Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

I really enjoyed learning about typing timing patterns, the blinking light vulnerability on modems and parasitic storage and computing were my favorite topics covered in his book. One of my favorite parts about the book is that he will begin to go into talking about how a specific piece of technology works and you will be wondering, okay where is he going with this and then right at the end you will suddenly understand the significance of it all and why the vulnerability occurs.

I also really liked the part where he was talking about NMAP or Port Scans and how since the scanner uses a Linear Congruent Generator to generate the order of the ports to scan randomly I had never thought about how this could actually reveal the attackers time zone because given output from a weak LCG you can recover the seed used in the generator which is often the time in milliseconds since January 1st I believe. I also thought his section on web bots was a very creative and ingenious paper.

Above all this book inspires you to think outside of the book and to realize that seemingly unimportant information might not be so unimportant after all. Jun 10, Julio Biason rated it it was ok Shelves: This is a book about passive detection. I really don't know, because the subject keeps jumping around so much you have no idea the point the author wants to make. There are plenty explanations for stuff, but mostly is dumbed down to the point it doesn't even make sense. Also, there is plenty of "this author research" or "a research that yours truly did" that sounds more like "Hey, look how awesome I am" than "you should really worry about this thing".

About the edition, there are original articles in their original form, but they are presented in mono spaced font in a weird indentation that doesn't fit any layout you chose landscape, two columns landscape, portrait. Also, there are chapter footnotes and book footnotes and both follow the same format, which means you will find a "[1]", followed by a "[]", followed by a "[2]".

And the author uses "Too," instead of "Also," which, for a non-native English speaking person like me, sounds strange as hell. Oct 23, Mark Hillick rated it really liked it.

Zalewski is renowned throughout the InfoSec industry for simply being incredible and bringing many new ways of thinking to the industry through his research. In "Silence on the Wire", Zalewksi discusses security vulnerabilities and methods of attack that are simply mind-boggling. Although I've been in InfoSec for quite some time and there are areas of repetition for me, much of the book was fascinating and thought-provoking, from both a defender and attacker mindset. The one downside is that the b Zalewski is renowned throughout the InfoSec industry for simply being incredible and bringing many new ways of thinking to the industry through his research.

The one downside is that the book is quite inaccessible I feel for someone new to InfoSec and may scare them off: Aug 22, Ivan rated it it was amazing Recommends it for: Genius work focusing on passive recon, and not a very hard read either. The explanation of the thoughts and discoveries behind his ideas is easily as interesting as the real-life examples of how they can be used.

And if you think your data can truly be secure, just try to understand, that is not the world we live in today I bought this book for myself at HOPE , but it was so good I gave it t Genius work focusing on passive recon, and not a very hard read either. I bought this book for myself at HOPE , but it was so good I gave it to a friend and ordered another. May 04, Nina rated it it was amazing Shelves: This book focusses on security flaws that exist because of the way something was designed. They may not all be the most commonly exploited flaws, since some aren't so practical to take advantage of, but they sure are interesting to learn about.

The book starts right within the heart of the computer and expands all the way out to the internet as a whole. It is less of a practical guide in that it neither really tells you how to exploit something, or how to protect you against said exploit, it mer This book focusses on security flaws that exist because of the way something was designed.

It is less of a practical guide in that it neither really tells you how to exploit something, or how to protect you against said exploit, it merely seeks to explain how it works because of how things are. May 23, Prasanna rated it really liked it. I read this right after Zalewski got hired by Google as their web security guru. He has good perspective on security engineering and it is reflected in the pages of this book. As we obsess over the things we can see and secure, this book takes the approach of understanding the people, not very unlike Art of Deception in ages past.

Not all the vectors are going to be obvious but you need to anticipate them. Jun 18, Adi rated it it was amazing.

It is a bit dated, and it will only get more so, but it only means you need to read it as soon as possible. For me it's a good example that an author can get in-depth about a technical subject and keep it interesting at all times.

It really gave me some new insights about networking and it-sec. Feb 25, Nemo rated it liked it. Well another book finished that I have on my 'to-read-urgently' shelf since, well, I don't remember.

Account Options

Oct 02, Takedown rated it really liked it Shelves: A bit dated but still interesting book about cool low level tricks. I was especially fascinated about first part of the book and those hardware hacks. Oct 05, Xiaolu rated it it was amazing. I love the way the author describes the ways in which information that is sent through networks becomes vulnerable to attacks or surveillance. Oct 13, Ryan Williams rated it liked it.

Poor structure and poorly written as well as a lot of content which was last relevant in Nov 03, J. A great generalist's introduction to the ways information can leak from a system, especially as that system's design becomes more complex.

Apr 29, Andy Magnusson rated it it was amazing. A fantastic and readable overview of a wide range of passive reconnaissance techniques, mixed with a good dose of computing history. Kamil Grabowski rated it it was amazing Nov 15, Ray rated it it was amazing Nov 06, James Tipton rated it really liked it May 17, Jason rated it it was amazing Jul 30, Wang Xiaoran rated it it was amazing Mar 29, Droc rated it it was amazing Sep 07, Lesh leshimir rated it it was amazing Jan 23, Silence on the Wire is a narrated guide through the marvelously complex and fascinating world of computer and networking security.

The book offers an in-depth dissection of some of the most interesting, beautiful, and unique security and privacy problems that I have stumbled upon and explored to date.

• Fino allultima riga: Un romanzo a fari spenti (Destini incrociati) (Italian Edition).
• Silence on the Wire - O'Reilly Media.
• Longarm 359: Longarm and Lovin Lizzy?
• Join Kobo & start eReading today!
• ;
• What is Kobo Super Points??
• Dissent of the Earth Messengers.

SotW is not a reference book, not an almanac of known vulnerabilities, and is not a guide to securing your enterprise over the weekend. Its goal is to challenge, offer insight, and provoke exploration of uncharted cyber-lands; I hope it also manages to convey a good deal of solid, practical knowledge of use to all readers. I believe that SotW has something novel and noteworthy to say, although I am not to judge. If you aren't bored to death just yet, you might want to read a sample chapter and see table of contents , over at my publisher's webpage.

1. Books & Videos.
2. Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks | RSA Conference;
3. A 4000 Year Mirage.

Polish translation of the book is just out. If you are interested in it instead of the original version, click here to read more, see a sample chapter , or order on-line.

Italian version is also out ; German, Chinese, French, and Russian translations are also available somewhere. Excerpts are also available through Computerworld. Other than the endorsements above, and a page set up by the fine folks at Openwall , here is a non-discriminatory list of reasonably reputable reviews I am aware of: It presents a unique view of how a hacker.

The discovery of a technical book in this style is cool. Dobb's Journal gives us thumbs up and calls the book thought-provoking: But I became fascinated by his approach to network security from a reconnaissance point of view [ What makes it a joy to read are the author's appealing humility, sense of humor and vast knowledge. If you want to understand the stealthier side of hacking, this book is for you. Whether you are a seasoned systems administrator, a security specialist, a rank beginner or a high-level manager, this book is likely to open your eyes to issues you've never considered; you may never look at your computers in quite the same way.

You'll also get scared and conclude that information security is impossible. And rather than dryly detailing exploits, author Michal Zalewski shares his compelling skillset and readily communicates a Sherlock-like delight in his subject matter. In his hands computer and networked security issues become as thrilling and in the end as pleasing as any shorter work of Conan Doyles. Indeed, material is both highly readable and intriguingly photogenic.

Read it and get ready to be humbled. Instead of writing about the same mainstream topics that countless other professionals have revisited and revised, author Michal Zalewski, a self-taught security researcher, provides an out-of-the-box, thought-provoking book that escapes the everyday standard security practice discussions of firewalls and social engineering. Many have praised this book for bringing innovative thinking into the world of security.