Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Rob Slade, doting grandpa of R
August 12, 2005, 7:26 pm
rate this thread
"Black Hat Physical Device Security", Drew Miller, 2005,
%A Drew Miller firstname.lastname@example.org
%C 800 Hingham Street, Rockland, MA 02370
%I Syngress Media, Inc.
%O U$49.95/C$72.95 781-681-5151 fax: 781-681-3585 email@example.com
%O (Amazon.com product link shortened)
(Amazon.com product link shortened)
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 363 p.
%T "Black Hat Physical Device Security"
The introduction asserts that products are insecure, and also tries to
say something about trust. There is no clear statement in regard to
the purpose or intent of the book, however. In addition, there are an
alarming number of grammatical and spelling errors, and this error
rate doesn't get any better in the course of the text.
Chapter one notes that it is possible to program safely. Most systems
have bugs, notes chapter two, but despite the fact that we have to
rely on insecure systems, the document points out that we can retrofit
security onto systems. Encryption is covered in chapter three, which
also contains ten pages of C language source code, which apparently is
an attempt to convince you how simple encryption is. There is also
some discussion of standard authentication forms and biometrics: it
seems rather odd, but is tied in towards the end of the chapter with a
discussion of how encryption can protect authentication data. Chapter
four describes a number of attacks involving input, and suggests
mitigating procedures. Monitoring of data submitted is recommended in
chapter five. Various hardware security devices are considered in
chapter six. Chapter seven is mostly authentication, and a little bit
of cryptography. There is more on monitoring in chapter eight.
Chapter nine closes off with discussions of notification.
Given no stated purpose for the book, it is very difficult to say
whether it reaches its own, or any other, objective. There are scraps
of useful information contained in these pages, but little structure
and no apparent purpose.
copyright Robert M. Slade, 2005 BKPHDVSC.RVW 20050615
firstname.lastname@example.org email@example.com firstname.lastname@example.org
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev /
or mirror http://sun.soci.niu.edu/~rslade /
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to email@example.com
- » Cloned disk "thinks" it is much smaller than it is.
- — Next thread in » Computer Software Security
- » CFP: IEEE in cooperated International Conference on Intelligent Agents, Web Technologies a...
- — Previous thread in » Computer Software Security