by Susan Hansche, John Berti, Chris Hare

The book is at the present time a 1. edition and furthermore written by three people and it shows. It needs a rewrite and removal of a lot of typos and errors.

If your are studying fr the CISSP exam you should only get this book as a second book. But I would recommend it as a second book. It covers material that Shon Harris book does not and you are well prepared if you have studied both.

An OK read.

by Shon Harris

If you are studying for the CISSP exam this is the book to get. It is excellently written and easily read which is an accomplishment given the subject.

It comes with a CD-rom with test exams and a video of a RSA lecture.

Coverage of wireless security is a bit weak and a 3. edition would make it perfect.

Highly recommended.

Thinking Sensibly about Fear in an Uncertain World

by Bruce Schneier

A brilliant book on risk analysis in the wake of the 9/11 bombings.

We make poor trade-offs, giving up much in exchange for very little security. We sorround ourselves with security countermessuares that give us a feeling of security rather than the reality of security. We deceive ourselves by believing in security that doesn't work.

Wired calls Schneier "one of the world's foremost security experts". That is most likely true.

Highly recommended.

Big Ideas from the Computer Age

by Paul Graham

A series of essays on programming and hacking (not the cracking kind).

The first part of the book is on hackers, nerds and the American school system, and getting rich. This part of the book is somewhat simplistic and annoying. The second part is about programming languages noteably Lisp. This is a subject where Graham really knows his stof and accordingly this is by far the best part of the book. So read it for this part.

Hackers & Painters comes highly recommended. I seriously doubt, though, that say Lawrence Lessig and David Weinberger really took the time to read all of it. It is worth reading but its is not that brilliant.

An interesting read.

How to Own the Box

by Ryan Russell, Tim Mullen, FX, Dan Kaminsky, Joe Grand Ken Pfeil, Ido Dubrawsky, Mark Burnett, Paul Craig

A series of fictional accounts of cracking, defending or analysing networks complete with code for the exploits.

An atmossphere book that reads easily with some cool notions but in all not a great book.

Essays on the Culture of Software

by Matthew Fuller

A collection of essays on the culture of software and the possibilities of technology.

Since the languages are pre-existing, everything that can possibly be said in them, every program that could possibly be constructed in them, is already inherently pre-existent within them. Programming is a question of teasing out the permutations within the dimensions of specific languages or their combinations. That it is never only this opens up programming to its true power - that of synthesis.

I gave up after 70 pages of this babble.

How Linux and the Free Software Movement Undercut the High-Tech Titans

by Peter Wayner

It is true to the myth of open source but it does contain inaccuracies that allthough they do not matter much are still inaccuracies. Things like Torvalds rejecting Minix because the GPL had taken root in Torvald’s brain, and he saw the limitations in charging for software. Wayner also has a tendency to be a bit simplistic to make a point.

Furthermore, some of the more speculative parts are a bit dated since the book was published in 2000.

But it is a great book that I can only recommend. I would still, though, recommend Moody’s Rebel Code to it if you only want to read one book. If you, however, are particularly interested in the BSD-side of the story you might choose Free for All.

… Cooperating is so much easier than fighting that people have big incentives to stay together. If it weren’t so selfish, it would be heartwarming.

There is an online version available.

Recommended.

Principles & Practices

by Mark G. Graff, Kenneth R. van Wyk

An excellent management level book on secure programming.

Thorough and detailed. Everyone involved in programming should read it.

Paul Vixie, publisher of BIND, wrote:

If this book had existed when I was learning C in the early 1980s, then I might not now hold the record for 'most CERT advisories due to a single author.'

Recommended.

An Irreverent Investigation of the World's Richest Man ... and the People Who Hate Him

by Gary Rivlin

Everybody loves to hate Bill Gates. This book is about Gates and the people who made it their mission to bring him down - people like Larry Ellison of Oracle, Scott McNealy of Sun and many more - in short about what Nathan Myhrvold of Microsoft calls Captain Ahab's Club, what is usually know as NOISE (Netscape, Oracle, IBM, Sun and Everybody else), and the disease that Esther Dyson has dubbed Bill Envy.

The book is highly entertaining and tells the story of computing in the 90s with numerous references to Melville's Moby Dick.

The things we admire in men, kindness and generosity, openness, honesty, understanding and feeling are concomitants of a failure in our system. And those traits we detest, sharpness, greed, acquisitiveness, meanness, egotism, and self-interest are the traits of success. And while men admire the wuality of the first they love the produce of the second.

'Doc' in John Steinbeck's Cannery Row

Highly recommended (even though even a history book on computing published in 1999 by definition is outdated).

The Original and Ultimate Destiny of the World Wide Web by Its Inventor

by Tim Berners-Lee

The story of the web from Berners-Lee's first vision of a decentralised, organic development of ideas, technology, and society through the Internet - as we now it today - to the future of the semantic web.

An indispensable piece of Internet history.

Highly recommended.

Heroes of the Computer Revolution

by Steven Levy

The story of the computer revolution from the true hackers of MIT in the 1950s to the game hackers of the 1980's.

Hackers was published in 1984 and the only real update is a 6 page afterword written in 1993. So you can imagine how outdated this book is. Or to be fair it is not outdated it is just not updated.

You should only read this book if you are really interested in the history of computers. Read Fire in the Valley in stead.

Linux and the Open Source Revolution

by Glyn Moody

The story of the open source revolution. An honest and detailed account telling the full story - good and bad.

The Washington Post wrote:

Riveting ... a superlative book.

Eric Raymond wrote:

The best history of the open source movement I have yet seen.

I fully agree. You should read this book.

Highly recommended.

Secrecy and Privacy in the New Code War

by Stephen Levy

The story of electronic encryption from Whitfield Diffie to Phil Zimmermann with an epilogue on the British intelligence agents (if you could call them that) at the Government Communication Headquarters (the British NSA) that actually invented public key cryptography.

A very interesting read that is also much more relevant than Steven Levy's Hackers.

Easy on theory. If you are interested in the theory of cryptography The Code Book is a better choice.

The Times wrote:

A compulsive page-turner ... required reading for the age.

Highly recommended.

Attacks and Defense

by Stuart McClure, Saumil Shah, and Shreeraj Shah

A horrorble title for an otherwise serious security book by the author of the best selling Hacking Exposed.

Web Hacking is more accessible than Hacking Exposed without being a how-to for script kiddies. The book assumes a certain level of knowledge for instance in web-programming.

The problem is that a lot of programmers do not think in terms of security while programming. This book will show you how to avoid some of the pitfalls of web-programming.

Recommended.

What every CEO needs to know about the key technology for the digital economy

by Bertholf Daum and Chris Horak

Software AG calls this book "Denmarks most read management book ". I hope not.

To keep it short: This book is worthless. If you know nothing about XML get someone to tell you the basic. If you know just a little bit you will learn nothing new.

How is this for a single sentence summery (page 29):

XML continues to develop: stay tuned!

or this (page 56):

XML will facilitate massive data warehouses leading to new insights and understanding.

Do not waste your time reading 85 pages of XML sales talk.

the names and faces behind the dot com era

by Louise Proddow

I got Heroes.com on sale thinking it might be good for a laugh. It is good for a laugh but mostly it is just sad.

Published in june 2000 it has pictures and short interviews with dotcom heroes like Kajsa Leander of Boo(hoo).com but also Scott McNeally and Michael Dell.

From the cover of the book:

Essential reading for anyone who wants to create an Internet start-up or .com ... 100 ways to be a dot com hero.

I think not. Steer clear!

By the way the accompanying website, www.dotcomheroes.com, has apparently been taken down. Can you blame them?

Controlling the Human Element of Security

By Kevin D. Mitnick & William L. Simon

I do not really know how to describe this book with its strange mixture of fact and fiction. 2/3 of the book are stories of social engineering in all forms and shapes. That gets a bit long and tedious long before you have finished the 245 pages of it.

The rest of the book consists of recommendations for raising the bar. A long list of things to do if you want to tighten security at your company.

So does social engineering really work? Yes, my guess is that most people will not know what hit them even if you ask them afterwards.

At the very least you should be convinced by Mitnick talking Steve Wozniak into writing the foreword (Kevin Mitnick is one of the finest people I know) and Wiley Publishing, Inc. into publishing what I consider a weak book on security. There are of course a few good points but they are too few and too far apart.

The leading Danish financial newspaper, Børsen, wrote that it should be required reading for people with an IT security responsibility. I can only say that if you have an IT security responsibility and still need to read this book you are most likely in deep trouble.

You should only bother reading The Art of Deception if you know next to nothing about the human aspect of security and then only if you really think you are safe.

by Po Bronson

Wired journalist Po Bronson tells the stories of Silicon Valley. Amusing and interesting.

As Yares had said to me in the car (as sweetly as if he were quoting Robert Frost), “to sell software is to ask people to willfully become temporarily incompetent” – and men hate to look incompetent.

Recommended.

by Kent Reisdorph

An old book (1998) that is still worth reading as an introduction to C++ programming with Borland C++ Builder.

The book also teaches you the basics of C++, classes, and object oriented programming.

This book suffers from all the usual shortcomings of the Sams' Teach Yourself series: lots of pages, not enough information. In short, you should read this book if you do not know C++ and you want to learn it using the Borland C++ Builder.

A Work of Scientific Speculation

by John L. Casti

Casti calls this a work of scientific fiction that is a work of fiction ment to explain science. The Cambridge Quintet is a hypothetical dinner discussion in 1949 on the possibillity of machine intelligence. The dinner guests are C. P. Snow, Alan Turing, J. B. S. Haldane, Erwin Schrödinger, and Ludvig Wittgenstein so there is the basis of an interesting discussion.

The book is pretty basic in that the reader is introduced to the thinking of all the participant when ever it is nescessary. This is also part of the reason that the book is not that catching.

It is, however, a short and interesting read.

by Bertrand Meyer

One of the all time classics about the theory of object oriented programming.

The first edition was published in 1988. The second completely rewritten edition was published in 1997. And now there is a £27.99 paperback edition so there is really no excuse for getting it.

The book is not about programming languages although here is a chapter on the strengths and weaknesses of them. The book is about the theory of object oriented programming. 1200+ pages of theory.

Along with the book comes a CD with an electronic version of the book.

A most own.

by Alfred J. Menezes, Paul van Oorschot, and Scott A. Vanston

A definitive handbook of cryptography with the emphasis on handbook. This is not a book that you can read in one or more sittings. It is a reference work for the shelves.

It is a scholarly work with lots and lots of mathmatics - just so that you know.

The book was published in 1997 which should not be a problem. Bruce Schneier's Applied Cryptography is from 1995.

A Beginner's Guide

by Michael Abbey, Michael J. Corey, and Ian Abramsom

Americans evidently get pay for the number of pages in a book. Whether or this is true this book has to many pages.

If you know nothing about databases it is an ok book. If you do you should probably get some other book more directed at your particular wants.

For instance the book contains a 40+ page introduction to SQL which is probably not useful if you are looking for an introduction Oracle databases.

This really is a beginner's guide.

How to Avoid Security the Right Way

by John Viega and Cary McGraw

Viega and McGraw believes that security is about risk management. The story goes that the only secure computer is a turned off computer with no harddisk encased in concrete. Unfortunately, such a secure computer is not very handy so we accept certain risk in return for the benefits that we get from putting our computer on the network.

That is why security is about weighing risks against advantages and coming to a desicion based on a level of security that is economically feasible. Security is a tradeoff between security and usability.

This, however, takes expert knowledge of varoius forms of attacks against our data if we are to weigh the pros and cons of security and of how you build secure software. All this and more is in this outstanding book

A most own book.

Richard Stallman's Crusade for Free Software

by Sam Williams

Sam Williams has written a real page turner of a biography. As well as being an honest portrait of Stallman's personality the biography is also a tour de force of the Free Software movement which Stallman pioneered. It also covers the Open Source movement.

Although Stallman is a most annoying person to be around he is also in the words of Linus Torvalds "The God of Free Software". I read it from cover to cover in one sitting so there is a good chance that you too will also find it interesting.

The book is published by O'Reilly under the GNU Free Documentation License so you can browse an online version here.

Highly recommended.

Digital Security in a Networked World

by Bruce Schneier

By definition there can be no definitive book on security - but Schneier's book is as close as they come.

Bruce Schneier is probably best know for his Applied Cryptography. In this book he changes the perspective. It is not about having the best encryption methods or an impenetrable firewall. Security is an ongoing process and at best you can hope your security is tight enough for you to detect an intruder in the act. Your security is only as strong as your weakest link.

A quote: "Now I am more cynical. Now I tell prospective clients that the mathematics is impeccable, the computers are vincible, the networks are lousy, and the people are abysmal."

A non-technical book which will teach you to think correctly about security. A must own!

The Story of an Accidental Revolutionary

by Linus Torvalds and David Diamond

The autobiography of Linus Torvalds. What need I say? If you are into Linux and Open Source you should read it. It is fun and you get the inside take on the Linux revolution.

There is a Danish translation published by Adlandia which I had a hand in editing.

The Secret History of Codes & Codebreaking

by Simon Singh

A fascinating book on codes and ciphers from Mary Queen of Scotts to the quantum cryptography of the future. The book also covers the decipherment of the hieroglyphs and Liniear B.

Even if you are not interested in the pre computer history of codes and ciphers the book is worth buying for the chapters on the Enigma, public and private key encryption, PGP, and quantum encryption.

How Two Lost Boys Rode the Internet Out of Idaho

by Jon Katz

Jon Katz who writes for Rolling Stone Magazine and Slashdot tells the story of how two computer geeks Jesse and Eric escaped lonely, dead-end lives in Idaho for a new life in Chicago.

Jesse and Eric were thankful for their deliverance, but it was shocking, even disheartening, to see that while they’d ridden the Internet halfway across the country, in some ways they hadn’t gone anywhere.

Easy and fun to read.

The Making of the Personal Computer

by Paul Freiberg & Michael Swaine

Unless you have been in the game since the Altair in 1975 you will find this book on the history of the personal computer fascinating. Originally published in 1984 the second edition (2000) has been revised and brought up to date.

And to all you PC-fans out there who frown at Apple computers this book will tell you about the importance of Apple in the history of the personal computer.

A must read.

by Andrew S. Tanenbaum

The revised second edition of his book on processes, deadlocks, memory management, I/O, and file systems contains new chapters on multimedia applications, multiple processors, and security.

The DOS case study have been updated to Windows 2000 and the Unix case study now includes Linux as well.

This is a very technical book and you should at the very least know basic C programming to understand large parts of it. However, make the effort if you want to know how operating systems work.

bye Neal Stephenson

Most of you probably know Stephenson from his excellent works of fiction. Books like Snow Crash, The Diamond Age, or Cryptonomicon which made Newsweek call Stephenson "the hacker Hemmingway".

This book, however, is about the tyranni of operating systems. Stephenson feels the interface-makers with their GUI's or CUI's (Captive User Interface) as I have seen it called introduces a new semiotic layer between people and machines thus making peoples abdicate resposibility and surrender the power of sending bits directly to the chip thereby handing responsibility and power to the OS.

Unix on the other hand is about empowering people. It is hard work but the rewards are greater than the effort. But boy, it is hard work

Fascinating work - well worth a second read.

You can also find it online at Cryptonomicon.com.

by Andrew Hunt and David Thomas

Excellent book on the practices of good programming and programmers. It is a non-technical book but some programming skills are required.

The Pragmatic Programmer contains chapters that are more or less independent but with cross references so you can start of reading about the topics that interest you in particular. Topics like software entropy, orthogonality the power of plain text, debugging, algorithm speed, or refactoring to name a few.

This book will help you become a better programmer.

Using a Digital Nervous System

by Bill Gates with Collins Hemingway

Published in 1999 the book is full of dotcom thinking which is not to say that it is not worth reading. It is. You will find lots of interesting stuff on what is now again just called business.

Bill Gates probably did not write much of the book himself but then again it is the content that matters.

Recommended.

A Design for Living in the Digital Age

By Esther Dyson

Dyson's vison of the digtal future. Dyson is not called the First Lady of the Internet for nothing.

The New York Times called Dyson:

... one of the most influential figures in all the computerworld.

Recommended.

by Necholas Negroponte

18 essays that Negroponte, the founder of MIT's Media Lab, wrote for Wired on being digital has been edited into a book.

Originally published in 1995 this book was quite impressive.

Being Digital can still be read but it has had its time.