REVIEW: "Black Hat Physical Device Security", Drew Miller

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

BKPHDVSC.RVW   20050615

"Black Hat Physical Device Security", Drew Miller, 2005,
1-932266-81-X, U$49.95/C$72.95
%A   Drew Miller
%C   800 Hingham Street, Rockland, MA   02370
%D   2005
%G   1-932266-81-X
%I   Syngress Media, Inc.
%O   U$49.95/C$72.95 781-681-5151 fax: 781-681-3585
%O  ( product link shortened)
  ( product link shortened)
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   363 p.
%T   "Black Hat Physical Device Security"

The introduction asserts that products are insecure, and also tries to
say something about trust.  There is no clear statement in regard to
the purpose or intent of the book, however.  In addition, there are an
alarming number of grammatical and spelling errors, and this error
rate doesn't get any better in the course of the text.

Chapter one notes that it is possible to program safely.  Most systems
have bugs, notes chapter two, but despite the fact that we have to
rely on insecure systems, the document points out that we can retrofit
security onto systems.  Encryption is covered in chapter three, which
also contains ten pages of C language source code, which apparently is
an attempt to convince you how simple encryption is.  There is also
some discussion of standard authentication forms and biometrics: it
seems rather odd, but is tied in towards the end of the chapter with a
discussion of how encryption can protect authentication data.  Chapter
four describes a number of attacks involving input, and suggests
mitigating procedures.  Monitoring of data submitted is recommended in
chapter five.  Various hardware security devices are considered in
chapter six.  Chapter seven is mostly authentication, and a little bit
of cryptography.  There is more on monitoring in chapter eight.
Chapter nine closes off with discussions of notification.  

Given no stated purpose for the book, it is very difficult to say
whether it reaches its own, or any other, objective.  There are scraps
of useful information contained in these pages, but little structure
and no apparent purpose.

copyright Robert M. Slade, 2005   BKPHDVSC.RVW   20050615

============= for back issues:
[Base URL] site /
      or mirror /
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews:   [Base URL]mnbk.htm
Review mailing list: send mail to

Site Timeline