With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors. You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.

• Learn how "inside out" techniques can poke holes into protected networks

• Understand the new wave of "blended threats" that take advantage of multiple application vulnerabilities to steal corporate data

• Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited

• Prevent attacks against the mobile workforce and their devices containing valuable data

• Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants

• Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 7 Ratings

Great Book! - 2009-12-12
Reviewer Rating:
This is a great read if you are interested in understanding what types of things make your systems and identity vulnerable to hacking. I basically read it cover to cover in a single sitting, I could not put it down. This is not a book that tells you how to secure your systems against various threats, but rather explains in detail how threats arise and how they are exploited. If you are a software professional interested in building secure systems or just interested in how to protect yourself online I highly recommend this book.

Everything you would expect from the title - 2009-10-26
Reviewer Rating:
Hacking The Next Generation

This was a very well written book. The authors did a great job of mixing technical and non-technical attack vectors. I felt the flow of the book was very well done, keeping the reader engaged the entire time. The authors gave enough information on each topic to get you started, but did not inundate you with the minute details that can get overwhelming. In many chapters of the book the authors use scenarios to relate the reader to a topic. This method helped me grasp a few of the concepts that may have otherwise taken a second or third read.

In most of the sections that described technical attack vectors the authors gave links to tools that would help the reader perform that specific attack. Not only is this a great way to help the reader increase their tool set, it allows the reader to put into practice what was just read.

Chapter 2: Inside-Out-Attacks is an example of how every technical topic should be taught. The authors used scenario based writing mixed with technical details that really help the reader grasp the concept. Again, these are not littered with enough technical detail to understand in-depth how these attacks work, but they will give you a general understanding of each topic.

Chapter 7: Infiltrating the Phishing Underground was my favorite in the book. The author did a great job of relating how the underground works, how you get in contact with people, and how the act of phishing transpires. I was amazed to read how templates are shared, how they are put in place, and how the phishing crowd feel about each other.

Chapter 5: Sharing the Cloud with Your Enemy was not really what I expected. I was hoping to hear of some new attack vectors, but didn't seem to get that. It was a great reminder of the risks to companies that use shared resources, and allow other administrators to control those resources, but this all seemed like common knowledge.

Overall this book was great. The content seemed very fresh, and where it was overlap from previous readings the authors seemed to put a new spin on old ideas. If you are looking for a book that will teach you step by step how to hack a website, or steal some credit cards, this book is not for you. This book is a great overview of multiple attack vectors, giving broad overviews of each one.

Wayne Gipson, CISSP, CISA

A Good Introduction to Today's Top Threats - 2010-01-13
Reviewer Rating:
It's almost clichGÇÜ to talk about how quickly things change in the IT world. When you're talking about IT security, though, "quickly" is an understatement. Why, then, do many of today's "hacking" books seem like they might have been written in 1999? Attackers have progressed beyond the scan-and-exploit phase; shouldn't your understanding of the threatscape evolve to match?

That is precisely the premise of "Hacking: The Next Generation." In fact, the title is a bit of a misnomer. It's not talking about the next generation of hacking at all; it's talking about the *current* one, albeit a generation of hacking that many security organizations haven't caught up with yet.

I first saw this book in the store, and a quick glance through the Table of Contents got me pretty excited. I saw topics like mobile security, the phishing underground, targeted attacks against company executives and (the big selling point for me) attacks against cloud computing. In fact, I was so excited to read it that I ordered it from Amazon on the spot, through my phone. After having read this book, I can say that it lived up to most of my expectations.

First off, this is a book about high end attackers, professionals who select their targets carefully, do their research and have a clear goal in mind. The authors' focus seems to be primarily organized crime, but they also cover motivated insiders and to a much lesser extent, nation-state actors. Collectively, these types of attackers are known in the trade as "Advanced Persistent Threats", or "APT".

Secondly, I really liked the fact that the book emphasizes what I will call an intelligence-based approach. APT is notorious for doing their homework and uncovering a shocking amount of information about their targets before the attack itself ever even begins. It's appropriate, therefore, that the book begins with a chapter on information gathering via search engines and other public sources. It also has an entire chapter describing how an attacker could use this public information to identify likely targets in an organization and map out their social and professional connections to identify potential weaknesses to exploit via social engineering.

One of the standout chapters was Chapter 5 ("Cloud Insecurity: Sharing the Cloud with Your Enemy"). There are many definitions of "cloud" computing, the this chapter picks two leading examples (Amazon's EC2 and Google's App Engine) and discusses how these services work and several ways an attacker with access to these same public clouds could begin to attack systems deployed there. Even if you have no experience with cloud computing, this chapter provides enough background to allow you to understand and evaluate the risks that the authors bring to light.

There are a few areas for improvement in this book, though, that kept me from being able to assign a full five stars to this review. For a book about the "next" generation of hacking, many parts read like they could have been written 5, 10 or even 15 years ago. Chapter 3 ("The Way it Works: There is no Patch") discusses password sniffing, email spoofing and ARP poisoning, all techniques that are over a decade old. Although they are still seen in the real world, each of them has been covered better elsewhere. This chapter is just a glaring anachronism compared to some of the others, and it detracts from the "Next Generation" focus in a very distracting way.

Chapter 6 ("Abusing Mobile Devices") is also pretty weak. In a "Next Generation" chapter on mobile devices, I expected to see coverage of iPhones, BlackBerries and other popular smart phones. Instead, the authors' chose to focus on laptops and insecure Wi-Fi access. If you really want to know how to spoof an access point to read someone's email in the local Starbucks, I'd suggest buying another book that covers the topic in more detail. As it is, I was very disappointed that the authors chose to waste space on this topic when there are much more modern techniques being used in the real world.

Overall, "Hacking: The Next Generation" is a solid overview of the techniques used by some of today's top threats. It provides a good overview of the kind of intelligence-driven attacks you're likely to see from APT. Although parts of this book seem like they're looking backwards rather than forwards, the rest of the book more than makes up for those flaws.

No serious programmer should be without this expose - 2010-01-11
Reviewer Rating:
Also recommended for such a collection is Nitesh Dhanjani, Billy Rios and Brett Hardin's HACKING: THE NEXT GENERATION, a survey of hacking and internet issues and emerging attack vectors. From new hacks that try to exploit technical flaws to hacks from individuals via social networking sites and abuse in cloud formations, no serious programmer should be without this expose.

What's in the Mind of Hackers - 2009-10-22
Reviewer Rating:
Reviewer: Dave Roman, GCPCUG member

The 10 chapters in this book are very informative as well as interesting. It's a read for every corporate security employee.

The author first talks about intelligence gathering in the first chapter. You must find out all the information possible about the company and its people. They might be able to help you. It's called social engineering.

Chapter 2 is about using an insider that you found in your intelligence gathering. The insider or employee might have the information you need. Cultivate these people.

Chapter 3 is about network protocols and their weaknesses. He talks about exploiting these weaknesses.

Most computers are loaded with various types of software and he talks about how to exploit these complexities in Chapter 4.

Cloud computing is the next generation of computing. In Chapter 5 he discusses how hackers are positioning themselves to take advantage of Cloud.

Chapter 6 is all about mobile devices and how to abuse them.

Have you ever gone phishing? That's what this chapter is all about. Try to understand the criminal mind and why they are phishers of men!

Chapter 8 is titled "Influencing Your Victims". The author claims that it is sometimes easier to influence and manipulate a human being then it is to try to exploit a vulnerable point in a computer system. He looks at crafty techniques attackers employ to discover information about people to influence them.

Hacking Executives: Can Your CEO Spot a Targeted Attack? is an interesting title for the Ninth chapter. The reason hackers attack high level people like CEOs is that they usually have high security information on their laptops or office computer. He gives a few scenarios as examples.

Chapter 10 presents two scenarios on how a determined hacker can cross pollinate vulnerabilities from different processes, systems and applications to compromise businesses and steal confidential data.

A good book to read if you want into the mind of a hacker.

Browse Similar Topics

Top Level Categories:
Enterprise Computing
Internet/Online
Networking

Sub-Categories:
Enterprise Computing > Security
Internet/Online > .Net
.Net > Security
Networking > Security