ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Google+ ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1918 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Hack Attacks Denied
Author:
John Chirillo
ISBN:
0 471 41625 8
Publisher:
Wiley
Pages:
491pp + CD
Price:
£39-50
Reviewer:
Francis Glassborow
Subject:
security
Appeared in:
13-3
The first of these two books is written largely on the principle that you should know your enemy. I guess some will be deeply perturbed by a book that actually publishes a program whose purpose is to crack a Unix encrypted password file. However stop a moment and think. How do we understand the threats to our systems if we choose to remain wilfully ignorant of the weapons of our opponents? However by the time you have finished reading this book and perhaps testing your local network you will be a very worried network manager (even if that is just a small domestic network at home).

Once you have finished the first book (even long before you have done so) you will be an easy sell on the second one. Here the same author deals with the other side of the coin, knowing how to stop the cracker. This is an excellent and informative book with one major flaw, if everyone follows the policies suggested by the author we again have what is substantially a monoculture so that the cracker who finds a way in to one system will have a rich reward in being able to access many.

As individuals, families and small businesses increasingly have networks that are connected to the Internet (and often on almost a continuous basis) it becomes more important for those of us from whom advice is often sought to at least understand the problems. If we are professionals outside the field of computer security we would probably be wise not to hand out too much advice. I think that most of us could benefit from reading 'Hack Attacks Revealed' and many would then want to read 'Hack Attacks Denied' but be careful that you do not unwittingly place yourself in a position of responsibility for the security of someone else's computer(s).

I recommend that you find time to read at least the first of these books.