by Michal Zalewski
April 2005, 312 pp.
View a sample chapter, Chapter 5: Blinkenlights
Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.
About the Author
Michal Zalewski is a security researcher who has worked on topics ranging from hardware and OS design principles to networking. He has published research on many security topics and has worked for the past eight years in the InfoSec field for a number of reputable companies, including two major telecommunications firms. His website is available here.
Table of Contents
PART I: THE SOURCE
CHAPTER 1: I CAN HEAR YOU TYPING
CHAPTER 2: EXTRA EFFORTS NEVER GO UNNOTICED
CHAPTER 3: TEN HEADS OF THE HYDRA
CHAPTER 4: WORKING FOR THE COMMON GOOD
PART II: SAFE HARBOR
CHAPTER 5: BLINKENLIGHTS
CHAPTER 6: ECHOES OF THE PAST
CHAPTER 7: SECURE IN SWITCHED NETWORKS
CHAPTER 8: US VERSUS THEM
PART III: OUT IN THE WILD
CHAPTER 9: FOREIGN ACCENT
CHAPTER 10: ADVANCED SHEEP-COUNTING STRATEGIES
CHAPTER 11: IN RECOGNITION OF ANOMALIES
CHAPTER 12: STACK DATA LEAKS
CHAPTER 13: SMOKE AND MIRRORS
CHAPTER 14: CLIENT IDENTIFICATION: PAPERS, PLEASE!
CHAPTER 15: THE BENEFITS OF BEING A VICTIM
PART IV: THE BIG PICTURE
CHAPTER 16: PARASITIC COMPUTING, OR HOW PENNIES ADD UP
CHAPTER 17: TOPOLOGY OF THE NETWORK
CHAPTER 18: WATCHING THE VOID
"Definitely not the everyday security book for everyday problems. You're in the target audience if you enjoy the fun of the unexpected . . . You'll have fun with this book."
Included in roundup of "Books on the latest hardware and software programs for technology directors and IT staff"
"Overall, I enjoyed reading the book, I found much of the information presented to be fascinating (and a bit scary)."
"There's plenty to like in this book if you look for the details that interest you."
"In this text the author is showing off visions and possibilities, drawing a sort of 'zen of security' that is a in-depth technical description of possible (or already started) scenarios."
Thumbs-up recommendation: "Thought-provoking... paints a sobering picture of just how hard it is to ensure any kind of privacy in the electronic age."
"Quite interesting for those who are interested in security whether it would be local security or network security."
"If you are a 'hacker' type in the old sense of the word, fond of taking things apart to see how they work, and you have any interest in security, you will probably find significant portions of this book intriguing."
Included in feature on recommended security books. Five stars: "Packs in tons of information."
"Interesting reading for full-on paranoids, hackers, and people involved in coding and security."
Interview with Michal Zalewski
"Informed and informative, thoughtful and though-provoking… enthusiastically recommended to the attention of technophiles."
"The amount of detail is stunning for such a small volume and the examples are amazing... You will definitely think different after reading this title."
"It isn’t dry and pedantic–it’s juicy and enticing. The more you read, the more you want to know… This is a marvelous book for the active mind of the intellectually curious."
Solar Designer, the book’s technical reviewer, posted "A tribute to ‘Silence on the Wire’" on The Openwall Project's site. (Read more)
Article about IE browser flaw discovered by Zalewski
Book reviewed by host
"For the pure information security specialist this book is pure gold… I
"Totally rises head and shoulders above other such security-related title… It’s hard to find a work to compare in any field of computational study, let alone security."
"An out-of-the-box, thought-provoking book that escapes the everyday
"Excellent! This is one that I would dub a "must read" for anyone
"A whirlwind of deep technical information that gets to the very
"Deserves the widest possible readership for its powerful message on
"It is not a security text, by any means, but rather a series of
"A very good introduction to the intricacies of certain security
Article entitled, "Analyzing esoteric attacks highlights where security
Included in book roundup in Tech Talk column: "offers true insight into
"Read this to expand your horizons, not to solve today's issue… The book
Q&A with Michal Zalewski; follow up to book review from previous week
"A refreshing departure from most technical books… demonstrates how to
9/10 ranking: "Adds an innovative twist to otherwise boring aspects of network security... The descriptions of indirect attacks that can be waged on computer systems or networks alone are worth the cost, as they will provide hours of enjoyable reading for any self-proclaimed security enthusiast."
"What makes this book a must-read for sysadmins are the clear explanations and practical insights into the technologies that we manage. What makes it a joy to read are the author's appealing humility,
Silence on the Wire "has fundamentally changed the way I look at many things in my day-to-day computing existence."
"I was hooked… I give this book a 7 out of 10 for an interesting read."
"Zalewski's explanations make it clear that he's tops in the industry."
"This unconventional book follows the story of a piece of information from the first key-press all the way to the remote party at the other end of the wire."
"The discovery of a technical book in this style is cool... Getting in the head of someone who knows how to do [passive reconnaissance] can be a challenge unless they choose to reveal how they think and observe. This book is one of the rare opportunities to peek inside."
"[Zalewski] takes you on a tour that is enlightening and fun. You'll learn a boatload of stuff that people rarely cover, and you'll find that this opens up new avenues for you."
"Always good-natured in its attempt to show the relationship between mathematical theory and methods of attack."
"An eye-opening technical look at what sophisticated analysis can reveal about the wild, wild Net and the people who use and abuse it."
"A thoughtful, clever analysis of how things work... If you're a security type, you don't want to miss this one."
"If you work in information warfare, this should be mandatory reading! If you are responsible for very high value targets... it is imperative that you read Zalewski's work page by page."
"You'll definitely treasure this volume... fills a gap in the security library that most people don't even realize exists."
"Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there."
"What I particularly liked is the author's attention to detail. I'd start reading a chapter and think, 'Yeah, I know this,' but then realize that he was just leading me through the basics because he had something important and interesting to say that I probably did NOT know... and that was usually true."
"More narrative than reference work, this book will be riveting reading for security professionals and students as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."
"This book will be riveting reading for security professionals and students as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."