I just finished it today. It's fantastic, I highly recommend it.
The whole thing is based on research/security holes that don't come from flaws in programming, but rather from problems in specifications, or ambiguities in specifications.
Much of it involves how to fingerprint OS's and browsers without being obvious.
There's a chapter on "parasitic computing", which involves using other computers on the Internet for computation without actually exploiting them, but by taking advantage of some sneaky parts of implementations (like using a specially contructed IP checksum to get a server to make computations for you). That chapter also talks about parasitic storage, how to store data somewhere besides your computer. There is an estimated (according to numbers from 2003) 2500TB of possible online storage space on SMTP servers alone, if you had the bandwidth to use it.
Anyways, I have to say once again, this is a VERY good read. Very different from normal security books.