Archive for the ‘ Bookz ’ Category

Информациско безбедносна проценка на веб апликации (изучување на случај)


Upcoming security books proposals

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker’s Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

* Develop and launch exploits using BackTrack and Metasploit
* Employ physical, social engineering, and insider attack techniques
* Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
* Understand and prevent malicious content in Adobe, Office, and multimedia files
* Detect and block client-side, Web server, VoIP, and SCADA attacks
* Reverse engineer, fuzz, and decompile Windows and Linux software
* Develop SQL injection, cross-site scripting, and forgery exploits
* Trap malware and rootkits using honeypots and SandBoxes

Authors: Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams

Zero Day: A Novel

Microsoft computer guru Russinovich’s first novel, a cautionary tale about the imminence of the great cyber attack to wipe out the Internet, works pretty well as a thriller, though it takes a while to boot up and for the bodies to begin to fall. Arab terrorists, with the collusion of Osama bin Laden, are behind the attack, which is supposed to destroy Western civilization. A New York City law firm enlists cyber expert Jeff Aiken to track down a virus that has knocked out the company’s computer network. While working on this problem, Jeff uncovers the larger threat. With the help of “stunningly attractive” Daryl Haugen, an old friend who becomes his love interest, Jeff attempts to warn the authorities, but to little avail. The author effectively employs the usual genre types—government traitors, amoral hackers, professional assassins—but his main characters spend too much time at the keyboard to build up much heat. Bill Gates provides a blurb. (Mar.)
(c) Copyright PWxyz, LLC. All rights reserved.

Authors: Mark Russinovich (Author), Howard Schmidt (Foreword)

Security Reports 2010/2011 [Secunia/Sophos]

We will remember 2010 as a year in which our interaction with technology—and with each other—evolved because of the widespread adoption of social media and the use of innovative mobile computing devices.
We are dependent on smart devices—just ask anyone who has lost their iPhone or BlackBerry. And whether you’re using a mobile device or a laptop or desktop computer, you’re likely to use social networks more than ever. This new technology changes the way we communicate with our friends, colleagues and customers. This not only revolutionizes the way we live our lives, but also blurs the lines that define the way we run our businesses and use and share information.
Today, users are the content. Driving the growth, and at the same time being driven by it, the explosion in mobile computing is expanding the impact of the social web. And, the way that content is shared and accessed is now the core of a new global culture, affecting and combining the spheres of personal and business life.


This report presents global vulnerability data from the last five years and identifies trends found in 2010. The total number of vulnerabilities disclosed in 2010 shows a slight decrease of 3% compared to 2009. A significant trend, however, is revealed when looking at a representative portfolio of software typically found on end-point PCs. Vulnerabilities affecting this portfolio have increased in three years, or by 71% in the last 12 months alone. This trend is primarily the result of vulnerabilities in third-party (non-Microsoft) programs, which in turn are also much harder to patch as a result of a lack of a unifying patch mechanism. By neglecting the risk of ubiquitous third-party programs, users risk being compromised by cybercriminals every day, despite the deployment of other security measures


Security Threat Report: 2010 [Sophos]

The first decade of the 21st century saw a dramatic change in the nature of cybercrime. Once the province of teenage boys spreading graffiti for kicks and notoriety, hackers today are organized, financially motivated gangs. In the past, virus writers displayed offensive images and bragged about the malware they had written; now hackers target companies to steal intellectual property, build complex networks of compromised PCs and rob individuals of their identities.
2009 saw Facebook, Twitter and other social networking sites solidify their position at the heart of many users’ daily internet activities, and saw these websites become a primary target for hackers. Because of this, social networks have become one of the most significant vectors for data loss and identity theft.
New computing platforms also emerged last year, and shortly thereafter fell victim to cybercriminal activities. What was lost was once again found in 2009, as old hacking techniques re-emerged as means to penetrate data protection.

By understanding the problems that have arisen in the past, perhaps internet users can craft themselves a better, safer future.

Read full report: SophosSecReport2010.pdf

Тројански Коњи – Проклетство на дигиталниот свет [e-book]

Тројански коњи

Во недостаток на литература од областа на информационата безбедност во Македонија, авторот на ова дело, Стефан Јовановски, успева на еден поинаков начин да го истакне значењето на безбедноста во ИТ секторот, како кај обичните корисници така и кај оние што професионално се бават со информатичката технологија.

Тој во оваа книга нé води од самите почетоци на “Тројанскиот Коњ”, како и концептот на користење на овој вид на малициозни кодови и заштита од истите. Ботови, вируси, црви, сврзувачи, HEX едитори, заобиколување на антивирусните софтвери и т.н. се дел од оваа книга кои авторот преку примери ни илустрира подетално како овие злонамерни, а од друга страна и корисни програми секојдневно се применуваат во нашите кибер животи.

Се надевам дека оваа книга ќе поттикне и други ИТ ентузијасти да размислуваат за важноста на овој сегмент од информационата технологија.

Читајте тука: TrojanskiKonji.pdf [8.28 MB]