A secure democratic Net is a fundamental right

due to the re-organisaton of scribd.com (again) I had to re-organize my RSS feeds of the people I was following

so I have decided to pull them to bloglines

only those active in 2010 are taken

already around 100 founds with already more than 500 new ebooks and documents

http://www.bloglines.com/public/ekz

more to come, once at a time

enjoy

Nicolo Machiavelli - The Prince one of the classics about power and the abuse of it

While I am collecting my own books online for personal use and without posting, I copy links to some of them at

ebooks.skynetblogs.be

No guarantee that the books will stay up for long

These are the links to free books and courses that we have published on this blog, even if most are now published in the links on furl next to this blog.

23/12/08 00:21 christmas 1500 books to download from scribd

12/11/08 10:30 Complete cheat sheet collection to download 

11/11/08 10:04 birthdaylink : where to get ebooks

11/11/08 09:46 Free courses on the web, organised 

15/10/08 14:21 Free magazine Uninformed Nr 10 

30/09/08 12:21 Attention to all report and presentation writers : get back to text please 

24/06/08 12:27 Free ebook about public and expert opinion research tools

17/08/08 16:45 The art of war : interesting read ? 

05/08/08 15:55 Some MIT open Courses for summer study

20/06/08 08:29 Cursus besturingssystemen 

20/06/08 08:27 Cursus Veilige software door Prof Naessens (Belgische EID studie)

20/06/08 08:26 developing secure software applications by Frank Piessens

03/01/08 11:01 How the US army discusses and trains about cybercrime

21/11/08 16:15 proceeding LISA Large Installed System Administration Congress 

26/10/08 22:36 European Report on internet traffic 

20/10/08 10:34 Cyber threats 2009 report 

16/10/08 12:38 Presentations European conference on the Internet of things (RFID) 6/7 october 08

16/10/08 12:16 SOA security : interesting working group in UK

25/09/08 16:35 PEW study about internet and work in the US, very interesting study

12/09/08 09:54 NIST publishes free guide for information security and risk categorisation

12/09/08 09:45 CIS tries to define global security metrics

12/09/08 17:11 New good document about dataprotection for ITsecurity people

11/09/08 13:35 transatlantic consumer organisations and interoperability and open software standards 

20/01/08 11:30 Interesting documents from BCIE.Be Belgian experts forensics

we are not sure that all the books are there but

mailforlen.googlepages.com/start   try for yourself

many many different interests and subjects

1. 70-297 v19 testking
2. 70-298 testking 
3. 70-298 ms press self paced training kit 
4. 70-299 testking 
5. 70-299 testking v13 
6. 70-299 testking v13 
7. Ten questions about human error  
8. DBA Fundemental1
9. Sybex - 70 291 Windows 2003 Network Infrastructure Implementation, Management and Maintenance
10. OCP Oracle Database 10g New Features for Administrators 2004
11. Windows Server 2003
12. Foundations of Programming
13. web3.0
14. Implementation of the IPSec Protocol in Microsoft Windows 2003/XP Environment
15. NMLWhitePaper Participatory Culture Henry Jenkins
16. Ibm Entreprise Du Futur
17. Mobile WiMAX : A Technical Overview
18. facebook for business -9
19. Disaster Management in Education
20. DotNET Framework
21. Software Engineering Roger Pressman
22. Photoshop Cs3 Scripting Guide
23. Nano Tech and Dna -SCIENTIFIC AMERICAN
24. OES State of California - Business Resumption Planning Guidelines
25. Web Interface & Design
26. Online Journalism
27. Advanced Ms Excel Manual
28. introductin to c#
29. 2008 State New Economy Index Kauffman
30. IIA information controls
31. Microsoft Portable Execution and Common Object FIle Format Specification
32. Computer Glossary

1. sql tutorial
2. comparision of iso 9001 and cmm 
3. concepts of Computer 
4. Online Dating Guide 
5. Testing Techniques 
6. White Box Testing 
7. MS Word 2007 Tutorial 
8. How to Raise Money From VCs_2008 
9. Citizen Media 2007 
10. software testing guide book part 1 
11. shell-scripting 
12. DHTML.utopia.modern Web.design Using Javascript and DOM (2005) 
13. Apress.the.Relational.dat abase.dictionary.extended .edition.jul.2008 
14. Databases Under Linux 
15. Practical Power System Protection 
16. 400 Puzzles and answers for Interview 
17. Going Digital 
18. Professional Java Security 
19. Testking version 22 - CCNA 640-802 
20. CCNP Iscw Portable Command Guide 
21. CCNA Braindump 1 
22. CCNA Braindump 2 
23. Tesking 70-290 v6.0 
24. Do It Yourself Computer Repair 
25. imp Manging & Maintaing Netwrk Infra:::2003 server 
26. eBook.70 284.Mspress.exchange.serv er.2003.Mcsa.mcse.Trainin g 
27. How the Internet Turned Us All Into Influencers_2008 
28. Social Media Tracker_2008 
29. AD Security P1v2 Final 
30. TCPIP_2003 
31. C# Introduction to Design Patterns Inc# JamesWCooper 
32. oracle forms developer - form builder reference, volume 1 
33. Digital Economy Factbook 2007 
34. A History of Science (Volume 1) 
35. Network Connectivity and Management 
36. RedHat L61IG 
37. Cisco CNA Exam Certification Study Guide 640-507 3rd 
38. Microsoft Access Tutorial-Comprehensive 
39. Vulnerabilities 
40. Working With Maya Mannual 
41. Corel Draw 10 Step-By-Step Learning eBook 
42. Cisco IOS commands - Router Lab & Class Reference Resource 
43. Probability and the Theory of Errors  

more books

more books

more books

more books

more books

more books

I didn't upload any of these books and I even don't know if they are still online. You just use it for educational or test purposes. For the rest it is just a linkcollection. Some french and dutch books included. All at least 50 pages.

2008  by Rich Cannings and Himanshu Dwivedi and Zane Lackey

Some remarks after clsosing down the book.

* I didn't know that Flash applications were that powerful and dangerous. And even more when you use them together with dns pinning.

* XSS just seems at the beginning of its road into the networks and the interactivity of websites. The possibilities seem endless.

* ActiveX needs to be secure or not allowed. Period.

The book gives a lot of code, it is nearly a manual for attackers. It gives also a lot of tips, but these seem a lot less ordened and structured. What I mean is a procedure of things you should have done and tested, a kind of checklist.

Another weakness of the book is that there is a lot of attention for the security firm of the writers and not too much at other initiatives, but I presume you also read other books and so this wouldn't influence you too much, won't it.  

I wouldn't read it as a first introduction, but if you have already read some stuff about hacking web2.0 applications, than this should be your following book. And if you aren't convinced yet that you need an application firewall and a more static website without flash, activeX and the lot, than you throw this book at them.

I find it in fact a depressing book. Maybe we should send these books to all the hypers and investors of web2.0. to show them that the possibilities are unlimited.... for hackers. 

By Syngress different authors

This book has been written with the first editions of Vista and with the new service pack coming along a lot of the book will be outdated but when you are in an environment where they still have to decide if the upgrade is going to be VISA or XP, you should absolutely read this book first.

After reading this book you will become convinced that even if the way to Vista can have many hardware problems (use the upgrade to throw out the old stuff also, give it to your personnel to work at home or so) it is the only way if you want to secure a network and its data without buying different products.

You want to encrypt harddisks ? Bitlocker does it. You want to control USB ports ? TPM does it ? You want to use smart-cards instead of different passwords ? Vista does it. You want to encrypt data streams in and outside the network ? Vista does that also and so and so on....

Is Vista perfect ? No. But even if I have an imperfect product that gives me the possibility to securize the whole datastream from end to end without buying different products with different installations and so on than even the most expensive Vista licence is still a bargain. I know the security industry doesn't like Vista but many products will lose their use and that is normal because you don't buy the car and the brakes seperately either.

Do not forget to read the warnings, the specialist advice and the tricks and tips and code.

This is one of THE BOOKS OF THE YEAR because once you have read this book you will go to your vendors and ask them for stats, you will go to your tech people and you will ask for stats and you will know which stats to ask for and what to with them or not.

No, not the stats that all the accountants and very expensive consultants are talking about. No not the numbers that mean nothing but are there because some insurance company still believes the metrics from the real world are usable in the online world. No real every day stats for your network and defenses that give you in a dashboard a good and complete overview of where you are and where you ought to go and how much you still have to do.

This book gives makes you fly like an eagle in the sky.

This book by Syngress (2005) is an excellent book but not because of the title but because of its very detailed and excellent explaining of the main principles of secure programming (even for embedded systems). I understand why they choose the title because the author thinks that physcial device security is most and for all the embedded software, while it may also be location and hardware change control (hack a Vista by changing parts of the hardware).

It is a very good book for programmers because it shows us in depth that you can't talk about secure programming without validation, authorisation and encryption and that for every code and every process, how small it even may be.

I presume that it would be legally too difficult to write a real book about black hat physical device security. It would however destroy so many popular premises that people would start to take notice. If people would know how insecure their wireless alarms and their credit cards were, they would be more on their guard and the industry would have to be more stringent.

This book is in its third edition I've read somewhere and it won't be its last, even as Google is trying to limit the number of malicious searches very timidly (they could do much more) and even if Googlehacking is only showing a very limited part of the online vulnerabilities. The forum by Johnny Long that started it all isn't too active anymore and every exploit has now a Google search string adapted to it. Some worms even use Google to find infectable computers.

Some parts of the book may be dated, but it stays an essential handbook for the securitypeople around here. The most important thing is not only the copying of the lists with useful searches but learning to think like a hacker that is using Google to try to do some discovery searches. There are automated tools for some of the searches but it is only the human eye and mind that will find the little snippets that have to be put together to arrive at a Google Dork that may show you the list of vulnerable sites that you were hoping for.

PS It has some very useful scripts for Google hacking that you can install for your security work.

Syngress, 2007

You have to read this if you are in the first lines of defense of your network or just running around cleaning up the mess that our ISP's let go through to our networks and users. Belgium has its fair part of botnets and botnet traffic and is internationally very poor in cleaning them up according to shadowserver.org

The book gives you all the necessary information to set up some open source tools to monitor your traffic and how to analyse botnets themselves (as they are more and more tailored to a specific task or environment). Some of the information is already dated, but the fact remains that if we would chase botnets the way pedo's are chased online we would have fewer of them.

You would still need some books about patchmanagement, IDS, network sniffing, logmanagement firewall management and forensics to have a detailed view before attacking your internal and external botnets.