Edit: I have added an amendment to this review in this post, when it became obvious to me that the majority of the material in the STAR portion of this book is plagiarized.
Jayson E. Street and Kent Nabors’ The F0rb1dd3n Network is the first in what is proposed to be a new series of “hacker fiction” from Syngress, under the banner Dissecting the Hack. This genre is still in its infancy, so the only other point of comparison that comes to mind is the Stealing the Network series from the same publisher. Despite STN‘s flaws, I enjoyed the stories the series had to tell, and looked forward to the review copy of F0rb1dd3n Network that arrived last week.
The F0rb1dd3n Network‘s format is different from STN‘s. The fictional story is separated from the second part, which serves as a technical reference that explains the technology and attacks mentioned in the story. A “How to Read” introduction explains that the reader can read either or both sections. I felt that it was best to just take the book in linearly, reading the story first, then the “Security Threats Are Real” (STAR) section.
I enjoyed the story, however those reading the book for “hacker fiction” should be aware that this part is only 127 of the book’s 410 pages, and goes by very quickly. The plot has the pacing of an action movie or police/detective TV series, so don’t expect much development in the characters, nor much attention to the hacks performed by them (the latter is to be taken care of in the “STAR” section). The advertising for this book includes the statement “Every attack is real.”, which is true for the most part, but if you’re really picking nits you may be able to spot a few “hand-waving” moments. Overall though, it’s entertaining, and if you enjoyed the stories in STN, you’ll probably like this one.
The second part, STAR, is both a review of penetration testing methodology and a collection of more in-depth coverage of attacks, technology, and cultural references made in the story portion of the book. This is where I felt that the book was a let-down from its promise. Much of this section, which appears to be thick with content, is actually space wasted. Among the worst offenders are large screenshots, many of which have no direct reference in the text to explain the contents; numerous screenshots of websites with no real content showing; and pages of book recommendations with large (and low resolution) images of their covers. A lot of space is also taken up by “Public Record on Tap” sections, which are simply reprints of short articles available on the web. Many of these are not attributed to any author or source, and it took some Googling to find out that they were largely copied and pasted from Wikipedia. Outside of these sections, I noticed at least a couple of instances where content was copied from Wikipedia or vendor websites without attribution or any indication that it was a quote from elsewhere (I hope that this is just an oversight). I got the feeling that the author was getting tired and started “phoning it in” towards the end (a short bio of HD Moore that doesn’t mention Metasploit?). I understand the desire to make a book seem large, however much of it could have been replaced with more information on the attacks described in the fictional story (even some that had no mention in STAR at all). I would have preferred to hear the author’s take on many of the topics, rather than snippets of text from the web.
There is also the confusion of the target audience for this book. The website for the book has a video that explains that it is for management to understand security and buy in to it. The back-cover sells it to “Hackers, IT Professionals, and Infosec aficionados (as well as everyday people interested in security)”. This kind of description is symptomatic of many books being published that are trying to widen their market. My feeling is that it’s going to be difficult to get some of these audiences interested in this book. Many people in management roles, as well as established professionals (and hackers) in the security field, are not going to be able to relate easily to the kids that are the main characters in the story. People who have been involved in security won’t find many new techniques or insight in the STAR section (literally, because so little of it is original content from the authors). This leaves beginners to the security field and laymen who have this as their first exposure to the field. For them, it would probably be an interesting book (that might leave them hanging on some points).
I think this format has promise, enjoyed the fiction, and I look forward to future volumes of the story. More mature protagonists and situations would be welcome, to better relate to the audiences that can benefit from the book the most. The STAR section in future books should also focus more on the happenings of the story, and consist of more prose from the authors than filler.
Thanks for the review, I’m still looking forward to getting my hands on my copy of the book. Hopefully my expectations won’t now be too high, enough that I won’t be disappointed if it doesn’t quite live up to original billing.
–Andrew Waite
Am not sure what to say, but i just hope it is better than the STNs, though am still hoping to get a copy of the book soon. I think Jason tried coz not many pentesters would still have time to write such a book.
Which parts did you think were hand-waving? It’s hard to pick those parts out only because as a sec geek, I also tend to connect-the-dots quickly. For instance, I bet one of those moments was in the actual mechanics of the uploaded trojan. Maybe it might have been necessary to go into detail on in the actual story, but maybe not. You can find me out-of-band if you want, rather than posting back here in case they’re spoiler-ridden.
I am excited, though, as I think “hacker fiction” is a void, and those few blogs or books that fill that void seem to be eaten up (at least in our circles) quite hungrily. Whether they’re geared towards teaching security lessons to laypersons or teaching security techniques to the geeks, they’re quite desired.
Without spoiling, I felt that instances where they were analyzing the packets sniffed and one of the characters analyzing the malware out of the saved network traffic were “hand-waving” moments. I didn’t expect any more explanation in the story (even though it was more explicit about other attacks), but I did expect at least a reference and mention of some of the tools used for that kind of work in the STAR section, especially since there is so much in STAR that isn’t referenced from the story.
I too like the idea of hacker fiction. I did enjoy the story. I actually have way more of a problem with the STAR section of this book than the story. I’m hoping that the genre will evolve.
[...] am posting this as an amendment to my review of Jayson Street and Kent Nabor’s Dissecting the Hack: The F0rb1dd3n Network. It turns out [...]