Item description for Black Hat Physical Device Security: Exploiting Hardware and Software by Drew Miller...
Attacking & Defending Physical Devices for Software and Hardware EngineersThe security devices of today are much more complex than those long ago. While some still are just electronic transistors, diodes, capacitors and resistors, many now have software and communication-based features. Easy-to-use and easy-to-deploy, microprocessors and hard drives are common and used in car Global Positioning Systems (GPS), telephones, and even portable video game systems. Black Hat Physical Device Security looks at the risk involved with network hardware, home security, security installation companies, biometric devices, and much more. This is the book that answers the questions:
How can I protect against physical device exposures if I already have these systems in place?
How do I factor risk from not having a secure method of communication over a network that is not trusted?
I have one or more tools that I use to test for these types of exposures in software and hardware that we manufacture. Do I need to do more than that?
So much of the data that I would record through monitoring can be spoofed, so why record it at all?
Can you break any embedded device with physical access?
If we place high-level communication processes within our devices, isn't that creating more problems then simply plugging wires that carry raw signals into these devices?
And many more... Table of Contents:The Enveloping ParadigmInheriting Security ProblemsInformation SecurityMitigating ExposuresMonitoring Software ExposuresTaking a Hard Look at HardwareAuthenticating PeopleMonitoring and Detecting DeviationsNotifying SystemsTerms In ContextFactoring By Quadratic Relationships: A ConstructionFactoring Source Code For Fun
Promise Angels is dedicated to bringing you great books at great prices. Whether you read for entertainment, to learn, or for literacy - you will find what you want at promiseangels.com!
Est. Packaging Dimensions: Length: 9.1" Width: 7" Height: 1.1" Weight: 1.4 lbs.
Release Date Oct 15, 2004
ISBN 193226681X ISBN13 9781932266818
Availability 146 units. Availability accurate as of Mar 24, 2017 08:09.
Usually ships within one to two business days from La Vergne, TN.
Orders shipping to an address other than a confirmed Credit Card / Paypal Billing address may incur and additional processing delay.
Reviews - What do customers think about Black Hat Physical Device Security: Exploiting Hardware and Software?
Poor writing, assertions without any logic, rambling text Jan 2, 2007
As an author, I understand the difficulty of writing a good book and the sting of a poor review. I'm reluctant to do so, but here I feel I have no choice. This book is simply very poorly done.
I don't know quite what the author was hoping to achieve, but I think it's somewhere along the lines of the philosophy behind security. Drew fails to deliver, instead we get rambling text, bad anecdotes, poor writing, and no focus. When we finally do get to some technical material, it's poorly presented (eg the crypto code in Chapter 3).
Errors are also rife throughout the text. For example, in chapter 3 the author attempts to describe connection attributes to enforce for a connection. One of these is the MAC address of a host 2 hops away. Anyone with any understanding of TCP/IP networking would know that if a host is 2 hops away, then the MAC address belongs to your router. The attack Drew describes isn't going to see the router change out from under the system.
While there's a lot of terms thrown around, there aren't any useful concepts really taught or well presented. I don't think anyone will learn much of anything from this book. The title of the book suggests that we'll be hitting hardware, too, but it's not until the last third of the book that this is introduced, and just as poorly as key concepts in software security (defense, attacks, etc), and only for one chapter.
I just don't have anything positive to say about this book, and for that I truly apologize to the author (and as a fellow author). This isn't personal (I don't know Drew, I believe, nor do I harbor any malice towards him or anyone he knows), it's just not a very good product. If you're looking for a comprehensive overview of infosec, look at something like Bishop's tome "Introduction to Computer Security".
From the Author Mar 2, 2005
There are many misconceptions about security and the quality of products in the world. This book offers a larger perspective on the details of why those misconceptions exist. We must often dig deep to find these flaws and sometimes review explicitly technical processes. At the same time, surrounding these technical details are demonstrated concepts of trust and assumption that have plagued products in the past, present, and surely in the future. Some texts may demonstrate a problem and a precise solution to that problem. This book offers the understanding of how and also why. It takes the reader from looking at any product, software or hardware, and integrates perspectives specific to trust and reliance upon technologies, which, by design, were never intended to supply a secure infrastructure. You will also see the reasons why these technologies fail; trust and assumption.
Recent intrusions into network and wireless infrastructures are just mere examples of products; however functional they may be, that, in general, lack any quality assurance specific to the types of attacks that are reviewed within this book.