Black Hat: Misfits, Criminals, and Scammers in the Internet Age

The chapter selection is as follows: Black Hats: Things That Go Ping In The Night; Y.O.U MAYHAVE ALREDY 1!: SPAM; Deep Cover: Spyware; Shockwave: Worms and Viruses; Dear Friend: Scams; Upload Or Perish: Pirates; Break In: Hacking; Don't Get Burned: White Hats; Glossary; Selected Reading; Index

Biggs has written a relatively short (158 pages) book that deals with most of the major security risks an average user will face on a regular basis on the internet. For example, the chapter on spam starts off with a real-life scenario involving Alan Ralsky, a well-known spammer. You're then taken back to the early days of the 'net when the first generally recognized piece of spam made its appearance in UseNet. The growth of unsolicted mail is tracked to current day levels, as well as the reasons why spammers do what they do. He even takes a typical piece of spam mail and dissects the headers to show the reader how all is not as it seems in terms of where it came from and how it got to you. The current solutions, along with the pros and cons of each are discussed, in addition to where spam seems to be headed in the future. All this is done in a narrative fashion that stays at a level that is understandable to the average "Joe Computer User".

The chapter on scams is also very valuable for helping people avoid getting fleeced. A lot of space is given to the Nigerian 419 scam, where you are asked to help someone transfer money out of their country into your bank account for a cut of the millions. I keep thinking no one would fall for this, but it still keeps sucking people in. Biggs also explains phishing scams, where users end up at web sites which are clever imitations of real sites. The person enters financial or personal information, and then finds themselves the victim of credit or identity fraud. This is definitely a scam on the upswing, and can catch people at all levels of internet expertise.

I personally enjoyed reading it, knowing that there were a number of people I would recommend it to. Like my kids or my parents. :-) If you're not an IT professional but you are an internet user, this book will help you to understand and avoid some very real dangers out there.

Rating:
Summary: Definitely a necessary read for the typical web surfer...
Review: I recently received a copy of Black Hat: Misfits, Criminals, and Scammers in the Internet Age by John Biggs from Apress. While the information technology professional might not learn anything new from this book, it will serve as a readable resource to help typical computer users to understand the threat to their well-being when they surf the internet.

The chapter selection is as follows: Black Hats: Things That Go Ping In The Night; Y.O.U MAYHAVE ALREDY 1!: SPAM; Deep Cover: Spyware; Shockwave: Worms and Viruses; Dear Friend: Scams; Upload Or Perish: Pirates; Break In: Hacking; Don't Get Burned: White Hats; Glossary; Selected Reading; Index

Biggs has written a relatively short (158 pages) book that deals with most of the major security risks an average user will face on a regular basis on the internet. For example, the chapter on spam starts off with a real-life scenario involving Alan Ralsky, a well-known spammer. You're then taken back to the early days of the 'net when the first generally recognized piece of spam made its appearance in UseNet. The growth of unsolicted mail is tracked to current day levels, as well as the reasons why spammers do what they do. He even takes a typical piece of spam mail and dissects the headers to show the reader how all is not as it seems in terms of where it came from and how it got to you. The current solutions, along with the pros and cons of each are discussed, in addition to where spam seems to be headed in the future. All this is done in a narrative fashion that stays at a level that is understandable to the average "Joe Computer User".

The chapter on scams is also very valuable for helping people avoid getting fleeced. A lot of space is given to the Nigerian 419 scam, where you are asked to help someone transfer money out of their country into your bank account for a cut of the millions. I keep thinking no one would fall for this, but it still keeps sucking people in. Biggs also explains phishing scams, where users end up at web sites which are clever imitations of real sites. The person enters financial or personal information, and then finds themselves the victim of credit or identity fraud. This is definitely a scam on the upswing, and can catch people at all levels of internet expertise.

I personally enjoyed reading it, knowing that there were a number of people I would recommend it to. Like my kids or my parents. :-) If you're not an IT professional but you are an internet user, this book will help you to understand and avoid some very real dangers out there.

Rating:
Summary: A book to skip...
Review: The narrative of this book has a condescending voice. I would not recommend it even for a person who had no familiarity with the subject matter handled. If you are going to read a book about hackers I would recommend that you skip straight to the selected reading section at the end of the book.

Nothing covered in this book is surprising or insightful. Anyone using a windows machine for the last three years would have experience the phenomena cover. It is not a good source for understanding the history of hacking, the underground hacking culture, or how to protect your computer. Many books deal with each of those subject matters in much more detail. Also I would be concerned with the author's handle of the subject matter by the way that he describes a rootkit. On page 125 the book says, "Many skilled hackers produce hacking kits, a.k.a 'rootkits.'". The author seems to imply that any program that scripts hacking could be considered a rootkit. Whereas, rootkits are a very specific type of program (see http://en.wikipedia.org/wiki/Rootkit)

Rating:
Summary: Book on Security for Novice User
Review: This is a review on a book called Black Hat, Misfits, Criminals, and Scammers in the Internet Age.

This is a book on computer security. The book talks about how to
secure your home/office computer from the script kiddies. The book breaks down the different types of security issues that you might be faced with, being online. It covers all types of security from Email to Hacking, (Script Kiddies) to Scams.


The book talks about current security issues (Blaster Worm, Melissa, Mydoom). The book is current, it was published this year (June 2004). The content of the book is good for people just starting out in computers (security). It will not be a real useful resource for the experienced user.

This book covers a lot of topics, but 90% if the information is designed for the novice user. If you have any computer experience at all, this book is good, but a little basic. I liked the book for some of the information it provided, but a lot of it was not new. Most of the security web sites that talk about security will cover this same information.

The author talks about Windows and Linux for the Operating Systems used in the book. Since Mac (OS X) is also a viable operating system,I wish they would have covered it as well. Since it is Unix based.

The book is very readable. It is a very easy read, I was able to
read the entire book in a few days. There are some examples in
the book. I liked most of them, but some (few) had really dark screens. It was not to bad. I wish that he would have lighten them up some. So there where kind of hard to see.
It did help having some of the illuastrations to see the point
that was being made. I wish they would have given a few more.

The book does not come with any software, or any code samples.
I think that it would have been helpful to have a CD in
the book.

The book does give a lot of information on the fact that all the
information you see on TV and in the movies is just not true.
You can not use your computer to play a game of "Nuclear War" on
your computer. As is shown in "War Games" (1983)

In Chapter 1 is about the guys and gals that have been caught
hacking different types of machines. It also gives a basic
over view of what you can expect by having a computer on the
Internet. That the best (Only) way to keep your computer safe
is to cut the cord. I agree that it is safer to not go on the net, but if you want to stay current, or talk to others you need to be on the net. I wish that they would have covered the different types of devices (Router, Firewalls, Switchs) that can be used to help prevent attachs.

When you get to Chapter 2 the book will cover what is happening
with SPAM. He goes over a lot of different items on SPAM. He
tells you that you can not do anything about SPAM. Then he
talks about "The Solution" which he covers what a "Whitelist"
and a "Blacklist" are. He covers the way a Bayesian filter works.
This is one of the ways to protect your machine that he goes into
a lot of detail. He does cover the what kind of messages
look like that are SPAM.

In the next chapter he goes into SPYWARE and what it is
caused by and what kind of software it is in. He does cover
the information about "Gator" and what they have done.
He does cover the how to get rid of it, and what you can
do to be careful and not get it in the first place. It is good
information, and if you follow the advise it help keep it
off your machine.

Each of the chapters cover a different type of security risk.
I wish that some of the chapters would have covered the secuirty topic in more detail. As I have stated above, the second chapter covers spam. The information that they talk about is good, but it could have been better. One of the things that was lightly touched on was a way to discover if the mail that you are getting
is really from the sender. This is one of the chapters that I
was looking really forward to.

One of the other items in the book that could have been covered
in better detail is the Phising section. They talk about how
it is done. I would to like to had it covered in more detail.
With more about the ways to discover it. They talk about how
a user can determine the if an Email is really fake or not.
Most novice users will not have the first clue on what needs
to be done. I wish that it would have been covered in a little
more detail. One of the other items that I wish had been covered
is that all of the major Credit Card companies will never ask
you for this information. It is information that they have on
file already. I wish that he would have done a little better
on explaining what was happening.

You can tell he has done his research on what is going on in
the real Internet. He does a good job at explaining what is happening over all. I wish that the book would have given more detail on what was being covered.

Rating:
Summary: Short introduction to all things malicious
Review: This is a short, but well written, book on the wide variety of nasty things that can harm you when you are on the web; adware, viruses, spam, scams and spyware. There are eight chapters, each covering a different malicious software or activity.

The first three chapters cover the stuff you will encounter the most often; spam, spyware and viruses. These chapters together make up the majority of the book and are the heart of the content.

After that the book goes into scams and then inverts coverage from the malicious stuff done against the average Internet user to covering hacking and fighting the hacking.

This is not a for-dummies book. The content is designed for people of reasonable technical expertise. And the design of the book is a short overview to get you started on securing your computer and yourself on the Internet. This book is an excellent way to get started, but from there you will have to guide yourself or make purchases of books that provide more in-depth coverage of specific topics, like security a Windows box.

Rating:
Summary: Good overview
Review: This is a very readable journey into the smarmy underside of the Internet. In straightforward, nontechnical prose, it explains the basic ideas behind spam and viruses and worms. Plus ostensibly benign spyware. And outright scams, that are a particularly pernicious subset of spam. Space is given to explaining about the Nigerian 419 and of phishers.

Then there is the explanation of downloading of copyrighted material (usually music). This differs from the others in that here millions actively participate. Whereas the others are pushed out to millions, most of whom decline.

The book is ideal for a person still new to the Internet, and worried about snares. It eshews a sensationalistic or preachy tone.

The only unfortunate thing is that it is pessimistic about defeating spam. The reasons give reflect the current consensus in the antispam field. But a few others, like myself, believe, based on our own works, that spam can indeed be crushed.

Rating:
Summary: Required reading for anyone with an Internet connection
Review: This is easily one of the best books available today to teach the average person what goes on in the darkest corners of the Internet. Author John Biggs takes the reader on a mind-expanding journey into these areas where questionable characters are more the rule than the exception. Along the way you will learn about port scanning, viruses, spam, spyware, worms, scams, pirates, and hacking. This is one of the very few books that teach the reader what can happen and how to be prepared without becoming a book that teaches malcontents how to become a hacker. This makes it one of the very few books that I could recommend to high schools, youth groups, and adult groups who want to understand the dangers of the Internet.

"Black Hat" is a book that is long overdue for publication. Most books on this subject are too technical for the average reader; this one is the exception. Everyone who surfs the net, for whatever reason, should read a book like this just so they know what can happen. If you are a non-technical user then "Black Hat: Misfits, Criminals, and Scammers in the Internet Age" is the best book available today for this purpose. This book should be considered as a gift for friends and family you love that surf the net and need to be safe.

Rating:
Summary: Required reading for anyone with an Internet connection
Review: This is easily one of the best books available today to teach the average person what goes on in the darkest corners of the Internet. Author John Biggs takes the reader on a mind-expanding journey into these areas where questionable characters are more the rule than the exception. Along the way you will learn about port scanning, viruses, spam, spyware, worms, scams, pirates, and hacking. This is one of the very few books that teach the reader what can happen and how to be prepared without becoming a book that teaches malcontents how to become a hacker. This makes it one of the very few books that I could recommend to high schools, youth groups, and adult groups who want to understand the dangers of the Internet.

"Black Hat" is a book that is long overdue for publication. Most books on this subject are too technical for the average reader; this one is the exception. Everyone who surfs the net, for whatever reason, should read a book like this just so they know what can happen. If you are a non-technical user then "Black Hat: Misfits, Criminals, and Scammers in the Internet Age" is the best book available today for this purpose. This book should be considered as a gift for friends and family you love that surf the net and need to be safe.

Rating:
Summary: Generally good, but uneven
Review: When I first heard the title of Black Hat: Misfits, Criminals, and Scammers in the Internet Age, I thought I would be getting an in-depth discussion on how hackers attempt to take control. I must admit that I was disappointed when I got this relatively slim book.

It becomes obvious as you read the book that John has done a lot of research into the darker areas of the Internet. His writing shows a good, solid knowledge of the perils and pitfalls lurking for the unwary surfer. The book reads easily, similar to an extended newspaper article. It is broken up into chapters on spam, spyware, worms and viruses, scams, pirating, hacking, and what you can do to help yourself. Each chapter generally talks about the problems in a genuinely serious tone, then letting you know what kinds of solutions are available.

His chapter on the problem of spam was interesting from the start. He starts with an in-depth profile of the king of spam, Alan Ralsky, who honestly believes he is providing a legitimate service for companies despite using suspect techniques. John goes into detail on how spammers can scour web sites for your email address. I could argue that he gave so much detail that readers could do it themselves!

His chapters on spyware and worms and viruses are definite must-reads. The scam chapter discusses the Nigerian scam in depth, giving the reader all the information he needs to avoid being taken in. Phishing and auction fraud scams are also discussed. Considering how much more press coverage they're getting these days, this is important information for everyone.

John gives us some history behind the early days of computer piracy, including an ironically amusing letter from Bill Gates. Gates and his partner Paul Allen marketed BASIC for the Altair hobbyist computer back in 1976, and fell prey to pirates. He wrote an extended letter ranting about how much financial impact that piracy had on the two of them. John goes on to describe the furor over the publication of DeCSS and subsequent trial of Jon Johansen, who was simply trying to make a DVD driver for his Linux system. The description of the ensuing trial could be expanded into a movie-of-the-week.

Hackers, at least the kind the press covers, are described in John's book in a very stereotypical fashion. "Their lair is a darkened room, a tricked-out desktop computer ... gives off an eerie green glow." He describes one specific hacker, Lord Digital, to give us a feeling of what it is like to run in those subterranean circles. Script kiddies, who form a more serious threat due to their numbers, are also discussed with detail.

The final chapter, "Don't Get Burned: White Hats", tries to give a final solution to the problem of the wild, wild, web. Unfortunately, the author's main solution is to go open-source, i.e. Linux, Mozilla, OpenOffice, etc. His contention is that you will not be vulnerable if you do so. He says, "This operating system [Linux], <u>completely secure</u> [emphasis mine] ... has yet to be infected by any of the nasties ...". Any security professional will tell you that the only completely secure operating system is one that isn't being run. There is a small grain of truth, but you cannot be certain every single bug has been routed out.

Finally, I wonder what level of user his book was meant for. In some areas he explains things at a high level, and at others he swoops down into excrutiating detail. I felt this gave Black Hat, an otherwise good book, a distinctly uneven feel to it. That's why I gave it 3 out of 5 stars.

Overall, despite his obvious prejudice towards Linux and other open-source software, this book is easy to read (for the most part), and provides a lot of valuable information.