 |
Black Hat Physical Device Security: Exploiting Hardware and Software
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Buffer Overflow Attacks; James C. Foster, et al, $25.50, 27% Off!
- Cyber Spying: Tracking Your Family's (Sometimes) Secret Online Lives; Eric Cole, et al, $22.50, 44% Off!
- Apache Security; Ivan Ristic, $21.95, 37% Off!
- Intrusion Prevention and Active Response; Michael Rash, et al, $27.50, 45% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Attacking & Defending Physical Devices for Software and Hardware Engineers
The security devices of today are much more complex than those long ago. While some still are just electronic transistors, diodes, capacitors and resistors, many now have software and communication-based features. Easy-to-use and easy-to-deploy, microprocessors and hard drives are common and used in car Global Positioning Systems (GPS), telephones, and even portable video game systems. Black Hat Physical Device Security looks at the risk involved with network hardware, home security, security installation companies, biometric devices, and much more. This is the book that answers the questions:
- How can I protect against physical device exposures if I already have these systems in place?
- How do I factor risk from not having a secure method of communication over a network that is not trusted?
- I have one or more tools that I use to test for these types of exposures in software and hardware that we manufacture. Do I need to do more than that?
- So much of the data that I would record through monitoring can be spoofed, so why record it at all?
- Can you break any embedded device with physical access?
- If we place high-level communication processes within our devices, isn’t that creating more problems then simply plugging wires that carry raw signals into these devices?
- And many more…
"There are many misconceptions about security and the quality of products in the world. This book offers a larger perspective on the details of why those misconceptions exist. We must often dig deep to find these flaws and sometimes review explicitly technical processes. At the same time, surrounding these technical details are demonstrated concepts of trust and assumption that have plagued products in the past, present, and surely in the future. Some texts may demonstrate a problem and a precise solution to that problem. This book offers the understanding of how and also why. It takes the reader from looking at any product, software or hardware, and integrates perspectives specific to trust and reliance upon technologies, which, by design, were never intended to supply a secure infrastructure. You will also see the reasons why these technologies fail; trust and assumption.
Recent intrusions into network and wireless infrastructures are just mere examples of products; however functional they may be, that, in general, lack any quality assurance specific to the types of attacks that are reviewed within this book."
--Drew Miller, Author
Table of Contents
The Enveloping Paradigm
Inheriting Security Problems
Information Security
Mitigating Exposures
Monitoring Software Exposures
Taking a Hard Look at Hardware
Authenticating People
Monitoring and Detecting Deviations
Notifying Systems
Terms In Context
Factoring By Quadratic Relationships: A Construction
Factoring Source Code For Fun
ABOUT THE AUTHORS
Drew Miller is an independent security consultant, and teaches and lectures abroad on defensive security methodologies and application attack detection. For the last several years, Drew has developed state-of-the-art training courses for software engineers and security analysts, presenting at the Black Hat, Inc. security conventions. His specialties include modeling strategies of defensive programming to ensure stability, performance and security in enterprise software. Drew has worked at many levels of software development, from embedded operating systems, device drivers and file systems at Datalight Inc. to consumer and enterprise networking products such as Laplinks, PCSync and Cenzic Hailstorm.
Rob Shein, also known as Rogue Shoten, currently works for EDS as a member of their penetration testing team in Herndon, Virginia. Rob has worked in the IT field for approximately a decade, with the past six years focused on information security. He learned to program at the age of eleven, and computers have been a passion of his ever since. His experience includes doing hard time at Network Solutions, followed by VeriSign, where he was a member of the FIRE Team, providing incident response, vulnerability assessment, risk mitigation and penetration testing services. He also served on a red team at Titan, during which time he did work he's not supposed to even talk about to himself. Work in recent years has included consulting to several Fortune 100 corporations, USDA, the Treasury Department, and the United States Army. Rob has presented at several conferences, including DefCon and e-Gov.
|
|
