Product Description
Why work harder than you have to? One manager kept his senior execs happy by secretly hacking into the company's database to give them the reports they needed in one third of the time. Hacking is a powerful solution to every stupid procedure, tool, rule, and process we are forced to endure at the office. Benevolent hackers are saving business from itself.

It would be so much easier to do great work if not for lingering bureaucracies, outdated technologies, and deeply irrational rules and procedures. These things are killing us.

Frustrating? Hell, yes. But take heart-there's an army of heroes coming to the rescue.

Today's top performers are taking matters into their own hands: bypassing sacred structures, using forbidden tools, and ignoring silly corporate edicts. In other words, they are hacking work to increase their efficiency and job satisfaction. Consultant Bill Jensen teamed up with hacker Josh Klein to expose the cheat codes that enable people to work smarter instead of harder. Once employees learn how to hack their work, they accomplish more in less time. They cut through red tape and circumvent stupid rules.

For instance, Elizabeth's bosses wouldn't sign off on her plan to improve customer service. So she made videotapes of customers complaining about what needed fixing and posted them on YouTube. Within days, public outcry forced senior management to reverse its decision.

Hacking Work reveals powerful technological and social hacks and shows readers how to apply them to sidestep bureaucratic boundaries and busywork. It's about making the system work for you, not the other way around, so you can take control of your workload, increase your productivity, and help your company succeed-in spite of itself. ... Read more

Customer Reviews (11)

Hacking Work offers simple smart "work arounds" to overcome barriers toproductivity
Hacking Work speaks to all workers who feel stymied by overbearing and outdated bureaucratic rules and regulations, that prevent work from getting done easily and efficiently. Hacking Work offers real-life stories of smart hacks in the workplace, and simple solutions to help you find "work arounds" and overcome barriers to effectiveness and productivity.

When the authors speak about hacking, they are talking about benevolent hacking, and provide an ethical guide to doing good, doing well, and doing no harm, with guidelines on where to draw the line between benevolenceand going too far.

As an innovation consultant,I have methigh-performing Gen X and Y innovators in organizations, who, out of frustration with the standard way of getting things done,take matters into their own hands, and hack their way into producing great results for the company, the customer, and themselves. I didn't realise there is an army of such hackers, but I do know if managers let people know WHAT the goal is, and get out of the way, employees will figure out a better way to get things done.

This book is easy to read and digest. Use it to find smart ways to accomplish more, with less effort.

On "Hacking Work"
I love the positive attitude.
I feel better abut my lousy job already.
Recommended for anyone frustrated by "The System". Is there anyone that does not include?

Guide to thinking outside the box
If you've ever had the experience of having to do your job in spite of management, then this is the book for you. This book is all about diagonal thinking on the job. While most books of this type just throw countless examples at you in the hope that you'll just figure out what the people are doing, Hacking Work provides concrete steps for identifying where the opportunities for improvement lie, how to take best advantage of them, and how to weather the inevitable flack you'll get for daring to be different.

The book is primarily aimed at anyone who has to work in an environment where bureaucratic standardization has made things easier for management, but unreasonably difficult for those who have to do the work. A lot of the suggestions it provides involve an investment in effort to make sure that the change your making is an actual improvement, but there are a few items that just involve negotiating a new process.

Having been on both employee and management side of this, I would also recommend this book for upper management. It can be difficult for those insulated by several layers of managers to spot when issues crop up. These kind of hacks call attention to themselves in a way that can get through that. By encouraging celebration of the kind of hack presented in this book, you not only can encourage creative thinking in your work force, but a large number of these in one area can help identify middle management issues.

In general, I would definitely recommend this book to anyone simply because it encourages a frame of mind that can improve any environment you have to function in, whether it's at work, at home, or in social groups.

Inspiring, Easy-to-Read, and Practical
The title describes exactly what this book is about - "Breaking Stupid Rules For Smart Results".I've always been a rule-breaker and a hacker in the benevolent sense described in this book so it really resonated with me.I give out stars based upon the way I feel when I finish a book and I think the only reason I didn't give it five stars is because the ideas aren't new to me.I didn't have a "wow" feeling when I finished.However, I suspect for a great many people some of this will be new and very inspirational.Even an old rule-breaker like me was inspired to greater heights by this little gem.The ideas contained within it are communicated clearly and succinctly.There are tons of practical tips and the book is liberally sprinkled with real-world examples.It's an easy read but fairly dense in content.A worthwhile investment of a little bit of your time - I don't think you will be disappointed by it.

The New Manifesto for Getting Stuff Done in the Google Era
I've known Bill for the past seven years. I've read all his books, tried to implement many of his ideas, tools and strategies in both "Big Pharma" and small entrepreneurial biotech, and watched him on his crusade to liberate people from the shackles of big company top-down policies, processes, systems and tools that feed the corporate machine butstifle individual and team productivity.

I've just bought and read HACKING FOR WORK, his new book, co-authored with Josh, and I think that it's his best work so far. Bill's strategies, tools and philosophy do work. And they've now been super-charged with his unique collaboration with Josh Klein...Powerful stuff!!

HACKING FOR WORK breaks new ground in the Google Era. Smart. Practical. Provocative. Classic Jensen. A game changing manifesto for both Individuals and organizations who want to get stuff done and win in the Google era.

Five Stars!!! Thoroughly recommend this book for individuals and executives working in big and small companies, consultants and vendors selling on-line, open source products and services. A must read.

Rob Salt, Global Pharma Consulting
... Read more

Product Description

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment--all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings
• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Customer Reviews (65)

help
first off this CD will NOT work in a MAC
and unfortunately it seems it does not work in my PC either
i put it in, reboot my computer just like it says, and NOTHING is different; and the practices he gives you in the book mean ziltch without the cd working!!!
furthermore, without the CD, this whole book means less than nothing to me. It could not be more useless
just to make my point clear
this book is for people who are already adept and highly skilled at programming, and EXTREMELY farmiliar with C and other computer languages. big waste of $50

maybe in ten years when im the leader of nationwide cyber security this will help, but not now

Great Learning Material
This piece is very helpful for those who like a step-by-step and analogous style of learning. It starts at a very basic level, but soon goes straight into the nitty gritty which is helpful for those who like to go a little further than just basic level 10 material.

Fabulous
This book is the most interesting i've ever read. Its instructive and explains in detail everything you can expect.

I recommend it...

Excellent Book
After I read the first edition, I thought to myself that this was the best book on "hacking" that I have ever read. Very practical, technical, useful information for anyone who wants to get started with computer security and learn how "hackers" exploit computer software.

This book was written very well, where each step of the exploitation process was explained and I could follow along and execute the code being discussed in each chapter.

I bought the second edition which has even more material than the first and thought the same thing. Excellent book, must-read for anybody interested in this topic.

In order to get the most out of this book, I would recommend that the reader be familiar with the *nix command line and some experience with C programming.

Excellent Book
This is indeed an excellent book. I would surely recommend this book to anybody needing insights into different hacking methods. I am a graduate student in computer science and I don't think there are too many books on this subject out there that are better than this one. ... Read more

Product Description

Customer Reviews (10)

Good Intro to Next Gen Attacks
First Impressions...skinny book. Strike One.Chapter 1 -- "Intelligence Gathering: Peering Through the Windows to Your Organization" spends a lot of time on physical security and social engineering and no mention of Maltego.I'm not sure how anyone can write a book on Intelligence Gathering and NOT include Maltego. Strike Two.

At this point i was thinking I had a dud on my hands BUT Chapter 2 --- "Inside-Out Attacks: The Attacker Is the Insider" redeems. Tons of code and examples to make XSS work in "realistic" scenarios mix the right amount of tech and narrative.My only gripe was that they talked about using XSS shell for XSS exploitation instead of using BEeF which is actively maintained and developed.

All the other chapters (except for Chapter 3) were very good, none of the others are as technical as chapter 2 but I believe they cover the current trends in a entertaining and readable way.Like one reviewer mentioned the information covered in Chapter 5 -- "Cloud Insecurity: Sharing the Cloud with Your Enemy" was not what I expected.It covered high level "possible" attacks versus any "probable" attacks. With the exception of possibly making insecure VM's and getting people to run it.Chapter 7 -- "Infiltrating the Phishing Underground: Learning from Online Criminals?"was a "chapterfied" version of the authors talk on the subject.Chapter 4 -- "Blended Threats: When Applications Exploit Each Other" was a good overview of stringing vulnerabilities that would be/were not considered high risk into high risk issues by combining one or more together which actually is "next generation".

Chapter 3, IMO didnt cover anything new.Mostly a discussion of insecure protocols, arp spoofing, email spoofing. While still a relevant issue in security not "next generation".

Good book with novel attack vectors
I do agree with previous positive reviews. This book describes some novel attack vectors (e.g. related to social networking), which haven't been covered before anywhere else. It's a mile wide and an inch deep, but it will make you reconsider security of your organization.
Do get it. It's an easy read, thin, and a good addition to your bookshelf.
[...]

Timely, Meaningful, and Useful
"Hacking: The Next Generation" is a unique and valuable book -- it covers an important topic (hacking) in a meaningful and useful manner and it addresses issues of immediate import.This is not a book that will "date" itself due to its "current affairs" bent -- this publication covers issues and ideas that will remain relevant in the future.

I found this book's coverage of "people" as a security concern on par with "technology" to be on the mark.While technical topics such as blended threats and cloud infrastructure are covered in significant detail, this publication balances detail with the bigger picture and perspective well.

The authors, Nitesh Dhanjani and Billy Rios, provide some interesting and useful case studies to underscore and contextualize their points.Well-written and eye-opening, this is a book for anyone concerned with hacking.

Highly recommended.

A Good Introduction to Today's Top Threats
It's almost cliché to talk about how quickly things change in the IT world.When you're talking about IT security, though, "quickly" is an understatement.Why, then, do many of today's "hacking" books seem like they might have been written in 1999?Attackers have progressed beyond the scan-and-exploit phase; shouldn't your understanding of the threatscape evolve to match?

That is precisely the premise of "Hacking: The Next Generation."In fact, the title is a bit of a misnomer.It's not talking about the next generation of hacking at all; it's talking about the *current* one, albeit a generation of hacking that many security organizations haven't caught up with yet.

I first saw this book in the store, and a quick glance through the Table of Contents got me pretty excited.I saw topics like mobile security, the phishing underground, targeted attacks against company executives and (the big selling point for me) attacks against cloud computing.In fact, I was so excited to read it that I ordered it from Amazon on the spot, through my phone.After having read this book, I can say that it lived up to most of my expectations.

First off, this is a book about high end attackers, professionals who select their targets carefully, do their research and have a clear goal in mind.The authors' focus seems to be primarily organized crime, but they also cover motivated insiders and to a much lesser extent, nation-state actors.Collectively, these types of attackers are known in the trade as "Advanced Persistent Threats", or "APT".

Secondly, I really liked the fact that the book emphasizes what I will call an intelligence-based approach.APT is notorious for doing their homework and uncovering a shocking amount of information about their targets before the attack itself ever even begins.It's appropriate, therefore, that the book begins with a chapter on information gathering via search engines and other public sources. It also has an entire chapter describing how an attacker could use this public information to identify likely targets in an organization and map out their social and professional connections to identify potential weaknesses to exploit via social engineering.

One of the standout chapters was Chapter 5 ("Cloud Insecurity: Sharing the Cloud with Your Enemy").There are many definitions of "cloud" computing, the this chapter picks two leading examples (Amazon's EC2 and Google's App Engine) and discusses how these services work and several ways an attacker with access to these same public clouds could begin to attack systems deployed there.Even if you have no experience with cloud computing, this chapter provides enough background to allow you to understand and evaluate the risks that the authors bring to light.

There are a few areas for improvement in this book, though, that kept me from being able to assign a full five stars to this review.For a book about the "next" generation of hacking, many parts read like they could have been written 5, 10 or even 15 years ago.Chapter 3 ("The Way it Works: There is no Patch") discusses password sniffing, email spoofing and ARP poisoning, all techniques that are over a decade old.Although they are still seen in the real world, each of them has been covered better elsewhere.This chapter is just a glaring anachronism compared to some of the others, and it detracts from the "Next Generation" focus in a very distracting way.

Chapter 6 ("Abusing Mobile Devices") is also pretty weak.In a "Next Generation" chapter on mobile devices, I expected to see coverage of iPhones, BlackBerries and other popular smart phones.Instead, the authors' chose to focus on laptops and insecure Wi-Fi access.If you really want to know how to spoof an access point to read someone's email in the local Starbucks, I'd suggest buying another book that covers the topic in more detail.As it is, I was very disappointed that the authors chose to waste space on this topic when there are much more modern techniques being used in the real world.

Overall, "Hacking: The Next Generation" is a solid overview of the techniques used by some of today's top threats.It provides a good overview of the kind of intelligence-driven attacks you're likely to see from APT.Although parts of this book seem like they're looking backwards rather than forwards, the rest of the book more than makes up for those flaws.

No serious programmer should be without this expose
Also recommended for such a collection is Nitesh Dhanjani, Billy Rios and Brett Hardin's HACKING: THE NEXT GENERATION, a survey of hacking and internet issues and emerging attack vectors. From new hacks that try to exploit technical flaws to hacks from individuals via social networking sites and abuse in cloud formations, no serious programmer should be without this expose. ... Read more

Product Description

The world's bestselling computer security book--fully expanded and updated

"Right now you hold in your hand one of the most successful security books ever written. Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." --From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc.

"For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." --Patrick Heim, CISO, Kaiser Permanente

"The definitive resource to understanding the hacking mindset and the defenses against it." --Vince Rossi, CEO & President, St. Bernard Software

"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." --Bill Loesch, CTO, Guard ID Systems

"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." --Kip Boyle, CISO, PEMCO Mutual Insurance Company

"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," --Jeff Moss, Founder of the popular Black Hat Security Conference

Meet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.

New and updated material:

• New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking
• Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits
• The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits
• New wireless and RFID security tools, including multilayered encryption and gateways
• All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices
• Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage
• VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking
• Fully updated chapters on hacking the Internet user, web hacking, and securing code

Customer Reviews (8)

Very good book- very minor issues
I very much like the hacking exposed series.It provides solid coverage of many topics ranging from scanning and enumeration to privilege escalation.If you are looking for an introduction to the hacking world this is it.

My complaint is that each new edition does not have nearly enough differences with previous editions.Frankly if you have version 5, you can skip six. I have learned to buy about every 2nd or 3rd edition.

Hacking Exposed 6
First off I can't say that the Hacking Exposed series wasn't a big part of my infosec education over the years. I read the first edition when I was in my first year of college in 1999. It was a very taboo book at the time and presented many new tools to me and opened up a new passion. With that said I find little value in the 6th edition of the book it's much the same as the first one with updated information.

This book is best read by people that know very little about how attacks work and want to discover how the average low level attacker goes about doing things. This book is not bad at all but it really just doesn't add anything to my arsenal or provide me with any new information that is valuable to me.

If you want a book that can give you a very entry level understanding of how attacks might take place and need a book to teach you the very basic's of how to become a script kiddy or how they operate then this book is a good choice.

I mean no disrespect by this but it is my opinion that true hacking or pen-testing does not and can not follow the old methodologies that are outlined in this book.

There is simply not an A to B route that is to be followed in hacking/pen-testing and tossing attacks from tool after tool at systems isn't the right way to go about testing.

In my opinion this book is the best choice for someone with a new interest in the subject and knows very little about security testing and defense. This is a good place to start to learn the very basic's of offensive infosec and to pick up some entry level knowledge on how to defend against it.

If you are looking for an introduction or a bridge to entry level certification such as certified ethical hacker or certified penetration tester this would be a good choice to pick up before you start your studies to fill in the gaps.

Overall this is a great book just take it for what it is. It is not a book on how to hack. It is an introduction to hacking and some of the common tactics that are used. If you're not defending against these then you're doing a poor job.

To be fair to the author and the series this book was a pioneer in the industry at the time it was introduced there was little information on the subject to be found in this type of structure. In our infosec crazed world of today so many books follow this exact format that reading it becomes dry and very boring.

Overall great series pioneers of information security books but a new approach is needed and maybe that is present in the hacking exposed series but I can not comment on that because I have only read scattered editions of the original title.

6Th Edition, why?
My first exposure with hacking series was back in 2002 the 2nd edition, in the Foreword of the 2nd edition they summed up the expectation and identified the who should read this book "...But if a computer network has a security vulnerability and no one knows about it, is it insecure?".
In writing this review I like to bring to attention the fact that I am not sure who is the intended audience anymore.
I have seen this book on every network engineer's and self proclaimed security guru's book shelf, many of the one's I have seen were not even used once.
So my question is why do people keep on buying this book, is it the title? The marketing? Or is it a cult think? I was given the 6th edition as a gift. I read most of it out of curiosity, and after a while I realized that this book does not have a true audience.

This book is not written for;
.-The hacker since many of the hacking techniques are either irrelevant or old and most hackers know a better way.
.-The criminal. See previous note.
.-An auditor. If it was, it would have specific processes on how to conduct and audit.
.-Management, they don't care how hping2 works.
.-Those who are concerned about wireless security. There is a "hacking exposed for wireless" book for them.

If we take away the fat, this book has about 200 pages of useful information, most of which can be found using the authors favoritesearch engine Google
why did I give it a 2 star instead of just 1, I did like the entire 10th Chapter, this section has very relevant information, and it has a purpose, it introduces the concept of governance and use of standards such as ISO17799 which is actually ISO27001:2005 and NIST Publications 800-64 and 800-27. It explains the SDLC although the author calls it SDL combining the Life with Cycle. So if this is your First Hacking Exposed book, buy it with caution, but if you already have one, don't "upgrade".
Best Fishes and thank you for reading.

Too Basic
A basic overview of attacks. This book lacks sample code but I suppose it would be OK for someone that just wanted to lightly touch upon different cyber attacks worked. In all honesty, I'd stick to wikipedia.

Great Book
this is a very accurate and very informative book (and even though im 16, its still easy XD) i read it and started loving it, all this stuff is very good and useful cuase of it my computer is more secure now ... Read more

Product Description

A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them!

It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist and has been updated to cover the latest hacks for Windows 7 and the newest version of Linux.

Offering increased coverage of Web application hacks, database hacks, VoIP hacks, and mobile computing hacks, this guide addresses a wide range of vulnerabilities and how to identify and prevent them. Plus, you'll examine why ethical hacking is oftentimes the only way to find security flaws, which can then prevent any future malicious attacks.

• Explores the malicious hackers's mindset so that you can counteract or avoid attacks completely
• Covers developing strategies for reporting vulnerabilities, managing security changes, and putting anti-hacking policies and procedures in place
• Completely updated to examine the latest hacks to Windows 7 and the newest version of Linux
• Explains ethical hacking and why it is essential

Hacking For Dummies, 3rd Edition shows you how to put all the necessary security measures in place so that you avoid becoming a victim of malicious hacking. ... Read more

Customer Reviews (19)

A great starting point to learn about Pen testing
This book was a quick read and has lots of annotations for further reading. Specifically, I enjoyed the sections on Metasploit which made an under-documented tool seem straightforward.

One interesting feature is that this book has a rare section on Novell Netware.While this book is well worth the price for an introduction to penetration testing, I would like to see some new materiel on MacOS (hopefully in the fourth edition!).

Great read & value for the money.

Trusted Supplier
After scanning the internet for this reference book I came across this book seller in Texas. As advertised the book was new and was at a very low price. It had only nominal wear (about 10 pages were creased on the corner) and there was no print damage at all. This was a current volume published this year in 2010, and was perfect for my new career in Information Security. Shipping was prompt and arrived ahead of schedule. The packing materials were intact and sufficient for the distance travelled. I got the impression that the seller had nothing to hide and given the price charged, it was an excellent value. If the opportunity is available later, I would buy from this vendor again.

Great intro to hacking
Very good intro to tools/methods used for basic hacking.Not complete for CEH prep, as they don't talk about IDS/IPS or other defensive measures any.No coding, primarily tools and their usage.An easy-to-read primer.

Great reference
I work in the developer and IT industry and purchased this book to get a mind set of the criminal mind when it comes to hacking.This book is great for checking your security infrastructure and ensuring its safety, by allowing you to 'hack' your own network, and then patch it to ensure others can not. Great book and easy read, I love all of the 'For Dummies' books and they are a great reference for my growing computer references.

hacking for dummies
Great book. Be very careful with the software links however. Many will damage your computer or network. Learn how to defend your computer without downloading hazardous programs.Steve
... Read more

Product Description
Showing Xbox owners how to increase the value and utility of their system, Hacking the Xbox features step-by-step tutorials on hardware modification that teach basic hacking techniques as well as essential reverse engineering skills. Full discussions of the Xbox security mechanisms and other advanced hacking topics are here, along with practical pointers from hacking gear resources to soldering techniques. The book also covers the social and political implications of hacking and profiles the humans behind the hacks in candid interviews.Amazon.com Review
This--this being the attitude encapsulated in Andrew "bunnie" Huang's Hacking the Xbox--is why a lot of people got into the computer industry in the first place. These people liked taking things apart and figuring out how they worked, then making them serve purposes they weren't originally designed for and sharing the new discoveries with others of like mind. Sure, Huang's book is about how to how to turn Microsoft's game console into a high-performance, general-purpose personal computer with a small price tag, and it contains lots of details about the how the heavily advertised gizmo is put together. But you can get the technical material on the Web. What's valuable about Huang's work is that he communicates the pure joy of taking the Xbox apart, figuring out how it works--despite its many designed-in anti-hacking features--and making it do new things. This book reads like the journal of a seventeenth-century voyage of discovery.

There's a wealth of information in these pages about how to disassemble and reverse-engineer electronics, and Huang is careful to show you what tools you need, and how to use them (don't worry if you don't know how to use a soldering iron--that's covered here). There also are step-by-step guides (complete with photos) to a couple of projects, and interviews with key figures in the Xbox-hacking community. --David Wall

Topics covered: How to enjoy a Microsoft Xbox game console without the mindless tedium of playing video games. This book shows you how to open an Xbox, make modifications to it (from a cosmetic LED color change, to putting in a new power supply, to adding a USB connector), and make the changes needed to get Linux running on it. In the process, readers get an education in reverse engineering electronic circuits, as well as in basic electronic techniques (soldering, crimping, etc) and in the intellectual property law that governs hacker activity. ... Read more

Customer Reviews (27)

God!! it is being cited 46 times...
Did you believe that this book is cited 46(34+12) times by academic? Just trace the Google scholar! Oh my God.

Bunnie inspires a budding computer engineer
I bought this book for my then teenage son who wanted his XBox to do more than what Mr. Gates wanted it to do. Phil astounded me with the skills he developed in soldering, mechanics, and searching for the resources he needed.

Bunnie goes into great detail to explain not just how to do the job physically, but weaves a tale of how Microsoft has attempted to secure the XBox and leads the reader along a road of computer hardware discovery.

Well it worked. Phil not only turned his XBox into a fully-functional linux box but he became inspired and this year graduated from college as a computer engineer.

Thanks, Bunnie.

Fascinating read, short on actual projects
I purchased this book because I would like to learn about reverse engineering without getting a degree.Tinkering with an Xbox, which can be purchased for less than $50, sounds like a great idea.The book, sadly, is short on actual projects to learn from.The vast majority is about hacking, reverse engineering, and legal issues related to these activities.The book is well written and the arguments for the freedom to reverse engineer and invent in your own garage beautifully argued.It made for a really great read but left me wanting regarding the original reason I purchased it.

Peerless
This is an absolute MUST BUY for everyone who likes to tinker with electronic devices - it's like porn for hardware hackers :)

Bunnie's description of how he and the XBox hacking community came to circumvent the XBox's security infrastructure is a wonderful tale in itself. The fact that Bunnie describes the methodical approach taken, with its several false-starts and failures to its eventual success is a great lesson for hackers everywhere - a systematic approach (plus a smidgen of luck and more than a little inspiration) is generally the only way to overcome significant odds.

But this book offers far more than just the story of how the XBox was hacked and the ... ahem ... wonders of the DMCA - it is an invaluable guide to anyone interested in creating their own devices. The sections on soldering techniques, board manufacturing, etc., equipment suggestions, etc., is a boon to anyone who has an urge to create something rather than just dream about it.

I have been hacking hardware ever since I was 7 and I took apart my record player trying to work out how they managed to fit all four of the Beatles into such a small space! I have obsessively dismantled practically every electronic device I've ever owned and built several electronic devices from scratch more than I can count. I have a degree in Computer Science & Microelectronics and have worked on teams building missile guidance and weapon aiming technologies. And yet, I've learned more practical skill (as opposed to theoretical knowledge) from this book than my entire 1st year at college.

So, if you're interested in tinkering with hardware or are interested in how others do it, do yourself a favor and order this book now. You won't be disappointed :)

Good Reading
Very good book if you are a beginner at computer/xbox mods.Need to have a little electrical knowledge to understand a lot of what is in the book.It is not a how-to book, but a book that will make you think and try stuff on your own.Lot of information on copyrights, DCMA and stuff like that.A great book to show how to get started, methods that can be used, and computer structure.If you are a computer wiz, then this book would seem basic, if not this would be a good book to read before you start hacking. ... Read more

Product Description

The latest wireless security solutions

Protect your wireless systems from crippling attacks using the detailed security information in this comprehensive volume. Thoroughly updated to cover today's established and emerging wireless technologies, Hacking Exposed Wireless, second edition reveals how attackers use readily available and custom tools to target, infiltrate, and hijack vulnerable systems. This book discusses the latest developments in Wi-Fi, Bluetooth, ZigBee, and DECT hacking, and explains how to perform penetration tests, reinforce WPA protection schemes, mitigate packet injection risk, and lock down Bluetooth and RF devices. Cutting-edge techniques for exploiting Wi-Fi clients, WPA2, cordless phones, Bluetooth pairing, and ZigBee encryption are also covered in this fully revised guide.

• Build and configure your Wi-Fi attack arsenal with the best hardware and software tools
• Explore common weaknesses in WPA2 networks through the eyes of an attacker
• Leverage post-compromise remote client attacks on Windows 7 and Mac OS X
• Master attack tools to exploit wireless systems, including Aircrack-ng, coWPAtty, Pyrit, IPPON, FreeRADIUS-WPE, and the all new KillerBee
• Evaluate your threat to software update impersonation attacks on public networks
• Assess your threat to eavesdropping attacks on Wi-Fi, Bluetooth, ZigBee, and DECT networks using commercial and custom tools
• Develop advanced skills leveraging Software Defined Radio and other flexible frameworks
• Apply comprehensive defenses to protect your wireless devices and infrastructure

Customer Reviews (1)

A sequel that greatly improves on its predecessor
I reviewed the first edition of Hacking Exposed: Wireless (HEW) in May 2007, and offered four stars.Three years later I can confidently say that Hacking Exposed: Wireless, 2nd Ed (HEW2) is a solid five star book.After reading my 2007 review, I believe the authors took my suggestions seriously, and those of other reviewers, and produced HEW2, the best book on wireless security available.If you want to understand wireless -- and not just 802.11, but also Bluetooth, ZigBee, and DECT -- HEW2 is the book for you.

Books in the Hacking Exposed (HE) series that implement the winning HE formula do the following: 1) explain a technology, including aspects you may have never heard of before; 2) explain how to break that technology; and 3) explain how to mitigate the attack, if possible.HEW2 uses this methodology and the result is a great HE book.HEW2 is also cross-platform, usually providing advice on using Windows, Linux, or Mac OS X.Furthermore, this advice is exceptionally practical and relevant.The authors not only describe what works, but also what doesn't work.I got the sense that I was speaking with a pro who was willing to share tips from the trenches, not theory copied from a Web site.

Other aspects of HEW2 make it a winner.The authors post three free chapters on their Web site as background that they didn't want to include in the main text.Their Web site also contains code and other background material from the book, like pcap files.Although I am not on the front lines of wireless hacking, I got the sense that these authors do live on that edge.They explained Software Defined Radio, hardware specifically for attacking wireless devices, hardware mods, and other custom approaches that extend beyond normal wireless techniques.I also liked their "end-to-end" examples for attacking Mac OS X and Windows, integrating client-side attacks with wireless activities.Their use of NetMon and Metasploit was solid.Finally, I loved that HEW2 doesn't start and end with 802.11; it also incorporates Bluetooth, ZigBee, and DECT.

I have no complaints for the authors of HEW2.My only suggestion would be to incorporate attacks on GSM and other mobile technologies into the third edition.

If you want to learn how to attack and defend wireless devices, HEW2 is the right book.Bravo. ... Read more

Product Description

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

• Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
• See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
• Understand how attackers defeat commonly used Web authentication technologies
• See how real-world session attacks leak sensitive data and how to fortify your applications
• Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
• Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
• Safety deploy XML, social networking, cloud computing, and Web 2.0 services
• Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
• Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Product Description

Ever thought of using the time-tested tactics and techniques of a ninja to understand the mind of today's ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company's assets. Get in before the hacker does by thinking outside of the box with these unorthodox techniques. Use all of the tools that the ninja has at his side such as disguise, espionage, stealth, and concealment. Learn how to benefit from these by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don't you want to be a ninja for a day just because they're cool? Let this book be your excuse!

Product Description

"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group

"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker

Customer Reviews (3)

Perfect!
In a few words, I loved this book. This book is written in a straightforward manner, right to the point, hands-on exercises and all. The weak points one might find is that it assumes a fair amount of knowledge in the areas of programming (C and python) as well as some networking. I don't think these are real flaws, since this book is directed as hacking (and cracking) in their purest form.
The flaw I would note is that despite having those unsaid requirements, the book tries to appeal to beginners by skipping ahead on the lines of: in the case you're not familiar with C, just copy this example and don't worry about it. For a programmer, this is a waste of time and something which raises suspicion about how serious the authors were. For a beginner, this doesn't help at all. I would rather have a line there saying: read a book on C and come back when you're ready.
But if you're willing to go ahead despite this, you're in for quite a treat.

Great Book!
This book is very informative and well worth the reading. Had each of my staff read it and they all got something different out of it.

A perfect reference for IT-security consultants

Contents
Second edition of books I like are always welcome - and this book is no exception. So I was very happy when I was provided a review copy from the publisher.

I really liked the first edition of this book and consider this follow up an essential book for IT-security consultants and other professionals.

The book is comprised of five parts which each give an overview of important subjects for professional IT-security consultants. Within these five parts are 21 chapters which are mostly around 20 pages, making it possible for busy professionals to digest a chapter while performing the usual projects and everyday work.

The five parts are:
I) introduction to ethical disclosure, including legal system in the US
II) penetration testing tools: metasploit and backtrack
III) exploits 101 with everything from basic programming skills to writing shellcode, but only on Linux and Microsoft Windows.
IV) Vulnerability analysis which is a strong part about static analysis, reverse engineering, fuzzing, writing real life exploits and references to the essential tools used for these purposes
V) Malware analysis is saved for last and includes the finishing touch to why IT-security professionals should care about all the rest of the book

The great thing about this book are that non-programmers are presented with enough materials to get started in finding and developing exploits. This was also the reason why it took so long to do this review. Each time I read a chapter I was itching to get started running the examples and trying the techniques.

Since this book tries to cover a lot of materials they have decided to include references. There are a lot of specific references to full-length articles covering each of the specialized techniques described in the examples. This really works out great, since I can skip the articles I already have read - but get some in-depth materials to complement the book.

As you can probably understand this way of building the book makes it very efficient and much to my liking, I can decide where to go next. The reader can also decide to skip a chapter and enough references to other chapters are provided that I will never get lost. The small price to pay are a few lines repeated in two chapters.

The writing style and the edge of the book is presented with authority and the authors have done a superb job of making this book consistent. The book is written by 4 authors, but except for a few places were they hint to the author of a chapter there are no clues to who wrote what part. The book is overall high quality and I have only discovered two small wording errors.

I have not discovered any problems in the materials presented and was in general amazed by the updates done. As an example they use Vista for some of the Microsoft Windows examples and in other parts they reference articles and techniques that are up to date. When second edition of a book is published the fear is always that only the new chapters are updated, but it seems the book was updated in all chapters.

Some bad things, which are not really that bad are. I would expect more script-languages but for some reason a lot of examples are using C programs for exploits. I personally use Perl for developing scripted exploits, and the book does use that - but in odd places they use C programs.

This is not really wrong, but it feels a bit old'ish. To be fair in some cases the C programs are needed and since the programs that are to be exploited are also C programs, it works out.

The worst thing I can say about the book is that the index is kind of weak. I know specific things are included in the book, but they are nowhere to be found in the index. That does make the book less useful. Others would also think that a book like this should include a CD/DVD - but since everyone can download the tools I would recommended not adding a CD/DVD for the third edition, but use more resources expanding and adding more chapters instead :-)


Target audience
This book is for anyone interested in getting into hacking and developing exploits. While the primary target audience are security professionals I would recommend that some parts are copied and put on the desk of your manager - they really need information about risk, ethical hacking and legal aspects.


Conclusion
As I started out I welcome second editions, and I had high expectations when receiving this book.

I am happy to report that I was satisfied with the results, and even though I got to go through stuff again I was delighted to relearn a lot which I had forgot. Having an updated concise book about exploits with a great number of references written in an easy to follow language is high value for me.

I would suggest that IT-security consulting companies include this book in the welcome package for any new employee who is doing consulting in IT-security - along with a BackTrack CD, laptop, mobile phone and the usual other stuff.

One word of warning, if you own ALL the more specialized books about exploits, shellcode, secure coding, reverse engineering, fuzzing etc. you may want to skip this book. On the other hand you might own all these books, but never found the time to read them cover to cover, then you should read this book :-)



Links:
The home page for this book is:
http://www.grayhathackingbook.com

A sample chapter about metasploit is also available on the book website.

... Read more

Product Description
As the cliché reminds us, information is power. In this age of computer systems and technology, an increasing majority of the world's information is stored electronically. It makes sense then that as an industry we rely on high-tech electronic protection systems to guard that information. As a professional hacker, I get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary. After hundreds of jobs, I discovered the secret to bypassing every conceivable high-tech security system. This book reveals those secrets, and as the title suggests, it has nothing to do with high technology. As it turns out, the secret isn't much of a secret at all. Hackers have known about these techniques for years. Presented in a light, accessible style, you'll get to ride shotgun with the authors on successful real-world break-ins as they share photos, videos and stories that prove how vulnerable the high-tech world is to no-tech attacks.

As you browse this book, you'll hear old familiar terms like "dumpster diving", "social engineering", and "shoulder surfing". Some of these terms have drifted into obscurity to the point of becoming industry folklore; the tactics of the pre-dawn information age. But make no mistake; these and other old-school tactics work with amazing effectiveness today. In fact, there's a very good chance that someone in your organization will fall victim to one or more of these attacks this year. Will they be ready?

. Dumpster Diving
Be a good sport and don't read the two "D" words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny).
. Tailgating
Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows.
. Shoulder Surfing
If you like having a screen on your laptop so you can see what you're working on, don't read this chapter.
. Physical Security
Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity?
. Social Engineering with Jack Wiles
Jack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal "war stories" from the trenches of Information Security and Physical Security.
. Google Hacking
A hacker doesn't even need his own computer to do the necessary research. If he can make it to a public library, Kinko's or Internet cafe, he can use Google to process all that data into something useful.
. P2P Hacking
Let's assume a guy has no budget, no commercial hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself.
. People Watching
Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter we'll take a look at a few examples of the types of things that draws a no-tech hacker's eye.
. Kiosks
What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash?
. Vehicle Surveillance
Most people don't realize that some of the most thrilling vehicular espionage happens when the cars aren't moving at all! ... Read more

Customer Reviews (13)

Good, but needs improvement.
This is a fine book, no doubt about it. And it offers some interesting and much-needed alternative perspectives on security.

The book could have had one or two additional stars, but it lacks a caring editorial hand.
The book is obviously written by several authors, and lacks structure between the individual chapters, consistency in presentation and language.

Overall, each chapters are interesting but in some chapters the authors seem more motivated to show off how smart they are and desire to share the outcry over the information they can get near.
The authors appear more fascinated by their own achievements, however minor they may be (Hey look, I've found out that my fellow passenger is a soldier! - Hey look, I found a bill and it says how much something has cost) than to disseminate security threats and their significance

This book has the potential to be a fantastic eye-opener - a new classic in safety. But it fails and delivers petty smugness, instead of new thinking and inspiration.

I am looking forward to revision 2 - I am sure it will be great.

No Tech Hacking an eye opener
a bit chilling as he shows what can be filmed/videod off a computer screen
by a " tourist" through the business window while standing out on the sidewalk waiting for a buss .

That old " where there is a will there is a way "

No Tech Hacking
Very useful book, teaches a lot about being aware of your environment at all times and paying attention to details
as Johny Long takes you on an exciting adventure of different methods that can seem trivial at first glance, but will result in a lot of information gathering for the pen-tester, highly recommended.

Great
Making you pay attention to the obvious.Things that you would normally gloss over, suddenly you start seeing once you read this book.

No Tech Skills
This is a great book for any security related field. It introduces you to the simple techniques of getting information in easy to accomplish ways with little complex technical skills. The original purpose written by the author of the book is to explain defensive techniques and methodology to the simple techniques that can be used to circumvent technology and people security to gain information from targets. ... Read more

Product Description
A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.
-Johnny Long

. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more. ... Read more

Customer Reviews (25)

New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference.
This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.

The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.

Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.

I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.

The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.

The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.

Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.

The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.

The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.

I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.

To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.

At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.

Superb Book, great writing style and plenty of useful examples
While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your organization.

The opposite side of Google as a search engine is that a lot of networks and organizations out there have no idea what kind information (classified and potentially dangerous) is presented out on the internet and how data leakage is accomplished that way. This leakage give a significant amounts of password files, confidential information, and configuration data and so on that can be easily found with ingenius queries.

After you read Google Hacking, volume 2, the real power and potential danger of Google is clearly understood. Author Johnny Long does a superb job by presenting insight information on how -not so fiendly - people out there but also penetration testers can use this knowledge and easily harvest information that has been gathered by the Google engine. He's wirting is great and keeps me interested the whole book and besides that he gives away plenty of interesting examples on how to built your own query.

So really worth buying!

Rob Faber , CISSP, CEH, MCTS, MCSE
Sr. Information Security Consultant
The Netherlands

Superior Text
In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. I am an internal corporate web application pen tester for a financial institution and will certainly use the techniques described in this text in our next vulnerability assessment. I do have one complaint however in that the corresponding website for the text [...] does not have the code from the book. Overall a great book and a fun read. Highly recommended.

google, hack, hacking
Very informative book, I've been using some of the knowledge I got in the book to improve my searches as well as to test the security of some of my company's web pages.

Great starting Point for New or Intermediate- Reference for advanced
You name it someone may have left it in the wrong place. This text is a good reference for everyone interested in information security and honing their research abilities to a razor's edge. As Obijan says "know your target- get inside of his mind." Experts might scoff, but a handy reference. I use it to nail airline miles, among other things...in all honesty I have found some wild things using the standard techniques- really you need a guide on unraveling people's stupidity or, if you are feeling rather viscious lay a trap and hook it with cheese that has unexpected side effects. Fun for the whole family! ... Read more

Product Description

"Provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties it all the complex pieces together with real-world case studies. ...Delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations." --Brian H. Karney, COO, AccessData Corporation

The latest strategies for investigating cyber-crime

Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with council, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases.

• Effectively uncover, capture, and prepare evidence for investigation
• Store and process collected data in a highly secure digital forensic lab
• Restore deleted documents, partitions, user activities, and file systems
• Analyze evidence gathered from Windows, Linux, and Macintosh systems
• Use the latest Web and client-based e-mail tools to extract relevant artifacts
• Overcome the hacker's anti-forensic, encryption, and obscurity techniques
• Unlock clues stored in cell phones, PDAs, and Windows Mobile devices
• Prepare legal documents that will hold up to judicial and defense scrutiny

Customer Reviews (2)

Great introductory text on Computer Forensics
I use this text as the required text for a course I teach on Computer Forensics. Overall, it is an excellent introductory text. Students say that it is easy to read, which is exactly what I want in a textbook. However, I do not use it exclusively for lecture material. I pull my lecture material from a variety of texts, such as Real Digital Forensics, Incident Response (2nd edition), File System Forensic Analysis, and the other Hacking Exposed Textbooks.

The second edition is a welcome improvement. I really like the new section (Part V) where it discusses the practical cases, and what type of forensic techniques that you would use for each type of case.

I create all of my own lectures and labs for the classroom. I assign this text to students to fill in the gaps of the lectures.

Good Overview
I found this to be a good overview for deciding if I want to pursue this field or not.It goes over enough detail & highlights the process to help determine if I want to take the next step and spend the $$$$'s on the forensic software. ... Read more

Product Description
This is an introductory textbook on probability and induction written by one of the world's foremost philosophers of science.The book has been designed to offer maximal accessibility to the widest range of students (not only those majoring in philosophy) and assumes no formal training in elementary symbolic logic.It offers a comprehensive course covering all basic definitions of induction and probability, and considers such topics as decision theory, Bayesianism, frequency ideas, and the philosophical problem of induction.The key features of the book are:* A lively and vigorous prose style* Lucid and systematic organization and presentation of the ideas* Many practical applications* A rich supply of exercises drawing on examples from such fields as psychology, ecology, economics, bioethics, engineering, and political science* Numerous brief historical accounts of how fundamental ideas of probability and induction developed.* A full bibliography of further readingAlthough designed primarily for courses in philosophy, the book could certainly be read and enjoyed by those in the social sciences (particularly psychology, economics, political science and sociology) or medical sciences such as epidemiology seeking a reader-friendly account of the basic ideas of probability and induction.Ian Hacking is University Professor, University of Toronto. He is Fellow of the Royal Society of Canada, Fellow of the British Academy, and Fellow of the American Academy of Arts and Sciences. he is author of many books including five previous books with Cambridge (The Logic of Statistical Inference, Why Does Language Matter to Philosophy?, The Emergence of Probability, Representing and Intervening, and The Taming of Chance). ... Read more

Customer Reviews (9)

recommended!
The author gives admirable attention to clarity for the topics discussed in this book. As an introductory text, it's not reasonable to expect completeness for the more complex topics addressed. I highly recommend this book to anyone looking for an introduction to probability and inductive logic.

Connecting The Dots
This book clearly explains ideas in logic and in statistics/probability courses I have taken, and includes several insights new to me. It contains several real world exercises and answers. For me it's hard to put down. Every minute spent going through it has been very much worth it.

Best text on logic and philosophy of probability
Maybe 1/3 of a college course in probability and statistics consists of a rapid trip, in math language, through basic conceptual ideas such as the interpretation of "probability", Bayes rule, significance tests and confidence intervals.This book, aimed at students of philosophy, treats this material and the associated math much more slowly and carefully -- relating probability to logic and philosophy, not just to math.For instance it has clear discussions of the principle of maximizing expected utility;the frequentist/Bayes philosophies and the coherence ideas emphasized by Bayesian apologists; the logic of significance tests and confidence intervals.Concepts are illustrated by creative selection of hypothetical story examples -- much more interesting than the usual math textbooks full of X's and Y's. The final 20 pages are a rather big jump toward technical philosophy -- arguing that both Bayesian and frequentist philosophies comprise "evasions" rather than "solutions" of "the problem of induction".

For a textbook, rather than bedtime reading, on this material it is hard to imagine a better treatment.My only criticism -- perhaps a criticism of analytic philosophy in general -- is that it seems more concerned with teaching the reader how to critique other people's arguments that with teaching them how to say anything constructive about the real world.

First Rate Introductory Text
This is a first rate introductory text prepared by a well known philosopher and expert on the logic and history of probability & statistics.The approach is disarmingly simple.Hacking avoids complicated math and proofs and teaches via the intuitive appeals to the underlying logic of these topics.Hacking begins with an intuitively based discussion of basic features of probability theory, expectation, Bayes rule, and decision analysis.This is followed by a particularly good exposition of the different senses of probability; belief-Bayesian and frequentist.Hacking shows how both approaches can be used fruitfully and rigorously in even mundane problems.These sections are followed by very nice chapters on the underlying logic of normal distributions, statistical hypothesis testing, and confidence intervals.This is the diametrical opposite of the cookbook approach used often in many statistics books and provides very nice understanding of key features of statistical methods.I never appreciated the strength of the confidence interval approach before reading this book.Hacking concludes with some concise but thoughtful chapters on the philosophical implications of these ideas, particularly as applied to the classic problem of induction.The quality of writing is excellent and the book features a large number of good examples and problems to work through.Strongly recommended to individuals who want to learn more about the basis of statistical methods.

Especially good on Bayesianism and Frequentism
(FOUR AND A HALF STARS)
This is more an intro to the PHILOSOPHY of probability and inductive logic than an intro to the MATHEMATICS of probability of inductive logic, although some of the basic mathematical ideas are covered (which is useful if you're gonna discuss the philosophy). Do not get this book if you're just looking for a typical mathematical intro to statistics.But DO get this book if you want to know about the foundations of Bayesianism or are interested in the Frequentists vs. Bayesian debate.It is the best intro out there on the Frequentists/Bayesians issue, and it is extremely helpful for someone who is trying to get a handle on Bayesian reasoning.Also, those who are more into the mathematical aspects of probability could find this book useful in giving them a wider perspective on the subject.On the whole, it's clearly written and fun to read, although it is not an "easy" book.A basic knowledge of probability theory and some initial grasp of induction are good to have before reading this.But overall, it's highly recommended for those who want to know about the conceptual underpinnings of probability/induction in general, and Bayesian and Frequentism specifically.
... Read more

Product Description

"A harrowing guide to where the bad guys hide, and how you can find them." --Dan Kaminsky, Director of Penetration Testing, IOActive

"An amazing resource. It is timely, focused, and what we need to better understand and defend against one of the greatest cyber threats we face." --From the Foreword by Lance Spitzner, President of the Honeynet Project

Don't let another machine become a zombie in the malware army

Defend against the ongoing wave of malware and rootkit assaults the failsafe Hacking Exposed way. Real-world case studies and examples reveal how today's hackers use readily available tools to infiltrate and hijack systems. Step-by-step countermeasures provide proven prevention techniques. Find out how to detect and eliminate malicious embedded code, block pop-ups and websites, prevent keylogging, and terminate rootkits. The latest intrusion detection, firewall, honeynet, antivirus, anti-rootkit, and anti-spyware technologies are covered in detail.

• Understand how malware infects, survives, and propagates across an enterprise
• Learn how hackers use archivers, encryptors, and packers to obfuscate code
• Implement effective intrusion detection and prevention procedures
• Defend against keylogging, redirect, click fraud, and identity theft threats
• Detect, kill, and remove virtual, user-mode, and kernel-mode rootkits
• Prevent malicious website, phishing, client-side, and embedded-code exploits
• Protect hosts using the latest antivirus, pop-up blocker, and firewall software
• Identify and terminate malicious processes using HIPS and NIPS

Customer Reviews (4)

A great read with good ideas!
This book is succinct, yet detailed.It addresses the real-time emerging threat of not only malware and rootkits, but the individuals behind the development and deployment of them.They do a very good job of discussing possible countermeasures in each chapter which focus on specific issues and offer the common sense solutions which and IT professional should have no problem implementing.A friend recommended this to me, and I am glad he did!

LAYMAN'S USE
I am a layman when it comes to computers but did find the infomation useful to even me. Anyone who's career or job is dependent upon daily computer use should read this, it could become as asset to your next step up and advancement! Good reading!
Richard M

The new breed of crackers...
While the first reviewer didn't like the emphasis on Rootkits as opposed to also including more info on Malware, there are already plenty of books concerning Malware in my opinion.
The delivery mechanism (Rootkits) seems to be less exposed and known about in the general public.

This book deals more with actually locating, and removing Rootkits (within reason) where as many of the recently published Rootkit guides deal more with implementation and structuring of Rootkits.
For the above average computer user as well as IT professional, I would highly recommend this book. It's not written in laymans terms but even someone who is an avid computer user could pick up many useful tips from this read. If you have any dreams of getting into the computer security field or if you do computer security on the side, this is an absolute must have for your library.
The newest generation of crackers and black hats are quickly moving to the Rootkit delivery system because of it's totally stealth characteristics and fast deployment system rendering todays AV and Anti-Malware programs virtually useless to protect the end user.

Personally I'd recommend everyone get or read this book since Rootkits ARE the wave of the future without a doubt.

Too much emphasis on rootkits
80% of the book was dedicated to rootkits.You would think that with a title of Malware & Rootkits, the delivery system for rootkits would get more emphasis.Two stars. ... Read more

Product Description

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

Customer Reviews (6)

Best book which gives you the feeling of how things are fragile
Read this book in a week. It's a book that gives you the full image of today's web application security. Even if it's 3 years old, it still covers very actual topics and could be very helpful also as a reference.
A Must Have thing.

Great service
The book was delivered to me well before the scheduled delivery date, in the condition they advertised.

Required reading. A standard reference
This book is a few years old, but by golly you'll get plenty of use out of it. I do security assessments for a living and the fundamentals in this book are the meat and potatoes of web security testing. Every time I get a young pup security consultant to train on web security, the first book I point them to is this book (No, you _can't_ have mine... go get your own). Ok, actually I point them to my own book first. But this is definitely the SECOND book I point them to, and it was a big inspiration behind my own.

Back when I bought this book, I thought I knew enough about cross-site scripting and SQL injection. It taught me a thing or two, though. They really hit web apps from all sides and all the major attacks you need to know.

Pros:

It's thorough and lasting. Until web developers finally figure out how to avoid these silly pitfalls, you'll get plenty of use out of it time and time again.

Cons:

If you're a developer, don't kid yourself that this book will teach you how to avoid these common mistakes. This book is written to security assessors, testers, and auditors. Developers need more pragmatic and context-specific guidance on what to do right. Knowing that your app is chock full of SQL injection doesn't mean that you know the right way to use parameterized queries in your language and your environment to protect against them.

Now, having said that, it is eye-opening for many developers to have their fundamental assumptions destroyed by seeing a standard exploit work against their own application. Nothing brings it home like the real thing. But that doesn't mean they know how to avoid making the same mistake again, having the mistake pointed out in gory detail.

I still go back to this book for reference
I bought this book about 4 years ago, and still find myself going back to it again and again for reference. To this day its the only technical book that I have read cover to cover. While I have not yet checked out the 2.0 book for web apps, I still feel you can't go wrong adding this book to your arsenal.

A very good book
this book is quite complete, very utile to learn all about security on web applications. ... Read more

Product Description

It's the ultimate challenge: breaking into the Ivy League.

The hack:

To get one deadbeat, fully unqualified slacker into the most prestigiousschool in the country.

The crew:

Eric Roth -- the good guy, the voice of reason.

Max Kim -- the player who made the bet in the first place.

Schwartz -- the kid genius already on the inside...of Harvard, that is.

Lexi -- the beauty-queen valedictorian who insists on getting in the game.

The plan:

Use only the most undetectable schemes and techno-brilliant skills. Don'tbreak the Hacker's Code. Don't get distracted. Don't get caught. Take downsomeone who deserves it.

The stakes:

A lot higher than they think.

They've got the players, the plot, and soon -- the prize.

It's go time. ... Read more

Customer Reviews (8)

A quick and enjoyable read.
[...]

When I first started reading Hacking Harvard, I thought, "Oh no! We have a dud." Well, thankfully I was wrong and it quickly picked up the pace. Of course, I've learned to give a book more than 20 pages before judging it.

Hacking Harvard was snarky, witty, and very fast paced. It was fun and I often found myself laughing. It was also very original though it kind of reminded me of a movie called The Perfect Score.

The characters were well developed and authentic, each having their own distinct personality that separated them from the rest. There is Eric, the level-headed and righteous one of the group. Then we have Max who is all about the money and extremely impulsive. Schwarz is the geek of all geeks. At 16 he is a freshman at Harvard and the more gullible one of the three friends. Last, but definitely not least, we have Lex, our narrator. She's sassy, smart, and will do whatever it takes to win. I felt that I could see a little bit of myself in each of the characters, which is something I really loved about this book.

I thought Robin Wasserman did a superb job writing the dialogue, especially for the guys. However the random changes from first person to third person narrative could get a little confusing. Well, for me anyway.

The ending was satisfactory and tied everything up well but it was very brief and I couldn't help but feel that the whole book was spent leading up to the result only to end too suddenly. Although, I must say Wasserman had some terrific last sentences to end the book with.

All in all, it was a quick and enjoyable read that made me laugh and smile. Will I re-read it? Yes, I definitely plan to. It was a great story and I recommend this book to anyone looking for something to cheer them up, give them a good laugh, or who just want something good to read.

Perfect Timing
I read this book last year when I was in the middle of my own college applications worrying about getting into the perfect school for me. I never considered myself as bad as the narrator when it came to being an overachiever, but I was or still am. I was the yearbook section editor/Key Club member/NHS/Beta/AP classes. It was a perfect escape and a quick read that I would recommend to get your mind off the college application season or something light to just have fun reading.

Hacking Harvard
I loved Hacking Harvard. The plot wasn't anything spectacular, but there were a few twists that I didn't expect. What really made the book come alive for me was the characters. You could picture every scene in your head so clearly.

Well worth the money and the time. Even though the outcome is pretty obvious, the journey to it will entrance.

Sacking Hacking
I was looking for something amusing about the whole overheated college admissions process. "Hacking Harvard" seemed a good choice. And, the first few pages, skimmed in the book store, seemed interesting. But the book slowly lurches downward. The characters, particularly the parents, are shallow. The point of view lurches about in a distracting and confusing manner - so much so that once or twice I had to page back to make sure I knew who was talking. The portraits of Harvard-associated adults - parents and admissions personnel alike are pointlessly exaggerated, cruel and unrealistic. Moral dilemmas are brought up and then tossed aside. And, finally, yes, the plot is unrealistic and based on the self-serving concept that a band of bright teens are much smarter than the entire Harvard admissions staff, and that said staff is completely unprepared for any hacking attempts. It's not unrealistic to imagine any one of the various stunts used working, but it is very unlikely to imagine so many of the succeeding. The plot also depends on nearly all the Harvard admissions staff being stuffy, boring, and easily hoodwinked by BS - and my knowledge of Harvard staff is very different.
Now, all the unrealistic aspects of this book could be overlooked if it was a well-written and amusing romp - I think of "The Mouse that Roared" as a absurd concept that couldn't work but does. But a certain nasty undertone, cardboard characters, and poor writing make it impossible for this reader to enjoy "Hacking Harvard".

confusing
I was very excited to read this book, but I had to reread the first chapter many times. And that was just the beginning of the confusion.It turned out to be an interesting book, but be prepared to work hard to get through it. ... Read more

Product Description
"This is an excellent book. It contains the 'in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely." --Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect. ... Read more

Customer Reviews (19)

Outstanding reference
This book is down right scary! The level of detail and information provided is tremendous. The style of writing is excellent and will keep you amuzed as well.
If you've been on the bubble about trying out Linux this book will convince you take the deep dive to better understand wireless activities.

Still trying to get back to it.
After reading the book I am planning on going back over it and trying to implement some of the info learned.

Great overall review of wireless tech.
I can't say that this can be your only reference, but using it with Linux, you will be able to do just about anything with free, open source software.Great book.I read it cover to cover.

The secrets of Wireless Hacking
An excellent resource both for the novice as well as for the advanced user of WLAN. If you work professionally with wireless LAN you should own this book.

Excellent book
I think everything that needed to be said has been said by Richard. This is an excellent book for those who want to get their hands dirty with Wireless Security. One of the areas in IT that will never die down, not anytime soon at least, is security. IT security is especially HOT right now, and a lot of companies are paying more attention to what they should have years ago. In my home city, Philadelphia, there is a project called Wireless for Philly that is supposed to bring wireless connection to everybody. Now, while people see that as just another development in this great city, I look at it as an opportunity for people who are smart enough to protect this kind of network. This book does the job. I am going to suggest that if you know you are not going to have time to dedicate to this book, don't pick this book up. You're better off! Because if you do pick this book up, it's going to be hard to put it down. ... Read more

Product Description
This one-of-a-kind book provides in-depth expert insight into how hackers infiltrate e-business, and how they can be stopped.Amazon.com Review
A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.

The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall

Topics covered:

• Security vulnerabilities of operating systems, applications, and network devices
• Administrative procedures that will help defeat them
• Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix
• Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls

Customer Reviews (88)

Covers lots of info, but specific knowledge required
PROS:It covers lots of, if not all information on either protecting your business from hackers, or if you ARE the hacker just trying to learn a few little tricks.

CONS:Requires a bit of previous knowledge of how network security works, for example, a lot computer jargon.

Must have for any Security Professional
This is one of those books that needs to be at every Security Professional's desk. It is a good reference to security attacks, exploits, and general security concepts.

Good to know!!!
Good to have to be knowlegeable on all kinds of hack tips and prevention.

Consist of good tools and teach you how to counteract malicious hackers on your system.Very informative on all things about hacking.quite complicated and critical but as long you areserious about it, you could possibly block other sneaking around your system.

Beware, Don't hack>>>>>

[..]

Great Network security book
This is one of the best books on the subject that I have ever read.I learned more from this book than I did in my Security+ and Network+ classes combined.I highly recommend this book.

Overrated
to many old hacks.not enough tools.to much talking......save your money.get from the library and save your money.Go to a SANS class or get the SANS books. ... Read more

Product Description
Become a cyber-hero - know the common wireless weaknesses

"Reading a book like this one is a worthy endeavor toward becoming an experienced wireless security professional."
--Devin Akin - CTO, The Certified Wireless Network Professional (CWNP) Program

Wireless networks are so convenient - not only for you, but also for those nefarious types who'd like to invade them. The only way to know if your system can be penetrated is to simulate an attack. This book shows you how, along with how to strengthen any weak spots you find in your network's armor.

Discover how to:

• Perform ethical hacks without compromising a system
• Combat denial of service and WEP attacks
• Understand how invaders think
• Recognize the effects of different hacks
• Protect against war drivers and rogue devices

Customer Reviews (9)

Worth reading but don't expect to be an expert
Most of the Dummies series books are appetite wetters at best and that's where they end.

They touch on the advanced things but don't explain enough for you to really fully realize the potential of anything. It's sort of like going into a suntan studio with a 3/4 raincoat on. You might get something out of being there but not enough for it to really be useful.

This book is no exception.

While it does touch on things such as ARP poisoning and Net Stumbler as well as some other useful starting points, it leaves a lot to be desired when it comes to expanding enough to make things worthwhile. It's a good introduction book but if you're planning on doing some real penetrations or penetration testing there are better books suited for this.

I would call this one a pre-reference reference book. At best.

Excellent all-around book on wireless hacking
I have many computer security books and this is at the top of the list for Wireless Hacking. It is very well written, with tons of links, loads of examples and very good references.

I would recommend this to any wireless user - from home users to security professionals.

Writing useless books for dummies
This is the real specialty the authors of this book have mastered...
I am astonished at how many positive reviews this horrible, stinky title has received ... how many friends do this guys have?In fact this has got to be one of the worst tech book I have ever read, a total waste of money and paper.
My advice is , avoid this book, and any other book form the same authors, like plague! You will learn NOTHING from them.
The authors go on and on babbling about how unsecure wireless networks are, and are nonetheless unable to clearly indicate you any technique to take advantage or to protect form this weakness. All you get (apart from the boring and repetitive author's ruminations) are a few screenshots of NetStumbler (hey man, I can see by myself what it looks like, teach me how to use it instead ..), one screenshot of Kismet running on a linux xterm and a list of some of its command options (come on do you think that a beginner would ever be able to figure out how to use a open source tool like Kismet all by himself?)
Ah we also get a little advertisement for a couple of non-free tools like AiroPeek ... like a beginner should spend money on that? And , wait, there is no tutorial or intro on those tools as well. Just the usual couple of screenshots to make the book look good if you flip through it at the bookstore.
Seriously, I know this is hard to believe, but this pathetic excuse for a book is just a series of boring trivialities
For example ... did you ever think about the fact that installing a non-authorized, non-encrypted access point in your office network might actually be a security risk? I am sure you didn't, butthanks to this beautiful book you know, as the author spends pages and pages rambling and babbling about this absurd topic!
Years ago the "For Dummies" series used to be the right choice if you needed a humorous, tutorial-like but solid intro to a 'foreign' technology, but now the title is not a joke anymore.
"Hacking Wireless Networks for Dummies".. true to its title!

Dummies unite!
Valuable in my work as a consultant, installing and troubleshooting WiFi networks. The "ethical hacker" is a valuable tool.

Comprehensive wireless security reference
I just installed my own home-based-business wireless network in May, and I have found this book to be incredibly useful in setting up security and also figuring out the odd interruptions and accessibility anomolies that tend to happen with wireless.I like to use this book to quickly find information about basically any security-related wireless topic.It is written clearly and explains what the various codes and messages mean.Of course the messages generated through a wireless system will look geek-like.However, the writing in the book is not geek-speek. This would make a good reference book for anyone in any size of organization to have if they use wireless.It is especially great for those with home wireless systems, as well as small- to medium-sized businesses that typically do not have staff solely dedicated for information security.If you rely upon yourself or others who are not technical to secure your wireless network, then you would definitely benefit from this book. ... Read more