February 26, 2013

Best-Selling Books on Security from RSA 2013

News Security

RSA is the major event in security. Basically it’s like the Big 8 International Conference or, better yet – the Olympics of security – except nobody is throwing spears and getting medals – people compete with their IQ’s – throwing ideas and arguments at each other and get… pretty much nothing out of it, but respect. Those guys are brilliant! They read a lot – that’s one of the reasons :) At RSA they do have a booth with the best literature by the experts and for the experts. We decided to see what is the most popular among attendees and provide you a list of the top 10 selling books in case you ever decide to get into the industry or simply increase your level of security awareness:


1. The Death of the Internet

Death of the Internet
Fraud poses a significant threat to the Internet. 1.5% of all online advertisements attempt to spread malware. This lowers the willingness to view or handle advertisements, which will severely affect the structure of the web and its viability. It may also destabilize online commerce. In addition, the Internet is increasingly becoming a weapon for political targets by malicious organizations and governments. This book will examine these and related topics, such as smart phone based web security. This book describes the basic threats to the Internet (loss of trust, loss of advertising revenue, loss of security) and how they are related. It also discusses the primary countermeasures and how to implement them.


2. Using Social Media for Global Security

Social Media
During the Arab Spring movements, the world witnessed the power of social media to dramatically shape events. Now this timely book shows government decision-makers, security analysts, and activists how to use the social world to improve security locally, nationally, and globally–and cost-effectively. Authored by two technology/behavior/security professionals, Using Social Media for Global Security offers pages of instruction and detail on cutting-edge social media technologies, analyzing social media data, and building crowdsourcing platforms.

The book teaches how to collect social media data and analyze it to map the social networks of terrorists and sex traffickers, and forecast attacks and famines. You will learn how to coalesce communities through social media to help catch murderers, coordinate disaster relief, and collect intelligence about drug smuggling from hard-to-reach areas. Also highlighting dramatic case studies drawn from the headlines, this crucial book is a must-read.

3. iOS Hacker’s Handbook 1 and 2

iOS hacker
iOS is Apple’s mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work, explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks, examines kernel debugging and exploitation.

Companion website includes source code and tools to facilitate your efforts. iOS Hacker’s Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

4. Hacking Exposed 7

Hacking Exposed
Bolster your system’s security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive “countermeasures cookbook.”

You’ll learn to: Obstruct APTs and web-based meta-exploits, defend against UNIX-based root access and buffer overflow hacks, block SQL injection, spear phishing, and embedded-code attacks, detect and terminate rootkits, Trojans, bots, worms, and malware, lock down remote access using smartcards and hardware tokens, Protect 802.11 WLANs with multilayered encryption and gateways, plug holes in VoIP, social networking, cloud, and Web 2.0 services, learn about the latest iPhone and Android attacks and how to protect yourself.

5. Ghost in the Wires

Ghost in the Wires
Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

6. Hacking and Securing iOS Apps

Hacking and Securing iOS App
If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

Examine subtle vulnerabilities in real-world applications—avoid the same problems in your apps
Learn how attackers infect apps with malware through code injection
Discover how attackers defeat iOS keychain and data-protection encryption
Use a debugger and custom code injection to manipulate the runtime Objective-C environment
Prevent attackers from hijacking SSL sessions and stealing traffic
Securely delete files and design your apps to prevent forensic data leakage
Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

7. Cryptography Classics Library

Classics Library
– Cryptography is the study of message secrecy and is used in fields such as computer science, computer and network security, and even in instances of everyday life, such as ATM cards, computer passwords, and electronic commerce. Thanks to his innovative and ingenious books on the subject of cryptography, Bruce Schneier has become the world’s most famous security expert. Now, his trio of revolutionary titles can be found in this unprecedented, value-priced collection.
– Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition: This seminal encyclopedic reference provides readers with a comprehensive survey of modern cryptography. It describes dozens of cryptography algorithms, offers practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems.
– Secrets and Lies: Digital Security in a Networked World: This narrative, straight-talking bestseller explains how to achieve security throughout computer networks. Schneier examines exactly what cryptography can and cannot do for the technical and business community.
– Practical Cryptography: As the ideal guide for an engineer, systems engineer or technology professional who wants to learn how to actually incorporate cryptography into a product, this book bridges the gap between textbook cryptography and cryptography in the real world.

8. Exploding the Phone

Exploding the Phone
Before smartphones, back even before the Internet and personal computer, a misfit group of technophiles, blind teenagers, hippies, and outlaws figured out how to hack the world’s largest machine: the telephone system. Starting with Alexander Graham Bell’s revolutionary “harmonic telegraph,” by the middle of the twentieth century the phone system had grown into something extraordinary, a web of cutting-edge switching machines and human operators that linked together millions of people like never before. But the network had a billion-dollar flaw, and once people discovered it, things would never be the same.

Exploding the Phone tells this story in full for the first time. It traces the birth of long-distance communication and the telephone, the rise of AT&T’s monopoly, the creation of the sophisticated machines that made it all work, and the discovery of Ma Bell’s Achilles’ heel. Phil Lapsley expertly weaves together the clandestine underground of “phone phreaks” who turned the network into their electronic playground, the mobsters who exploited its flaws to avoid the feds, the explosion of telephone hacking in the counterculture, and the war between the phreaks, the phone company, and the FBI.

9. 21 Century Chinese Cyberwarware

21st Century Chinese Cyberwarfare draws from a combination of business, cultural, historical, linguistic and the author s personal experience to attempt to explain China to the uninitiated. The objective of the book is to raise awareness of the fact that the People s Republic of China is using a combination of their unique culture, language, and political will, known as Chinese Communism, to maintain their cultural heritage. This book is the first to gather the salient information regarding the use of cyber warfare doctrine by the People s Republic of China to promote its own hegemonistic, national self-interests and enforce its political, military and economic will on other nation states. The threat of Chinese Cyberwarfare can no longer be ignored. It is a clear and present danger to the experienced and innocent alike and will be economically, societally and culturally changing and damaging for the nations that are targeted.

10. Think Like a Programmer (Creative Problem Solving)

Think Like A Programmer
The real challenge of programming isn’t learning a language’s syntax—it’s learning to creatively solve problems so you can build something great. In this one-of-a-kind text, author V. Anton Spraul breaks down the ways that programmers solve problems and teaches you what other introductory books often ignore: how to Think Like a Programmer. Each chapter tackles a single programming concept, like classes, pointers, and recursion, and open-ended exercises throughout challenge you to apply your knowledge.