Author Topic: Book: Silence on the Wire (Read 3375 times)

iago · « **on:** July 13, 2005, 02:20:08 pm »

I bought "Silence on the Wire: a Field Guide to Passive Reconnaissance and Indirect Attacks" yesterday on impulse, and so far I've read the first two chapters. I have one thing to say: it's amazing! I bought it because it was written by the guy who wrote p0f (which I love), and I'm glad I did.

It's a book that takes a different approach to security and attacks. Rather than the conventional attacks like buffer overflows, he explains more subtle things like timing and random number prediction as threats that aren't commonly seen.

The first chapter explains how you can guess somebody's keystrokes based on the entropy used for /dev/random.

The second chapter explains how you can find somebody's private key by sending them information to decrypt and measuring response time, based on CPU architecture and optimizations. For example, if part of the algorithm multiplies, and the key involves a "0", it'll run faster. Lots of little tricks like that.

So far, I'm very impressed. Highly recommended!!

rabbit · « **Reply #1 on:** July 13, 2005, 03:27:34 pm »

Scan->PDF->Link?

iago · « **Reply #2 on:** July 13, 2005, 04:49:19 pm »

USD$35?

I'm not scanning 250 pages.

rabbit · « **Reply #3 on:** July 13, 2005, 06:18:25 pm »

My history teacher scanned more than that. Come on iago!

iago · « **Reply #4 on:** July 13, 2005, 07:33:34 pm »

Plus, he's a hard working young guy who's trying to make a few bucks. Help him out!

rabbit · « **Reply #5 on:** July 14, 2005, 04:06:21 pm »

I don't have that kind of money :\

Tuberload · « **Reply #6 on:** July 14, 2005, 11:14:45 pm »

Quote from: R.a.B.B.i.T on July 14, 2005, 04:06:21 pm

I don't have that kind of money :\

Put in some effort and I am sure you can come up with $35...

RoMi · « **Reply #7 on:** July 15, 2005, 08:15:42 am »

Don't you have a job R.a.B.B.i.T?

rabbit · « **Reply #8 on:** July 15, 2005, 11:04:46 pm »

Nope!

iago · « **Reply #9 on:** July 19, 2005, 11:28:57 pm »

I just finished it today. It's fantastic, I highly recommend it.

The whole thing is based on research/security holes that don't come from flaws in programming, but rather from problems in specifications, or ambiguities in specifications.

Much of it involves how to fingerprint OS's and browsers without being obvious.

There's a chapter on "parasitic computing", which involves using other computers on the Internet for computation without actually exploiting them, but by taking advantage of some sneaky parts of implementations (like using a specially contructed IP checksum to get a server to make computations for you). That chapter also talks about parasitic storage, how to store data somewhere besides your computer. There is an estimated (according to numbers from 2003) 2500TB of possible online storage space on SMTP servers alone, if you had the bandwidth to use it.

Anyways, I have to say once again, this is a VERY good read. Very different from normal security books.

Clan x86

News:

Author Topic: Book: Silence on the Wire (Read 3375 times)

iago

Book: Silence on the Wire

rabbit

Re: Book: Silence on the Wire

iago

Re: Book: Silence on the Wire

rabbit

Re: Book: Silence on the Wire

iago

Re: Book: Silence on the Wire

rabbit

Re: Book: Silence on the Wire

Tuberload

Re: Book: Silence on the Wire

RoMi

Re: Book: Silence on the Wire

rabbit

Re: Book: Silence on the Wire

iago

Re: Book: Silence on the Wire