Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

Phishing Exposed Review

Posted by Myrtis Jiles on 11/12/2012 / Labels: , , , , , , / Comments: (0)
Phishing Exposed
Average Reviews:

(More customer reviews)Are you looking to buy Phishing Exposed? Here is the right place to find the great deals. we can offer discounts of up to 90% on Phishing Exposed. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Phishing Exposed ReviewPhishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.
The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.
Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.
My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.
Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.Phishing Exposed Overview

Want to learn more information about Phishing Exposed?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Malware Forensics: Investigating and Analyzing Malicious Code Review

Posted by Myrtis Jiles on 8/20/2012 / Labels: , , , , , , / Comments: (0)
Malware Forensics: Investigating and Analyzing Malicious Code
Average Reviews:

(More customer reviews)Are you looking to buy Malware Forensics: Investigating and Analyzing Malicious Code? Here is the right place to find the great deals. we can offer discounts of up to 90% on Malware Forensics: Investigating and Analyzing Malicious Code. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Malware Forensics: Investigating and Analyzing Malicious Code ReviewMalware Forensics is an awesome book. Last year Syngress published Harlan Carvey's 5-star Windows Forensic Analysis, and now we get to enjoy this new title by James Aquilina, Eoghan Casey, and Cameron Malin, plus technical editing by Curtis Rose. I should disclose that I co-wrote a forensics book with Curtis Rose, and I just delivered a guest lecture in a class taught by Eoghan Casey. However, I still call books as I see them, regardless of the author. (Check out my review of Security Sage's Guide to Hardening the Network Infrastructure for proof.) I can confidently say that anyone interested in learning how to analyze malware, or perform incident response, will benefit from reading Malware Forensics.
I imagine that code-savvy investigators probably don't need to read Malware Forensics. However, this is not a book for newbies. The target audience includes those doing intrusion analysis on Windows and Linux who want to focus directly on examining malicious code. An investigator whose world revolves around reviewing hard drives with EnCase will probably not understand Malware Forensics. An investigator who needs guidance on identifying and then understanding malware will definitely like this book.
The front cover emphasizes the book's "practical, hands-on" nature. I admit that I tried to follow along in many parts, usually by retrieving various Windows tools to try on malware caught in my spam folder. I do not expect the reader to become an expert in any one area of analysis, but I do applaud the authors for exposing readers to just about every aspect of malware analysis you might expect. The book uses large and small cases, multiple sample analyses, and extensive tool output to guide readers. Even the legal chapter covers the questions most of us are likely to ask.
Furthermore, how often does one read an introduction (through p xxxvi) that is educational? I loved the points about DNA tests destroying evidence and the discussion of what is "forensically sound" on p xxv, and the mention of "evidence dynamics" on p xxvi. I got the sense the authors were real forensics experts, not strictly malware geeks. The citing of non-infosec sources when making points showed me they understood the big picture (p xxxi). They also cited their tools with footnotes and URLs, and included chapter end-notes.
I found very little to complain about in this book. I noticed awkward placement of commas in chapters 3 and 8. A copyeditor could have removed those. From what I can see, the authors appreciated Curtis Rose's involvement. Syngress should observe the value of an editor who seriously reviews the text. (The last page of the book even includes errata that couldn't make it into the previous text!)
I am seriously considering Malware Forensics as my Best Book Bejtlich Read in 2008. If it doesn't win (stay tuned for announcements at the end of December) Malware Forensics will be one of the top four for the year.Malware Forensics: Investigating and Analyzing Malicious Code Overview

Want to learn more information about Malware Forensics: Investigating and Analyzing Malicious Code?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...