Reprint. NYT.

    Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict—Cyber War! Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security. This is no X-Files fantasy or conspiracy theory madness—this is real.

    Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The spectrum of topics covered includes how to:* Hook kernel structures on multi-processor systems* Use a kernel debugger to reverse system internals* Inject call gates to create a back door into Ring-0* Use detour patches to sidestep group policy* Modify privilege levels on Vista by altering kernel objects* Utilize bootkit technology* Defeat live incident response and post-mortem forensics* Implement code armoring to protect your deliverables* Establish covert channels using the WSK and NDIS 6.0

    Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do.Diagnose. Troubleshoot. Optimize.Analyze CPU spikes, memory leaks, and other system problems Get a comprehensive view of file, disk, registry, process/thread, and network activity Diagnose and troubleshoot issues with Active Directory® Easily scan, disable, and remove autostart applications and components Monitor application debug output Generate trigger-based memory dumps for application troubleshooting Audit and analyze file digital signatures, permissions, and other security information Execute Sysinternals management tools on one or more remote computers Master Process Explorer, Process Monitor, and Autoruns

    Many of the difficulties however, are not in the classroom... In The (Un)official Teacher's Manual, Omar Akbar offers direct, humorous and accessible advice on how to deal with the daily issues faced by a teacher- none of which involve teaching! Includes guidance on: lesson observations, emails, promotions, avoiding meaningless extra work, meetings, parents, maintaining a work-life balance, dealing with workplace bullying, and much more. While Omar pulls no punches on the reality of working in a school, a positive streak is maintained throughout. A must read for any teacher or potential teacher. - - - - - - - - - - - - - - Contents: Introduction: Why This Book Was Written 1. How to Get the Most from Observations, Learning Walks, and Book Scrutinies 2. The Don’ts of the School Email System 3. How to Get Promoted and Other Things to Consider 4. How and When to Say No and Yes 5. The Dos and Don’ts of Meetings 6. How to Get Parents on Your Side 7. Guidance for Trainee Teachers 8. Ensuring a Life-Work Balance 9. Bullying: the Problem and the Solution 10. How to Get the Teaching Job You Want 11. Maintaining Good Relationships 12. Why It’s All Worth It

    This is one of those cases. The UNIX System Administration Handbook is one of the few books we ever measured ourselves against." -From the Foreword by Tim O'Reilly, founder of O'Reilly Media "This book is fun and functional as a desktop reference. If you use UNIX and Linux systems, you need this book in your short-reach library. It covers a bit of the systems' history but doesn't bloviate. It's just straightfoward information delivered in colorful and memorable fashion." -Jason A. Nunnelley"This is a comprehensive guide to the care and feeding of UNIX and Linux systems. The authors present the facts along with seasoned advice and real-world examples. Their perspective on the variations among systems is valuable for anyone who runs a heterogeneous computing facility." -Pat Parseghian The twentieth anniversary edition of the world's best-selling UNIX system administration book has been made even better by adding coverage of the leading Linux distributions: Ubuntu, openSUSE, and RHEL. This book approaches system administration in a practical way and is an invaluable reference for both new administrators and experienced professionals. It details best practices for every facet of system administration, including storage management, network design and administration, email, web hosting, scripting, software configuration management, performance analysis, Windows interoperability, virtualization, DNS, security, management of IT service organizations, and much more. UNIX(R) and Linux(R) System Administration Handbook, Fourth Edition, reflects the current versions of these operating systems: Ubuntu(R) LinuxopenSUSE(R) LinuxRed Hat(R) Enterprise Linux(R)Oracle America(R) Solaris(TM) (formerly Sun Solaris)HP HP-UX(R)IBM AIX(R)

    The BTHb includes essential information in a condensed handbook format. Main topics include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and numerous other quick reference topics. The book is designed specifically to share "real life experience," so it is peppered with practical techniques from the authors' extensive career in handling incidents. Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server - this book should help you handle the case and teach you some new techniques along the way.

    This text concisely describes the Python language and its programming environment for those readers already familiar with languages such as C and C++.

    Now, 10 years later and in the third edition, this classic still reigns supreme as the book written by an SQL master that teaches future SQL masters. These are not just tips and techniques; Joe also offers the best solutions to old and new challenges and conveys the way you need to think in order to get the most out of SQL programming efforts for both correctness and performance.In the third edition, Joe features new examples and updates to SQL-99, expanded sections of Query techniques, and a new section on schema design, with the same war-story teaching style that made the first and second editions of this book classics.

    I asked other people and they didn't seem to know how these things work, or at least they couldn't explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!" --Stephen Northcutt, CEO, SANS Institute "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It's technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field." --From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections; and coauthor of Network Security: Private Communications in a Public World "What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks." --Lenny Zeltser, coauthor of Malware: Fighting Malicious Code "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." --Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis's real strength is in his ability to show complex topics in an understandable form. By the time he's done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against both." --William Stearns, network security expert, www.stearns.org "This book is a must-have for anyone in the Internet security game. It covers everything from the basic principles to the fine details of online attack methods and counter-strategies and is very engagingly written." --Warwick Ford, coauthor of Secure Electronic Commerce For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You'll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.Important features of this new edition includeAll-new "anatomy-of-an-attack" scenarios and tools An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more Fully updated coverage of reconnaissance tools, including Nmap port scanning and "Google hacking" New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit New information on dangerous, hard-to-detect, kernel-mode rootkits

    And they did it without fanfare or recognition from their employer. Hiltzik's Dealers of Lightning provides a fascinating look at technohistory that sets the record straight. In Dealers of Lightning, Hiltzik describes the forces and faces behind the revolution that the Xerox PARC team single-handedly spawned. The Xerox PARC group was composed solely of top technical minds. The decision was made at Xerox headquarters to give the team complete freedom from deadlines and directives, in hopes of fostering a true creative environment. It worked — perhaps too well. The team responded with a steady output of amazing technology, including the first version of the Internet, the first personal computer, user-friendly word-processing programs, and pop-up menus. Xerox, far from ready for the explosion of innovation, failed to utilize the technology dreamed up by the group. Out of all the dazzling inventions born at Xerox PARC, only a handful were developed and marketed by Xerox. However, one of these inventions, the laser printer, proved successful enough to earn billions for the company, therefore justifying its investment in the research center. Most oftheteam's creations would go on to be developed and perfected by other companies, such as IBM, Apple, and Microsoft. Drawing from interviews with the engineers, executives, and scientists involved in the Xerox PARC, Dealers of Lightning chronicles an amazing era of egos, ideas, and inventions at the dawn of the computer age.

    Team leads usually have little to no idea how to handle people related issues – issues that affect how the morale, quality of work, and overall performance of the team, and of course impacts how easy or hard it is to implement “the new stuff”.Most team leaders are clueless as to how to handle their manager giving them an impossible due date, a team member reluctant to try anything new, or another team member teaching all the other members practices from 25 years ago that today only hurt the team.Why?No one teaches that to software team leads. Team leads today, in the overwhelming majority of places, are just developers who worked hard and stayed with the company long enough to be promoted. But they have no people or management skills - and those are very painfully needed when you are trying to drive the things you believe in inside an organization that has very little interest in changing.Team leadership is the next big thing that software developers need to conquer, or none of this unit testing, TDD, Agile or Lean thing is going to catch on, except in very small circles, that, by chance, happen to have the right people leading their teams.

    Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to: - Replace nonstop crisis response with a systematic approach to security improvement - Understand the differences between "good" and "bad" metrics - Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk - Quantify the effectiveness of security acquisition, implementation, and other program activities - Organize, aggregate, and analyze your data to bring out key insights - Use visualization to understand and communicate security issues more clearly - Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources - Implement balanced scorecards that present compact, holistic views of organizational security effectiveness Whether you're an engineer or consultant responsible for security and reporting to management-or an executive who needs better information for decision-making-Security Metrics is the resource you have been searching for. Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Foreword Preface Acknowledgments About the Author Chapter 1 Introduction: Escaping the Hamster Wheel of Pain Chapter 2 Defining Security Metrics Chapter 3 Diagnosing Problems and Measuring Technical Security Chapter 4 Measuring Program Effectiveness Chapter 5 Analysis Techniques Chapter 6 Visualization Chapter 7 Automating Metrics Calculations Chapter 8 Designing Security Scorecards Index

    Essentially three books in one: provides thorough introductions to the PHP language and the MySQL database, and shows you how these two technologies can be effectively integrated to build powerful websites. Provides over 500 code examples, including real-world tasks such as creating an auto-login feature, sending HTML-formatted e-mail, testing password guessability, and uploading files via a web interface. Updated for MySQL 5, includes new chapters introducing triggers, stored procedures, and views.

    This completely revised edition shows you how to master key JavaScript concepts such as functions, closures, objects, prototypes, and promises. It covers APIs such as the DOM, events, and timers. You’ll discover best practice techniques such as testing, and cross-browser development, all taught from the perspective of skilled JavaScript practitioners.