Wil Allsopp: Unauthorised Access: Physical Penetration Testing for IT Security Teams (2009)
Filed under book | Tags: · cctv, computing, dumpster diving, encryption, hacking, security, social engineering, wardriving, wireless networks
The first guide to planning and performing a physical penetration test on your computer’s security
Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.
Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.
– Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
– Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
– Includes safeguards for consultants paid to probe facilities unbeknown to staff
– Covers preparing the report and presenting it to management
In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.
Publisher John Wiley and Sons, 2009
ISBN 0470747617, 9780470747612
302 pages
Matt Curtin: Brute Force: Cracking the Data Encryption Standard (2005)
Filed under book | Tags: · computing, cryptography, cypherpunk, hacking, mathematics, security, technology
In the 1960s, it became increasingly clear that more and more information was going to be stored on computers, not on pieces of paper. With these changes in technology and the ways it was used came a need to protect both the systems and the information. For the next ten years, encryption systems of varying strengths were developed, but none proved to be rigorous enough. In 1973, the NBS put out an open call for a new, stronger encryption system that would become the new federal standard. Several years later, IBM responded with a system called Lucifer that came to simply be known as DES (data encryption standard).
The strength of an encryption system is best measured by the attacks it is able to withstand, and because DES was the federal standard, many tried to test its limits. (It should also be noted that a number of cryptographers and computer scientists told the NSA that DES was not nearly strong enough and would be easily hacked.) Rogue hackers, usually out to steal as much information as possible, tried to break DES. A number of “white hat” hackers also tested the system and reported on their successes. Still others attacked DES because they believed it had outlived its effectiveness and was becoming increasingly vulnerable. The sum total of these efforts to use all of the possible keys to break DES over time made for a brute force attack.
In 1996, the supposedly uncrackable DES was broken. In this captivating and intriguing book, Matt Curtin charts DES’s rise and fall and chronicles the efforts of those who were determined to master it.
Publisher Springer, 2005
Copernicus Series
ISBN 0387201092, 9780387201092
291 pages
wikipedia
publisher
google books
The Machinery of Stability Preservation (2011) [Chinese/English]
Filed under report | Tags: · china, human rights, politics, riot, security, short-circuit, social decay, social unrest, society
“There is widespread agreement in China, from high officials to ordinary people, about the importance of maintaining social stability. There is rather less consensus, though, about how best to ensure and promote stability. Considering the costs, both fiscal and human, of continued pursuit of the policy of “stability above all else,” some have begun to question whether, perhaps, the effort might actually be counterproductive.
In a recent article (translated below) posted on the website of Caijing magazine, two reporters who have been covering China’s social stability problem offer an excellent introduction to the organizational structure behind China’s stability management effort. Their detailed portrait of this structure as it exists at both the central and local levels leads into a trenchant analysis of China’s paradoxical pursuit of stability and a look at how that structure actually undermines that effort. Their conclusion—that the only escape from this paradox is to accelerate the pace of political and judicial reform—is a clear articulation of an aspiration that is gathering momentum in China but that will still have to overcome much resistance if it is to be realized.”
by Caijing magazine reporters Xu Kai & Li Weiao, 6 June 2011
Translated by Dui Hua Human Rights Journal, 8 June 2011
View online [Chinese]
View online [English]
related:
Stability Preservation in China (English extracts from three pieces written by Leung Man Tao, a recognized media professional and public intellectual from Hong Kong, Du Guang, a veteran Central Party School scholar, and Sun Liping, a sociology professor at Tsinghua University; 2010)
Riot erupts in southwest China town: reports (Reuters; 12 Aug 2011)