Wow, so 2014 is over apparently. And that means a new blog post. Every year I like to sit back and think about significant events and take stock of where I am and where I would like to be in the not too distant future.
I found late in 2014 that I had read a few books that really got my attention with me. I am not normally a big reader - at least of entire books. With my attention span matching Twitter more than the New York Times, unless it grabs me in the 1st chapter or so, I am not going to get very far. However the two books below were addictive reads for me and likely for other people in IT/InfoSec. So I thought I would share my two cents on them in the hopes that if anyone reads this post they might be led to read either of these two future classics - IMHO.
Countdown to Zero Day by Kim Zetter
I am very glad this book did not come out before I had written my master's thesis on Stuxnet. If the book had come out I would have been hard pressed to not simply use this book as a primary source and all of her references as secondary. Kim Zetter hit it out of the park with this book. Her writing and ability to tell a complex true story and cover both the facts as well as unpack some of the bigger issues that Stuxnet raised as far as that thing people call Cyberwar made this a page turner for me. The amount of solid research she did for this book is clearly massive, including interviews with those who were doing the analysis and putting pieces together - the Symantec duo and Ralph Langner and his team as well as VirusBlokAda who appear to have found the first sample and began to realize the complexity of the Stuxnet attack.
Spam Nation by Brian Krebs
Krebs is a celebrity/hero amongst InfoSec bloggers. A former IRL Washington Post journalist, he has been blogging on the underbelly of the Interwebz for a long time. He has been able to infiltrate forums and actually get acquainted with people who are involved in criminal activities using/abusing technology. The credit card black market for one, and the former kingpins of the spam world for two. His research and connections gave him enough material for an entire book devoted to the email scourge we call spam. In some ways it's a sad statement on modern life, how everyone has more or less accepted needing an email filter in 2014 the same way we need other defensive technologies such as firewalls/antivirus/etc. Sad to me in that from Krebs' point of view a significant amount of spam could have been stopped long ago if the right people/organizations got together sooner than they did. Suffice it to say the tales Krebs lays out in his book are fascinating, and the spam business is unlikely to go away. The fake pharmacy topic alone is enough to get you thinking and wondering about how the prescription drug problem is not going away soon, and why it is that the big drug companies seem unwilling to participate in significant efforts to stop people from buying versions of their drugs online - both legit versions that have the right active ingredient and others that do nothing and/or contain some scary ingredients no human being should ingest.
Well, that is all I have to say about the books above. I recently began Shane Harris' book @War and it looks to be a good read as well but until I get further into it I can't say much. If you want to know how/why the NSA got to where it did post-Snowden this one looks to have a lot of meaty goodness.
I wish all who end up reading this a wonderful year, no matter what year you read this ;)
Monday, January 12, 2015
Subscribe to:
Posts (Atom)
