using unique access to the National Security Agency, GCHQ, Chinese officials, and senior executives from some of the most powerful global technology companies, Gordon Corera has gathered compelling stories from heads of state, hackers and spies of all stripes.Cyberspies is a ground-breaking exploration of the new space in which the worlds of espionage, diplomacy, international business, science, and technology collide.
Threat Modeling: Designing for Security
Adam Shostack - 2014
Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Cyberphobia: Identity, Trust, Security and the Internet
Edward Lucas - 2015
Stories about weaknesses in cybersecurity like the "Heartbleed" leak, or malicious software on the cash registers at your local Target have become alarmingly common. Even more alarming is the sheer number of victims associated with these crimes--the identities and personal information of millions is stolen outright as criminals drain bank accounts and max out credit cards. The availability of stolen credit card information is now so common that it can be purchased on the black market for as little as four dollars with potentially thousands at stake for the victims. Possibly even more catastrophic are hackers at a national level that have begun stealing national security, or economic and trade secrets. The world economy and geopolitics hang in the balance.In Cyberphobia, Edward Lucas unpacks this shadowy, but metastasizing problem confronting our security--both for individuals and nations. The uncomfortable truth is that we do not take cybersecurity seriously enough. Strong regulations on automotive safety or guidelines for the airline industry are commonplace, but when it comes to the internet, it might as well be the Wild West. Standards of securing our computers and other internet-connected technology are diverse, but just like the rules of the road meant to protect both individual drivers and everyone else driving alongside them, weak cybersecurity on the computers and internet systems near us put everyone at risk. Lucas sounds a compelling and necessary alarm on behalf of cybersecurity and prescribes immediate and bold solutions to this grave threat.
Code: Version 2.0
Lawrence Lessig - 1999
Harvard Professor Lawrence Lessig warns that, if we're not careful we'll wake up one day to discover that the character of cyberspace has changed from under us. Cyberspace will no longer be a world of relative freedom; instead it will be a world of perfect control where our identities, actions, and desires are monitored, tracked, and analyzed for the latest market research report. Commercial forces will dictate the change, and architecture—the very structure of cyberspace itself—will dictate the form our interactions can and cannot take. Code And Other Laws of Cyberspace is an exciting examination of how the core values of cyberspace as we know it—intellectual property, free speech, and privacy-—are being threatened and what we can do to protect them. Lessig shows how code—the architecture and law of cyberspace—can make a domain, site, or network free or restrictive; how technological architectures influence people's behavior and the values they adopt; and how changes in code can have damaging consequences for individual freedoms. Code is not just for lawyers and policymakers; it is a must-read for everyone concerned with survival of democratic values in the Information Age.
Reversing: Secrets of Reverse Engineering
Eldad Eilam - 2005
The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into disassembly-code-level reverse engineering-and explaining how to decipher assembly language
The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America
James Bamford - 2008
Now Bamford describes the transformation of the NSA since 9/11, as the agency increasingly turns its high-tech ears on the American public.The Shadow Factory reconstructs how the NSA missed a chance to thwart the 9/11 hijackers and details how this mistake has led to a heightening of domestic surveillance. In disturbing detail, Bamford describes exactly how every American’s data is being mined and what is being done with it. Any reader who thinks America’s liberties are being protected by Congress will be shocked and appalled at what is revealed here.From the Trade Paperback edition.
The Cyber Effect: A Pioneering Cyberpsychologist Explains How Human Behavior Changes Online
Mary Aiken - 2016
Levitt, co-author of Freakonomics - One of the best books of the year--NatureMary Aiken, the world's leading expert in forensic cyberpsychology, offers a starting point for all future conversations about how the Internet is shaping development and behavior, societal norms and values, children, safety, privacy, and our perception of the world. Drawing on her own research and extensive experience with law enforcement, Aiken covers a wide range of subjects, from the impact of screens on the developing child to the explosion of teen sexting and the acceleration of compulsive and addictive behaviors online. Aiken provides surprising statistics and incredible-but-true case studies of hidden trends that are shaping our culture and raising troubling questions about where the digital revolution is taking us.Praise for The Cyber Effect"How to guide kids in a hyperconnected world is one of the biggest challenges for today's parents. Mary Aiken clearly and calmly separates reality from myth. She clearly lays out the issues we really need to be concerned about and calmly instructs us on how to keep our kids safe and healthy in their digital lives."--Peggy Orenstein, author of the New York Times bestseller Girls & Sex"[A] fresh voice and a uniquely compelling perspective that draws from the murky, fascinating depths of her criminal case file and her insight as a cyber-psychologist . . . This is Aiken's cyber cri de coeur as a forensic scientist, and she wants everyone on the case."--The Washington Post"Fascinating . . . If you have children, stop what you are doing and pick up a copy of The Cyber Effect."--The Times (UK)"An incisive tour of sociotechnology and its discontents."--Nature"Just as Rachel Carson launched the modern environmental movement with her Silent Spring, Mary Aiken delivers a deeply disturbing, utterly penetrating, and urgently timed investigation into the perils of the largest unregulated social experiment of our time."--Bob Woodward"Mary Aiken takes us on a fascinating, thought-provoking, and at times scary journey down the rabbit hole to witness how the Internet is changing the human psyche. A must-read for anyone who wants to understand the temptations and tragedies of cyberspace."--John R. Suler, PhD, author of The Psychology of Cyberspace"Drawing on a fascinating and mind-boggling range of research and knowledge, Mary Aiken has written a great, important book that terrifies then consoles by pointing a way forward so that our experience online might not outstrip our common sense."--Steven D. Levitt"Having worked with law enforcement groups from INTERPOL and Europol as well as the U.S. government, Aiken knows firsthand how today's digital tools can be exploited by criminals lurking in the Internet's Dark Net."--Newsweek
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
James Michael Stewart - 2015
This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
File System Forensic Analysis
Brian Carrier - 2005
Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed. Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools--including tools he personally developed. Coverage includes Preserving the digital crime scene and duplicating hard disks for dead analysis Identifying hidden data on a disk's Host Protected Area (HPA) Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques Analyzing the contents of multiple disk volumes, such as RAID and disk spanning Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
Marcus J. Carey - 2019
Tribe of Hackers wants to change that. We asked for industry, career, and personal advice from 70 cybersecurity luminaries who are ready to break down barriers and shatter ceilings. It's about time.This book can be a catalyst for change for anyone, from beginners trying to enter the industry, to practitioners looking to start their own firms. What tips do the founders of Dragos, Inc. and Duo Security have on starting a company? Do you need a college degree or certification to be a cybersecurity professional? What is the biggest bang-for-the-buck action your organization can take to improve its cybersecurity posture? What "life hacks" to real hackers use to make their own lives easier? What resources can women in cybersecurity utilize to maximize their potential?All proceeds from the book will go towards: Bunker Labs, Sickle Cell Disease Association of America, Rainforest Partnership, and Start-Up! Kid's Club.We can't wait to show you the most epic cybersecurity thought leadership collaborative effort, ever.(Source: Amazon.com)
Android Hacker's Handbook
Joshua J. Drake - 2013
Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis Covers Android application building blocks and security as well as debugging and auditing Android apps Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath
Ted Koppel - 2015
Tens of millions of people over several states are affected. For those without access to a generator, there is no running water, no sewage, no refrigeration or light. Food and medical supplies are dwindling. Devices we rely on have gone dark. Banks no longer function, looting is widespread, and law and order are being tested as never before. It isn’t just a scenario. A well-designed attack on just one of the nation’s three electric power grids could cripple much of our infrastructure—and in the age of cyberwarfare, a laptop has become the only necessary weapon. Several nations hostile to the United States could launch such an assault at any time. In fact, as a former chief scientist of the NSA reveals, China and Russia have already penetrated the grid. And a cybersecurity advisor to President Obama believes that independent actors—from “hacktivists” to terrorists—have the capability as well. “It’s not a question of if,” says Centcom Commander General Lloyd Austin, “it’s a question of when.” And yet, as Koppel makes clear, the federal government, while well prepared for natural disasters, has no plan for the aftermath of an attack on the power grid. The current Secretary of Homeland Security suggests keeping a battery-powered radio.In the absence of a government plan, some individuals and communities have taken matters into their own hands. Among the nation’s estimated three million “preppers,” we meet one whose doomsday retreat includes a newly excavated three-acre lake, stocked with fish, and a Wyoming homesteader so self-sufficient that he crafted the thousands of adobe bricks in his house by hand. We also see the unrivaled disaster preparedness of the Mormon church, with its enormous storehouses, high-tech dairies, orchards, and proprietary trucking company – the fruits of a long tradition of anticipating the worst. But how, Koppel asks, will ordinary civilians survive?With urgency and authority, one of our most renowned journalists examines a threat unique to our time and evaluates potential ways to prepare for a catastrophe that is all but inevitable.
Automate the Boring Stuff with Python: Practical Programming for Total Beginners
Al Sweigart - 2014
But what if you could have your computer do them for you?In "Automate the Boring Stuff with Python," you'll learn how to use Python to write programs that do in minutes what would take you hours to do by hand no prior programming experience required. Once you've mastered the basics of programming, you'll create Python programs that effortlessly perform useful and impressive feats of automation to: Search for text in a file or across multiple filesCreate, update, move, and rename files and foldersSearch the Web and download online contentUpdate and format data in Excel spreadsheets of any sizeSplit, merge, watermark, and encrypt PDFsSend reminder emails and text notificationsFill out online formsStep-by-step instructions walk you through each program, and practice projects at the end of each chapter challenge you to improve those programs and use your newfound skills to automate similar tasks.Don't spend your time doing work a well-trained monkey could do. Even if you've never written a line of code, you can make your computer do the grunt work. Learn how in "Automate the Boring Stuff with Python.""
Worm: The First Digital World War
Mark Bowden - 2011
Banks, telecommunications companies, and critical government networks (including the British Parliament and the French and German military) were infected. No one had ever seen anything like it. By January 2009 the worm lay hidden in at least eight million computers and the botnet of linked computers that it had created was big enough that an attack might crash the world. This is the gripping tale of the group of hackers, researches, millionaire Internet entrepreneurs, and computer security experts who united to defend the Internet from the Conficker worm: the story of the first digital world war.
The Perfect Weapon: How the Cyber Arms Race Set the World Afire
David E. Sanger - 2018
The Perfect Weapon is the riveting story of how, in less than a decade, cyberwarfare displaced terrorism and nuclear attacks as the greatest threat to American national security. Cheap to acquire, difficult to defend against, and designed to shield their user's identities so as to complicate retaliation, these weapons are capable of an unprecedented range of offensive tactics; they can take us just short of war, allowing for everything from disruption to theft to the cause of widespread damage of essential infrastructure systems. And the vulnerability of those systems has created a related but equally urgent conflict: American companies like Apple and Cisco must claim allegiance to no government in the name of selling secure products around the globe yet the US intelligence agencies want the help of such companies in defending against future cyberattacks. Reported and written with unprecedented access by New York Times chief Washington correspondent and bestselling author David Sanger, The Perfect Weapon takes readers inside war rooms and boardrooms, into the secret cyberdens of American and Chinese military, to give the deep-background story of the increasingly pitched battle between nations, their governments, their cyberwarriors, and their corporations.