Archive

Posts Tagged ‘hacking’

The Hardware Hacker (Book Review)

The Hardware HackerThe Hardware Hacker
Adventures in Making & Breaking Hardware
Andrew “bunnie” Huang
$29.95 List. $18.43 Amazon (Prime)

I was excited to hear about this book and receive a copy of it but my feathers fell when I saw a quote by Edward Snowden on the dust jacket. The publisher also place Edward Snowden’s review at the top of the others in the pre-release reviewer’s list. This is not a book about Edward Snowden nor was he a hardware hacker, so I’m not sure what his “endorsement” does for the book except diminish its overall value to me. In fact, even if this book were a 10/10, which it isn’t, this inclusion decreases that review by at least two points right off the top. I was very disappointed to see any mention of Snowden in this book.

The Hardware Hacker is basically a reprint of Andrew Huang’s blog. Most of the information in the book is long outdated and is basically a memoir of stuff he’s done. If you’re looking for this book to actually teach you something, save your money. It’s basically one man’s adventure into various aspects of “hacking” and building things.

At the end of the book, there’s a lot of info about DNA, which totally doesn’t fit with the rest of the book. As one Amazon.com reviewer put it, it’s navel-gazing.

I’m sure there’s an audience for this book and it’s decently written, but it’s not a reference book by any stretch. If I had to categorize it, I’d call it technology historical nonfiction.

<rant>Edward Snowden is a fake hacker and a non-security professional. He’s not an authority on anything, especially security. His resume and history are sketchy at best and his claim to “fame” is that he stole documents and revealed them to a journalist, who of course, ran with them. He’s not to be trusted or held up as a hero. He’s a total zero who deserves prison time for treason. He should never be quoted, unless it’s ironically, for any book.</rant>

I guess if you’re interested in “how one guy did it”, then this is a good book. Otherwise, save your money and wait until it’s on the penny list or bargain bin at used book stores. I’m not actually sure why No Starch wanted to publish this book and I’m hoping that they didn’t invest a lot of money in its production. It seems more like something that should have been self-published and sold on Huang’s blog site as an ebook for his followers.

Originally, I was going to create a video review of this book but I just don’t see enough value in it to go to that much trouble. I am not really sure who the audience for this book is supposed to be. If you know who Andrew Huang is, then you’ve already seen this material, except perhaps for the weird DNA-related material. And if you’re like me and never heard of Andrew Huang, then this book is not likely to make you a fan.

I’ve seen some laudatory reviews on Amazon and other sites but I don’t think they’re to be believed. Honest ones like the three-star Amazon review I referred to earlier is more realistic.

I don’t mean any offense to No Starch Press because they have many great books available and generally speaking, I highly recommend them. I also don’t mean any offense to Andrew Huang, who I’m sure is a perfectly nice guy. I’m not sure who’s responsible for the inclusion of the Edward Snowden review and quote on the dust jacket, but that was a poor decision.

Rating: 5/10

Recommendation: If you like historical nonfiction and want to read about how someone else did it, read Huang’s blog and save your money.

No Starch Press Teams Up with Humble Bundle to Present the Humble Book Bundle: Hacking

2016/04/27 1 comment

No Starch PressSan Francisco, CA (April 27, 2016)—No Starch Press, arguably the most widely respected publisher of books for hackers, teams up with Humble Bundle to offer a pay-what-you-want collection of ebooks called the Humble Book Bundle: Hacking. The bundle includes a selection of the company’s finest—such as worldwide best seller Hacking: The Art of Exploitation; classics like Hacking the Xbox; and more recent best sellers like Automate the Boring Stuff with Python, Black Hat Python, and Practical Malware Analysis. This bundle is a true bargain—valued at over US $350—and with Humble Bundle’s pay-what-you-want model, customers can pay whatever price they think is fair.

“Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope,” says Bill Pollock, founder of No Starch Press. “True hackers never stop learning, never stop pushing boundaries. Our core mission is to produce the books that hackers really want and need, and we’re not pulling any punches here. We’ve included several of our best sellers to make this bundle right for just about anyone.”

Hacking Bundle 1Readers can pay any amount to receive:

Hacking Bundle 2Readers who pay more than the average also get:

Hacking Bundle 3And readers who pay more than $15 will get all of the above, plus:

The hacking bundle benefits the Electronic Frontier Foundation (EFF), an organization dedicated to defending civil liberties online. EFF defends free speech, fights illegal surveillance, advocates for users and innovators, and supports freedom-enhancing technologies.

As with all Humble Bundle promotions, customers choose how much of their money goes to the publisher, Humble Bundle, and the benefiting nonprofit. The Humble Book Bundle: Hackingruns for two weeks and ends May 11.

Got Security?

2015/04/01 Comments off

SecuritySecurity is a topic that’s on everyone’s minds these days. And there’s a good reasons for it: Security is important. Now, that might sound like a tremendous understatement, but it’s the truth. In fact, the truth is that security is the top concern for most of the world’s businesses. It should be. Every day you read about another significant breach of a major retail chain, of a bank, or even of a government site. Prominent companies are under constant attack from so-called “black hat” or criminal hackers whose sole purpose is to compromise data, steal valuable data, and to expose vulnerabilities in your security.

If you think that you’re safe, for whatever reason that you’ve told yourself, you aren’t. If you’ve ever had a fraud alert from a credit card company or your bank, then you realize how vulnerable you really are.

Unfortunately, as a customer of a restaurant, of a clothing store, of an online vendor, or of your corner market, you’re vulnerable to credit card and, ultimately, identity theft. While the point of this post is to inform you, rather than to scare you, please note that the threats are real and that you should take more care and practice vigilance in the use of your identity, including your credit cards, debit cards, and online accounts.

If you own a business, you owe it to yourself and to your customers to make every effort to prevent breaches of your company information, your personal information, and your customer’s information. It’s not easy to do by yourself. There’s all kinds of advice, good and bad, on the Internet about how to protect yourself, how to recover from identity theft, and how to go on the security offensive for you, your business, and your family.

Bad information is worse than no information at all. You can put yourself at greater risk by listening to alleged experts than you can by playing it smart and hiring a security consultant who can find out exactly what the bad guys can find out about you and your business.

It works something like this: If you want to find out how vulnerable your house is to break-ins, who would you hire–a clean-shaven, upstanding, taxpaying citizen who’s never been arrested for breaking and entering or would you be smarter to hire a reformed bad guy to tell you how it’s really done? If you’re smart, you’ll hire the person with a criminal background who’s gone straight to figure out where you’re vulnerabilities are.

On the same hand, if you want to test your company’s or your personal security, you should hire someone who’s hacked for a living–in the criminal sense.

That’s the service I’m offering you. I have a select group of former black hat hackers as my associates who’ll put your security through its paces. Further, we’ll help you mitigate the flaws we find* and tell you how to fix the problems.

Here is a partial listing of our services:

  • Identity fraud checking/fixing
  • Employee Social Engineering checking/fixing
  • Website Penetration/Vulnerability analysis
  • Company penetration/information grabbing
  • Training and prevention

If you’re not 100 percent sure of how vulnerable you might be, here are some examples:

About four years ago, I bought a cake from a local bakery and used my debit card for the purchase. One of the workers there used my card to buy pizza and some other things that he’d had delivered to his girlfriend’s house. Once I found the fraudulent charges, I tracked him down, via his girlfriend and confronted him. I won’t go into detail, but I did make an impression. The bank investigated and made good on the losses to my account.
That scenario is common, except for the part where you get to confront the perpetrator. Typically, the guilty party is so far away that you’ll never find him. Bad for you, but great for him.

My wife paid my son’s technical school tuition with a credit card only to find later that we’d been charged an additional $1,800 for services that we’d never heard of, much less purchased. We contacted the vendor and explained the situation and they promptly removed the charges.

I receive calls from unknown numbers on a weekly basis, trying to have me answer so that my phone can be charged bogus fees or to verify my number for fraudulent charges. I Google the numbers to verify their legitimacy. So far, all of them have been sources of fraud.

Yes, these things actually happened to me/us. These are only three examples and we’re only one family in 750 million that’s had our accounts or cards compromised. Think about the repercussions of poor security on you, your family, and your business. Your integrity and reputation, not to mention your credit score, are at risk. It’s made us all a lot smarter about how we transact business these days.

So that you realize that we’re trying to help you, I’m going to offer you a free list of 10 things you can do to make yourself more secure today.

  • Google yourself – Contact all of the “public information” carriers/resellers and have them remove your information from their databases.
  • Do Not Call lists – Go to https://www.donotcall.gov/ and register to have your phone numbers removed.
  • Mall survey cards – Never fill out one of those mall survey cards or enter any contest at a mall or other retail establishment.
  • Unrecognized phone numbers – Never answer calls to your cell phone when you don’t recognize the phone number.
  • Use cash – Carry cash with you and avoid using credit/debit cards as much as possible.
  • Email attachments – Don’t open email attachments that don’t make sense and don’t respond to those emails.
  • Nigerian Princes – Never respond to any email from a Nigerian Prince who wants you to deposit money in a bank account for him.
  • Ignore “You’re a Winner!” emails – If you didn’t enter it, you didn’t win it.
  • Passwords/SSNs – Never give your passwords or Social Security Numbers to anyone over the phone.
  • Account-oriented emails – No online service will ever request your password or a login via email.

If you’d like to discuss your security or your security concerns, you may contact me via email at ken@kenhess.com. I’ll be glad to setup a time to call you and discuss your concerns and how we can help you get a handle on your personal or business security. Don’t be a victim. Don’t be a statistic. Learn to fight back by finding out what the bad guys know about you and how to fix it.

*Ask about our 50 percent rebate plan.

KnowBe4 Issues Alert: Social Engineering Threats Soaring

2014/12/03 Comments off

KnowBe4Tampa Bay, FL (Dec 3, 2014) KnowBe4 issued an alert today warning of a recent spate of high profile social engineering attempts targeted at prominent businesses. One such attack includes high profile financial advisors, officers and deal makers, thought to be an attempt to gain a Wall Street edge. The FBI also alerted private sector companies that targeting of their networks is a significant threat as reported by Reuters lateMonday. Not to be left out, small business and consumers are being targeted with fake IRS agents looking for a little extra dough for the holidays along with an uptick in phishing emails posing as  Costco, Home Depot and a variety of shipping sources.

Stu Sjouwerman, KnowBe4 CEO said, “Hackers will use as many avenues to break in as they can dream up, but social engineering is one of the favored. We are hitting the season when online shipping is at a peak and employees become much more complacent. It is important to keep users alert and aware of how much a target they are, especially during scam season.” Furthermore, Sjouwerman warns, “I cannot think of a more urgent reason to step all employees through effective security awareness training to keep them on their toes with security top of mind.”

Similar to a magazine’s editorial calendar, hackers have a “scam calendar” that focuses on events and opportunities to take maximum advantage of unsuspecting users or lax employees. These malware campaigns don’t discriminate between home or office and use social engineering to trick users. Millions of such phishing emails are sent each day and just one user in a hurry clicking on something might take down a system or a company.

Sjouwerman offers this advice:

1) Be on the lookout for “Shipping Problem” emails from from FedEx, UPS or the US Mail, where the email claims they tried to deliver a package from (for instance Apple Computer) but could not deliver due to an incomplete address. “Please click on the link to correct the address and you will get your package.” If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.

2) Watch out for alerts via a TEXT to your smartphone that “confirm delivery” from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!

3) Reiterating a warning KnowBe4 sent out a few weeks ago, there is a fake refund scam going on that could come from a big retailer. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device may be infected with ransomware.”

If not a customer, KnowBe4 will allow IT managers to create a free account and send a simulated phishing test to 100 users to see what the Phish-prone percentage of your organization is.

For more information visit: www.KnowBe4.com

Additional links:
Reuters story: http://www.reuters.com/article/2014/12/01/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141201
Social engineering: http://www.knowbe4.com/what-is-social-engineering/
Security Awareness Training: http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Ransomware: http://blog.knowbe4.com/bid/400080/New-Flavor-of-Ransomware-Is-More-User-Friendly

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

5K a Day 2017

Our 2017 fitness goal

securityNOW

Cybersecurity News and Interviews

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey

%d bloggers like this: