BLACKHOLE.sk

Knihu Craig A Schillera (CISSP-ISSMP, ISSAP) ktorý je CISO pre Portland State University a prezident Hawkeye Security Training, LLC by nemali minúť ľudia so záujmom o security.
V knihe sa venu je rôznym oblastiam, Botnet sieťam, XSS (teórií aj typom a spôsobom útokov) Ochrane kritických častí infraštruktúrý (Process Control and SCADA), platobným a bankovým transakciám (Payment
Card Industry (PCI)), VoIP protokolom, Sociálnemu inžinierstvu a tiež risku zneužitia ovládačov HW.

Pre ukážku citát z kapitoly o BotNet:

A botnet is adaptive; it can be designed to download different modules to exploit spe-
cific things that it finds on a victim. New exploits can be added as they are discovered.This
makes the job of the antivirus software much more complex. Finding one component of a
botnet does not imply the nature of any of the other components because the first compo-
nent can choose to download from any number of modules to perform the functionality of
each phase in the life cycle of a botnet. It also casts doubt on the capability of antivirus soft-
ware to claim that a system is clean when it encounters and cleans one component of a
multicomponent bot. Because each component is downloaded when it is needed after the
initial infection, the potential for a system to get a zero day exploit is higher. If you are in an
enterprise setting, you take the risk of putting a bot back into circulation if the effort to
clean the malicious code isn’t comprehensive. Rather than take that risk, many IT depart-
ments opt to re-image the system from a known clean image.

pokiaľ máte ku knihe nejaké otázky pm ( :) )