Sponsored links

Valid XHTML 1.0!
Valid CSS!
Product: Book - Paperback
Title: Malicious Cryptography: Exposing Cryptovirology
Publisher: Wiley
Authors: Adam Young, Moti Yung
Rating: 5/5
Customer opinion - 5 stars out of 5
Heaven's dark side

This book presents an initial, interesting idea - could a computer virus be written that attacks a computer by encrypting the user's data? This could be a tool for extortion or a unique Denial of Service attack. Now this is not a new idea (eg: the KOH virus) but there is a new twist - the data is encoded with an asymmetric cipher, thus rendering it unrecoverable except to the virus writer. The authors state that such a virus has indeed been trialled in a proof-of-concept form, on a Macintosh SE30 (a nice machine to develop on, from memory) in System 6, so there's no "whoops, where's it gone?" problem. There is some detailed high level discussion of techniques and pitfalls. The authors then go on to describe how contemporary cryptographic technology may be adapted to the theft of information such as secure data and passwords. This is all done at the level of mathematical relationships - there is no viral code.

Two new words are added to the language - cryptovirology (the study of computer viruses with a cryptographic payload, usually malicious) and kleptography (the application of cryptography to data theft).

Here are a few chapter or section headings to give a taste of the themes running through this work: Through Hackers's Eyes; Cryptovirology; Deniable Password Snatching; Using Viruses to Steal Information; Computationally Secure Information Stealing; The Nature of Trojan Horses; Subliminal Channels.

The book starts with an accessible piece of fiction, but quickly progresses to the opaque style common to much academic writing in this field. The reader is well advised to brush up on matrix algebra, Jacobians and Abelian and non-Abelian groups and to have a working knowledge of computer viruses (however obtained). There are appendices intended to provide brief tutorials on computer viruses and public key cryptography. But both these very different specialised fields require far more study than any précis can provide.

While the writing is often hard going there is an enjoyable first chapter describing three incidents in the life of a virus writer (a student at a US university) as he writes and releases a virus. It provides a vicarious experience of the motivation for such activity - the mental challenge, the adrenalin rush and the exercise of secret power.

The writing, as referred to above, is uneven and there seems to be some confusion as to who the audience is for this work. Some seems to have come from one of the authors' doctoral thesis - you have been warned! It's an academic work, so academic cryptographers would be the principal readers. But since it's offered for sale to the public, one wonders who else would read it? We can rule out some groups. If you refer to yourself as "133t", then you can count yourself out, as can those wannabees who capture virus code, do a partial rewrite, add their handle, then release their "new" version. There is no rip-off virus code here. Even whoever wrote Nimda or Code Red or NetSky will find this heavy going, competent thought they are in the mysteries of mobile code and system calls. Certainly anti-virus software coders will find this of little use. If I can let my imagination run free, perhaps also the legendary Hidden Masters of cyberspace, those hackers beyond "elite" in their esoteric knowledge, who work alone, do not meet other hackers except deep behind some firewall and who are never suspected, let alone arrested, perhaps they will be inspired to even greater feats of data theft. But then we'd never know, would we?

Product: Book - Paperback
Title: C Programming Language (2nd Edition)
Publisher: Prentice Hall PTR
Authors: Brian W. Kernighan, Dennis Ritchie, Dennis M. Ritchie
Rating: 4/5
Customer opinion - 4 stars out of 5
A great Bible. Not a great tutorial.

I got this book and tried to use it to learn C. I got very frustrated and eventually went out and bought "C by Example" which is more of a beginners type book. After getting my feet wet with the basic concepts I came back to this book and could actually use it to learn from.
If you have no programming experience than I do not reccommend this as your first book. Get a more introductory book first and then dive into the K&R book.

Product: Book - Paperback
Title: Waltzing With Bears: Managing Risk on Software Projects
Publisher: Dorset House Publishing Company, Incorporated
Authors: Tom Demarco, Timothy Lister
Rating: 4/5
Customer opinion - 4 stars out of 5
Useful for managers of medium to large groups of people

There are a ton of wonderful anecdotes and motivational examples for doing risk management. Also, he takes a very pragmatic approach towards what's actually possible in different corporate climates. Rather than only telling you what right thing to do is, he helps you decide what the appropriate thing is.
The explanation of the relationship between risk and benefit analysis was both insightful and seemed like it would be useful. It provides a pragmatic framework for a lot of what are considered 'good engineering practices', such as incremental deliverables that can be measured and verified in meaningful ways.
The only downside is that it's very difficult to understand how to take advantage of some of the frameworks he provides without being in a management position already. Individual contributors won't get a lot out of this.

Product: Book - Paperback
Title: Database Systems: A Practical Approach to Design, Implementation, and Management, Third Edition
Publisher: Addison Wesley Publishing Company
Authors: Thomas Connolly, Carolyn Begg
Rating: 1/5
Customer opinion - 1 stars out of 5
The worst approach to database design I've ever seen

It's a good thing these folks are book writers and academics and do not design databases for a living. The writers pretend that such realities as deadlines and budget do not exist. The text is filled with Entity Relationship diagrams that must add 200% to the cost of their designs. The book is very difficult to read and if you're already designing databases, this methodology will drive you up the wall. Teachers, Please do not inflict this book on any more students.