Below I maintain a Q&D Mini Book Review of books that I've recently read. I try to keep these to about a paragraph. I'm trying to squeeze in at least two books per month in various fields that I personally enjoy working in as well as studying [networking, security, hacking, PKI, cryptography, reverse engineering, forensics, pentesting, programming, python, Mac OSX, bash, linux ... just to name a handful]... If you have any suggestions to add to my reading list please send me an email.
December 26th 2012
I just finished reading this short little 64 page chess book in my chess review queue.
THE BASICS OF WINNING CHESS (64 pages)
This book went by pretty quick and was an easy read as I am getting back into playing chess. I really haven’t played too much since high school and I wanted to dedicate some time for the remaining portion of 2012 and the rest of 2013 to beef up my chess skills. I started with youtube videos and bulking up my reading on strategies and gameplay alongside playing the computer (the native Mac chess, as well as the Android version of shredder chess). After reading the book my gameplay increased as it was a quick refresher - it also quickly reviews annotation to play out historical games as well as keep track of game pieces on the board without having to look at the board. Naturally in 64 pages you can only learn so much but this booklet brings you up to speed to move onto the next book by mentioning the light basics. It certainly left me wanting more so I’m now moving to the next logical step from the same publisher:
BEGINNING CHESS PLAY (168 pages)
December 2nd 2012
I just completed reading 'Street Cryptography:A Quick and Dirty Way to Maintain Your Secret Conspiracy' by Christopher Forrest. I was previously reading another book when this one came in the mail and myself being a cryptologist had to make it a priority to read. This book is literally hot off the press as its print date is Nov 23rd 2012 (and this mini-review was written Dec 2nd 2012)! Being 80 printed pages the book was a quick read.
In his book Christopher (aka NY Rednek) briskly takes the reader through a handful of 'pencil and paper' techniques quickly covering substitution/transposition ciphers, superencipherment and OTP. His style of introducing concepts to the reader is rather unique as it seems he is having a discussion with you through string of e-mails. In his 'Final Thoughts' egress, Christopher states this book is an introduction to the layman. However I personally think that without strong foundations that one would normally see in a basic 101 book that 'Street Cryptography' is more of an intermediate book with things that are already assumed or known; especially at the quick pace he engages the reader with.
Personally I think folks nowadays are forgetting about the old ways of crypto which don't rely on computers and this book is a great reinforcer to bring them back.
Here's more information, including resources Christopher has made available for his support crypto e-zine.
November 22nd 2012
I just completed reading 'Beautiful Security: Leading Security Experts Explain How They Think' http://shop.oreilly.com/product/9780596527488.do
I really enjoyed 'Beautiful Security'; Chapter 10 was my favorite chapter entitled ' Security by Design' by John McManus. His discussion of 'Metrics with No Meaning' really hit home and put a handle on 'metrics for the sake of metrics' and one-dimensional metrics that I often get the joy of experiencing often. Chapter 13 was my second favorite chapter 'Beautiful Log Handling by Anton Chuvakin as I love analyzing log artifacts. I found this chapter to be quite short at least for today's measure in the art and science of logging. Never underestimate the power of logs!
… and now on to reading 'Think Python: How to Think Like a Computer Scientist' http://shop.oreilly.com/product/0636920025696.do
September 22nd 2012
I just completed reading 97 Things Every Programmer Should Know: Collective Wisdom from the Experts http://shop.oreilly.com/product/9780596809492.do
"97 Things Every Programmer Should Know" was quite stimulating and brought quite a few things into light that often were shadows in the background… for example one of my favorite "things" is Olve Maudal's "Hard Work Does Not Pay Off" where there is the often forgotten applied concept of observing effects and reflecting on these observations and changing behavior (adapting) accordingly… including preparation and education - which I personally find very important and often lacking.
... and now on to reading Beautiful Security : Leading Security Experts Explain How They Think
September 3rd 2012
I just completed reading Practical Packet Analysis, 2nd Edition http://nostarch.com/packet2.htm (I picked it up August 15th)
I really enjoyed Practical Packet Analysis and learned quite a few things on leveraging Wireshark to learn more on analyzing the network communication. Before reading this book I'd spend more time using google to find out what I needed to look for in a packet when issues arose. (For as cool as google is I hate relying on google more each day - I know many folks that rely on google way too much and it's something I don't want to turn into). There is a myriad of examples included in the book and how to identify information presented in Wireshark to further diagnose and fix communication issues. Even though I've been using Wireshark forever for basic analysis I learned quite a bit about how to use it more efficiently and effectively. It also had a small chapter on security and another small chapter on WiFi. It was quite nice that the pcap files were downloadable to run through along with the book examples. I certainly recommend this book to anyone interested in basic network troubleshooting - especially with Wireshark. It's certainly easy to digest in plain English and goes through the foundations and fundamentals where 'google-ly knowledge' lacks.
To keep the brain refreshed I usually spend about an hour at the local bookstore researching what I think I'd like to read up on for the next couple of weeks and just pick something. I like to vary subject matter but most of it comes out of the computing section because that's what I love reading about. :)
... and now on to reading 97 Things Every Programmer Should Know: Collective Wisdom from the Experts http://shop.oreilly.com/product/9780596809492.do
August 15th 2012
Wewt! Just completed reading Metasploit: The Penetration Tester's Guide http://nostarch.com/metasploit
In regards to Metasploit... I'm very glad I read it - I certainly have a better understanding of it now - although it took me a while to realize the examples were using BT4 (based on screenshot timestamps and vague mention towards the ending chapters) and as explained the beginning of the book things change quickly... and was able to adapt to BT5 R3... soon to complete setting up my vlab with metasploitable2.
...and now on to reading Practical Packet Analysis, 2nd Edition http://nostarch.com/packet2.htm I've got so many queued up and time isn't going any slower... at least where I can notice it ;)