Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Crimeware: Understanding New Attacks and Defenses", Markus Jakobsson/Zulfikar Ramzan

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKCRMWRE.RVW 20080511 Crimeware: Understanding New Attacks and Defenses , Markus Jakobsson/Zulfikar Ramzan, 2008, 978-0-321-50195-0, 54.99/C$59.99 %E
    Message 1 of 1 , Aug 14, 2008
    • 0 Attachment
      BKCRMWRE.RVW 20080511

      "Crimeware: Understanding New Attacks and Defenses", Markus
      Jakobsson/Zulfikar Ramzan, 2008, 978-0-321-50195-0, 54.99/C$59.99
      %E Markus Jakobsson
      %E Zulfikar Ramzan
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2008
      %G 978-0-321-50195-0 0-321-50195-0
      %I Addison-Wesley Publishing Co.
      %O 54.99/C$59.99 416-447-5101 fax: 800-822-6339 bkexpress@...
      %O http://www.amazon.com/exec/obidos/ASIN/0321501950/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0321501950/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0321501950/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 582 p.
      %T "Crimeware: Understanding New Attacks and Defenses"

      The preface notes the change in incentive, for the production of
      malware, from intellectual curiosity to the profit motive. It also
      states that the book is intended for anyone with an interest in
      crimeware or computer security, including those with a background in
      education or public policy rather than technology.

      Although chapter one promises, at various points, a structured and
      taxonomic overview of crimeware, it is little more than a grab bag of
      points possibly related to malware and information security, and, as
      such, is more confusing than educational. Gary McGraw's seven-point
      taxonomy of coding errors is given in chapter two. It's an excellent
      list, but has limited relevance to crimeware. Chapter three consists
      of two very distinct items: an interesting report on the spread of
      malware through peer-to-peer (P2P) file-sharing networks, and an
      account of one specific chain-mail hoax. Malware implementations in
      small devices, such as USB (Universal Serial Bus) and RFID (Radio
      Frequency IDentification), are explored in chapter four, which
      material does, at least, discuss how these technologies could be used
      for criminal activity. Although entitled "Crimeware in Firmware,"
      most of chapter five is concerned with wireless LAN security, and is
      highly speculative. A few pieces of crimeware that run in Web
      browsers are described in chapter six. Chapter seven contains a
      reasonable, though superficial, overview of botnets. A number of
      calls used by specific rootkit packages are described in chapter
      eight. Fraud in online gaming is examined in chapter nine, although,
      oddly, the issue of theft of game goods for "real world" sale is not
      mentioned. Chapter ten covers politics and malicious online activity,
      but is primarily concerned with Web defacements and online defamation.
      Fraud, generally related to Web advertising, is in chapter eleven.
      "Crimeware Business Models," in chapter twelve, are confined to only a
      few types, although the section on adware is particularly good.
      Advice on how not to do education is provided in chapter thirteen.
      Chapter fourteen outlines a few US laws possibly relevant to
      crimeware. The activities of the Trusted Computing Group (TCG),
      particularly with regard to Digital Rights Management, are promoted in
      chapter fifteen. A simplistic look at a few defensive technologies is
      provided in chapter sixteen. Chapter seventeen provides a vague
      closing to the book.

      The level of the writing and the technology varies from chapter to
      chapter, since the book has a wide variety of authors. Unfortunately,
      very little of the content is directly relevant to crimeware as such:
      most of the material is merely general information about malware.
      Some of the text is interesting, but much of it is vague, and little
      is new. The work is a fairly reasonable introduction to malware
      threats and protection, but does not add much to the existing
      literature.

      copyright Robert M. Slade, 2008 BKCRMWRE.RVW 20080511


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      [Upon being awakened] It's bright, I'm blind, I need to sleep...
      (long pause)... thank you for visiting the Blind Residence...
      good bye. - TAH, 20060222
      victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
    Your message has been successfully submitted and would be delivered to recipients shortly.