due to the re-organisaton of scribd.com (again) I had to re-organize my RSS feeds of the people I was following
so I have decided to pull them to bloglines
only those active in 2010 are taken
already around 100 founds with already more than 500 new ebooks and documents
more to come, once at a time
While I am collecting my own books online for personal use and without posting, I copy links to some of them at
No guarantee that the books will stay up for long
These are the links to free books and courses that we have published on this blog, even if most are now published in the links on furl next to this blog.
11/09/08 13:35 transatlantic consumer organisations and interoperability and open software standards
we are not sure that all the books are there but
many many different interests and subjects
- 70-297 v19 testking
- 70-298 testking
- 70-298 ms press self paced training kit
- 70-299 testking
- 70-299 testking v13
- 70-299 testking v13
- Ten questions about human error
- DBA Fundemental1
- Sybex - 70 291 Windows 2003 Network Infrastructure Implementation, Management and Maintenance
- OCP Oracle Database 10g New Features for Administrators 2004
- Windows Server 2003
- Foundations of Programming
- Implementation of the IPSec Protocol in Microsoft Windows 2003/XP Environment
- NMLWhitePaper Participatory Culture Henry Jenkins
- Ibm Entreprise Du Futur
- Mobile WiMAX : A Technical Overview
- facebook for business -9
- Disaster Management in Education
- DotNET Framework
- Software Engineering Roger Pressman
- Photoshop Cs3 Scripting Guide
- Nano Tech and Dna -SCIENTIFIC AMERICAN
- OES State of California - Business Resumption Planning Guidelines
- Web Interface & Design
- Online Journalism
- Advanced Ms Excel Manual
- introductin to c#
- 2008 State New Economy Index Kauffman
- IIA information controls
- Microsoft Portable Execution and Common Object FIle Format Specification
- Computer Glossary
- sql tutorial
- comparision of iso 9001 and cmm
- concepts of Computer
- Online Dating Guide
- Testing Techniques
- White Box Testing
- MS Word 2007 Tutorial
- How to Raise Money From VCs_2008
- Citizen Media 2007
- software testing guide book part 1
- Apress.the.Relational.dat abase.dictionary.extended .edition.jul.2008
- Databases Under Linux
- Practical Power System Protection
- 400 Puzzles and answers for Interview
- Going Digital
- Professional Java Security
- Testking version 22 - CCNA 640-802
- CCNP Iscw Portable Command Guide
- CCNA Braindump 1
- CCNA Braindump 2
- Tesking 70-290 v6.0
- Do It Yourself Computer Repair
- imp Manging & Maintaing Netwrk Infra:::2003 server
- eBook.70 284.Mspress.exchange.serv er.2003.Mcsa.mcse.Trainin g
- How the Internet Turned Us All Into Influencers_2008
- Social Media Tracker_2008
- AD Security P1v2 Final
- C# Introduction to Design Patterns Inc# JamesWCooper
- oracle forms developer - form builder reference, volume 1
- Digital Economy Factbook 2007
- A History of Science (Volume 1)
- Network Connectivity and Management
- RedHat L61IG
- Cisco CNA Exam Certification Study Guide 640-507 3rd
- Microsoft Access Tutorial-Comprehensive
- Working With Maya Mannual
- Corel Draw 10 Step-By-Step Learning eBook
- Cisco IOS commands - Router Lab & Class Reference Resource
- Probability and the Theory of Errors
2008 by Rich Cannings and Himanshu Dwivedi and Zane Lackey
Some remarks after clsosing down the book.
* I didn't know that Flash applications were that powerful and dangerous. And even more when you use them together with dns pinning.
* XSS just seems at the beginning of its road into the networks and the interactivity of websites. The possibilities seem endless.
* ActiveX needs to be secure or not allowed. Period.
The book gives a lot of code, it is nearly a manual for attackers. It gives also a lot of tips, but these seem a lot less ordened and structured. What I mean is a procedure of things you should have done and tested, a kind of checklist.
Another weakness of the book is that there is a lot of attention for the security firm of the writers and not too much at other initiatives, but I presume you also read other books and so this wouldn't influence you too much, won't it.
I wouldn't read it as a first introduction, but if you have already read some stuff about hacking web2.0 applications, than this should be your following book. And if you aren't convinced yet that you need an application firewall and a more static website without flash, activeX and the lot, than you throw this book at them.
I find it in fact a depressing book. Maybe we should send these books to all the hypers and investors of web2.0. to show them that the possibilities are unlimited.... for hackers.
By Syngress different authors
This book has been written with the first editions of Vista and with the new service pack coming along a lot of the book will be outdated but when you are in an environment where they still have to decide if the upgrade is going to be VISA or XP, you should absolutely read this book first.
After reading this book you will become convinced that even if the way to Vista can have many hardware problems (use the upgrade to throw out the old stuff also, give it to your personnel to work at home or so) it is the only way if you want to secure a network and its data without buying different products.
You want to encrypt harddisks ? Bitlocker does it. You want to control USB ports ? TPM does it ? You want to use smart-cards instead of different passwords ? Vista does it. You want to encrypt data streams in and outside the network ? Vista does that also and so and so on....
Is Vista perfect ? No. But even if I have an imperfect product that gives me the possibility to securize the whole datastream from end to end without buying different products with different installations and so on than even the most expensive Vista licence is still a bargain. I know the security industry doesn't like Vista but many products will lose their use and that is normal because you don't buy the car and the brakes seperately either.
Do not forget to read the warnings, the specialist advice and the tricks and tips and code.
This is one of THE BOOKS OF THE YEAR because once you have read this book you will go to your vendors and ask them for stats, you will go to your tech people and you will ask for stats and you will know which stats to ask for and what to with them or not.
No, not the stats that all the accountants and very expensive consultants are talking about. No not the numbers that mean nothing but are there because some insurance company still believes the metrics from the real world are usable in the online world. No real every day stats for your network and defenses that give you in a dashboard a good and complete overview of where you are and where you ought to go and how much you still have to do.
This book gives makes you fly like an eagle in the sky.
This book by Syngress (2005) is an excellent book but not because of the title but because of its very detailed and excellent explaining of the main principles of secure programming (even for embedded systems). I understand why they choose the title because the author thinks that physcial device security is most and for all the embedded software, while it may also be location and hardware change control (hack a Vista by changing parts of the hardware).
It is a very good book for programmers because it shows us in depth that you can't talk about secure programming without validation, authorisation and encryption and that for every code and every process, how small it even may be.
I presume that it would be legally too difficult to write a real book about black hat physical device security. It would however destroy so many popular premises that people would start to take notice. If people would know how insecure their wireless alarms and their credit cards were, they would be more on their guard and the industry would have to be more stringent.
This book is in its third edition I've read somewhere and it won't be its last, even as Google is trying to limit the number of malicious searches very timidly (they could do much more) and even if Googlehacking is only showing a very limited part of the online vulnerabilities. The forum by Johnny Long that started it all isn't too active anymore and every exploit has now a Google search string adapted to it. Some worms even use Google to find infectable computers.
Some parts of the book may be dated, but it stays an essential handbook for the securitypeople around here. The most important thing is not only the copying of the lists with useful searches but learning to think like a hacker that is using Google to try to do some discovery searches. There are automated tools for some of the searches but it is only the human eye and mind that will find the little snippets that have to be put together to arrive at a Google Dork that may show you the list of vulnerable sites that you were hoping for.
PS It has some very useful scripts for Google hacking that you can install for your security work.
You have to read this if you are in the first lines of defense of your network or just running around cleaning up the mess that our ISP's let go through to our networks and users. Belgium has its fair part of botnets and botnet traffic and is internationally very poor in cleaning them up according to shadowserver.org
The book gives you all the necessary information to set up some open source tools to monitor your traffic and how to analyse botnets themselves (as they are more and more tailored to a specific task or environment). Some of the information is already dated, but the fact remains that if we would chase botnets the way pedo's are chased online we would have fewer of them.
You would still need some books about patchmanagement, IDS, network sniffing, logmanagement firewall management and forensics to have a detailed view before attacking your internal and external botnets.
Network Security Assessment by Steve Manzuik, Ken Pfeil, Andre Gold by Syngress (2007) is a book that more or less does what its undertitle says, its gives you a kind of rogue methodology - procedure to go from vulnerability to patch. The undertitle should therefore be the title because a software vulnerability assessment is not a network security assessment. A network can be insecure for hundreds of reasons and software vulnerabilities are only one of them and are not always the most important ones.
I have also somehow the feeling that the book could be much less pages and that at the end they were just repeating themselves or giving information that should have been gone online (index of software distributors). The same problem with the description of the software tools that they have selected for vulnerability or patch management. You can't describe in a book in detail how it works because at the time the book is published the software has changed or isn't even available anymore. There should have been more information about how to set up scans and rescans and methodologic tracking of the situation on the net, on the firewall and on your network.
It is a good book to start with if you don't have a clue how to set up an inventory, start a vulnerability scan and plan your patch management, but you will have to buy a few more books to have a network security assessment.
belsec is not linked to any publisher or online bookseller
This book by Susan Snedaker and Russ Rogers was published in 2006 and is quite thick.
After having read the book twice I still have mixed feelings about the book. At one side it has given a lot of practical information and guidelines that weren't as concise or were too detailed in other books but at the other side I am still not sure I have a good complete book about IT security project management. I presume it is not easy to write a book about IT security project management without losing half the book at explanations and guidelines to secure your network but at the other side a book about IT security project management should have gone deeper in the project management part of its title.
The book is a very good book for those that are more or less new to the field or are looking for an eagle-view book instead of those hyperpractical and limited books that are being published like bread. It is not a good book for someone who wants a handbook from a to z if he wants to go through ITsecurity management without consultants and more reading. As an introduction to it, it is quite a nice read.
The other limitation of this book - and that is a bit silly in these networked times is that there is not one chapter that takes into account the European laws and guidelines. Maybe it is for the future but changing a few chapters depending on your continent or country wouldn't be too much to ask. But I have to say, the American laws are quite interesting - not to say fascinating - for us Europeans that have nothing comparable yet.
Belsec is not affliated with any bookshop or publisher.
You can find Free IT and other books here - but as long as the links work off course - there is no warez or rapidshare kind of stuff. It is all on sites that claim they control the copyrights o the uploaded stuff
it has an rss feed
I want to thank the professors and students first and all to make this research available for download and reading. Many other universities and researchers try to get money out of it and sell their publicly financed research as if it belongs only to their pockets. Respect for that. (my personal opinion - remember belsec has no official belsec opinions - belsec is a platform)
You will find a list of publications organised by year here and than you choose the year.
As a reminder belsec is available to distribute and announce free research and publications as long as it aren't advertorials (the so called white papers section).
|nederlandstalige thesis over cybercrime 2002|
en vooral de Belgische cybercrime wetgeving