I’ve been meaning put out a post ever since our failed book giveaway attempts last year (here, here, and here). Then over the weekend Richard Bejtlich (@taosecurity) put out a bunch of reviews on several infosec classics. I happened to have three of those so it looked like a great time to try to pass these books onto someone else. Below are the books with part of Richard’s review and my comments.
Code Version 2.0: “Code Version 2.0 (CV2) is a compelling and insightful book. Author Lawrence Lessig is a very deep thinker who presents arguments in a complete and methodical manner. I accept his thesis that “cyberspace” has abandoned its tradition as an ungovernable, anonymous playground and risks becoming the most regulated and “regulable” “place” in which one could spend any time. …” (full review) (TaoSecurity Rating: 4 of 5 stars)
Although Richard seemed to like this book and found it very “compelling and insightful” I found it quite a bore. Now I do only have Version 1.0 so maybe it’s been spiced up over the past several years. About the only time I look at this book is when I can’t sleep. Within about 5 minutes I’m out. 🙂 I’m not saying it’s bad … but it’s probably just a little too theological for my taste. (Grecs Rating: 1 of 5 stars)
Crypto: “Steven Levy’s ‘Crypto’ is a fascinating look at part of the story of modern cryptography, at least from the point of view of key non-government cryptographers. The author clearly conducted plenty of research into the lives of certain individuals, such as Whit Diffie and Marty Hellmen, the RSA trio, and other entrepreneurs. …” (full review) (TaoSecurity Rating: 4 of 5 stars)
I really enjoyed this book and agree wholeheartedly with Richard on this one. I would almost give it five stars over Richard’s four. This is one of the few books from my early 2000s infosec classes that I actually couldn’t put down. It was very interesting to see the basis on which most of today’s crypto is based. (Grecs Rating: 5 of 5 stars)
The Cuckoo’s Egg: “Cliff Stoll’s ‘The Cuckoo’s Egg’ (TCE) is the best real-life digital incident detection and response book ever written. I know something about this topic; I’ve written books on the subject and have taught thousands of students since 2000. I’ve done detection and IR since 1998, starting in the military, then as a consultant and defense contractor, and now as director of IR for a Fortune 5 company. …” (full review) (TaoSecurity Rating: 5 of 5 stars)
Totally agree again with Richard on this one … another story I couldn’t put down. One of the more fascinating aspects of this book is seeing how attackers are using the same basic concepts today as they did over 30 years ago. (Grecs Rating: 5 of 5 stars)
Well … that is it for the books I’ll be passing along. To enter to win these three slightly used books, all you need to do is tweet the following:
“I want 2 win 3 @taosecurity recommended books from @grecs. #infosecclassics http://bit.ly/cUiA4K”
The contest will run for two days through today and Tuesday. At that time I will randomly pick someone and contact them to arrange delivery.