Sponsored links

Valid XHTML 1.0!
Valid CSS!
Product: Book - Paperback
Title: Programming C#, 4th Edition
Publisher: O'Reilly
Authors: Jesse Liberty
Rating: 5/5
Customer opinion - 5 stars out of 5
C# in plain english

Every topic is clearly and simply explained in the minimum number of words - no waffle. This is the best book I've seen for getting started in C#. In fact it's the best technical book I have ever read. Some people have requested more depth - that would make it too heavyweight for people starting out in C#.

Product: Book - Hardcover
Title: The Art of Deception: Controlling the Human Element of Security
Publisher: Wiley
Authors: Kevin D. Mitnick, William L. Simon, Steve Wozniak
Rating: 5/5
Customer opinion - 5 stars out of 5
Interesting & timely about the dangers of social engineering

Kevin Mitnick says "the term 'social engineering' is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole for them to slip through." It's suitable that Mitnick, once vilified for his cracking exploits, has written a book about the human element of social engineering - that most subtle of information security threats.
Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption.
The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering.
Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information.
The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios. At the end of each chapter, the book analyzes what went wrong and how the attack could have been prevented.
The book is quite absorbing and makes for fascinating reading. With chapter titles such as The Direct Attack; Just Asking for it; the Reverse Sting; and Using Sympathy, Guilt and Intimidation, readers will find the narratives interesting, and often they relate to daily life at work.
Fourteen of the 16 chapters give examples of social engineering covering many different corporate sectors, including financial, manufacturing, medical, and legal. Mitnick notes that while companies are busy rolling out firewalls and other security paraphernalia, there are often unaware of the threats of social engineering. The menace of social engineering is that it does not take any deep technical skills - no protocol decoders, no kernel recompiling, no port scans - just some smooth talk and a little confidence.
Most of the stories in the book detail elementary social engineering escapades, but chapter 14 details one particularly nasty story where a social engineer showed up on-site at a robotics company. With some glib talk, combined with some drinks at a fancy restaurant, he ultimately was able to get all of the design specifications for a leading-edge product.
In order for an organization to develop a successful training program against the threats of social engineering, they must understand why people are vulnerable to attack in the first place. Chapter 15 explains of how attackers take advantage of human nature. Only by identifying and understanding these tendencies (namely, Authority, Liking, Reciprocation, Consistency, Social Validation, and Scarcity), can companies ensure employees understand why social engineers can manipulate us all.
After more than 200 pages of horror stories, Part 4 (Chapters 15 and 16) details the need for information security awareness and training. But even with 100 pages of security policies and procedures (much of it based on ideas from Charles Cresson Wood's seminal book Information Security Policies Made Easy) the truth is that nothing in Mitnick's security advice is revolutionary - it's information security 101. Namely, educate end-users to the risks and threats of non-technical attacks.
While there are many books on nearly every aspect of information security, The Art of Deception is one of the first (Bruce Schneier's Secrets and Lies being another) to deal with the human aspect of security; a topic that has long been neglected. For too long, corporate America has been fixated with cryptographic key lengths, and not focused enough on the human element of security.
From a management perspective, The Art of Deception: Controlling the Human Element of Security should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature.

Product: Book - Paperback
Title: Pro/ENGINEER Wildfire for Designers
Publisher: Cadcim Technologies
Authors: Sham Tickoo
Rating: 4/5
Customer opinion - 4 stars out of 5
Pro/ENGINEER Wildfire for Designers by Sham Tickoo

This book is definitely helpful (would you believe essential) in learning Pro/engineer Wildfire. It achieves a good balance between reference material and tutorial examples (as compared to Lamit's books which are mostly tutorial with CadTrain screen prints and step by step instructions, but with a good index).

Explaining any major software package really requires two books. This book is a good first book and it also covers some of the more advanced 3D modeling topics that you would expect in a second book. The examples of dimensioning and annotating 2D drawings are simplistic educational ones and not of the level used in industrial design drawings going to a machine shop to be fabricated.

The index is inexcusably incomplete. Key words like: note, layer, view, orientation, hide, shading and colors are missing from it. I find the topics that should be indexed by going to the most likely chapter and looking at every page for them. As hokey as that sounds it actually works fairly well. The help files with Pro/Engineer fill in most of the pieces that are missing from this book and they have an excellent search engine.

In the creating cross sectional views tutorial on page 10-24, I found one frustrating mistake in instruction step 11, which should read, "Choose the create 2 point lines from the sketch view pulldown sketch menu and draw the lines ..."

The bottom line is that this book will definitely assist you in learning Pro/Engineer Wildfire. Although count on the many hours of struggle and frustration that are required to learn any major software tool. I don't think any book or approach will ever change that.

Product: Book - Hardcover
Title: Interconnections: Bridges, Routers, Switches, and Internetworking Protocols (2nd Edition)
Publisher: Addison-Wesley Professional
Authors: Radia Perlman
Rating: 5/5
Customer opinion - 5 stars out of 5
great technical introduction, indispensible reference

The 2nd edition of Interconnections is every bit as good as the exceptional 1st edition, but is expanded by about 50%. Still present is Dr. Perlman's clear, concise coverage of the theory and practice of the fundamental network building blocks: bridges, routers, and "switches" (including token ring source-route bridging). Also still included is a brief synopsis of her dissertation on sabotage-proof network protocols, an idea whose time has definitely come. The coverage on specifics of network protocols is significantly expanded, particularly TCP/IP (v4 and v6), IPX/SPX, DECnet, and AppleTalk. Coverage of specifics of routing algorithms, such as RIP and OSPF, is also expanded, now even including multicast extensions. New material has been added that lays bare the details of fast ethernet, gigabit ethernet, ATM ("classical" IP-over-ATM and LANE), and NAT/NAPT. I highly recommend the 2nd edition to anyone wanting to increase their technical understanding of networking, no matter what your knowledge/experience level, and as a nonpartisan technical reference for networking professionals.