Last year, I reviewed Jayson Street’s Dissecting The Hack: The F0rb1dd3n Network, uncovering a massive amount of plagiarism that resulted in the book getting pulled, pending a revision.  Here are the posts that chronicle those events:

  • The original review – …before I realized the extent of the plagiarism.  To summarize: I enjoyed the book’s fictional section, despite some flaws.  I had far more complaints with the “Security Threats Are Real” (STAR) section, which seemed very disjointed and unfocused.
  • Amending My F0rb1dd3n Network Review – …upon a closer look, it became apparent that readers (and reviewers) were misled.  The vast majority of the STAR section (comprising of all but 120 pages of the book’s total of 400) turned out to be plagiarized from various sources (primarily Wikipedia).  I documented it and made this post to warn potential readers.  The authors responded, pointing to the technical editor as the cause.
  • Syngress Response to Plagiarism in Dissecting the Hack: The F0rb1dd3n Network – Syngress released a statement confirming the authors’ take on what happened, and announced that there would be a revised release of the book.

On July 15th, a revised edition was released, and I requested a review copy so that I could see what had changed, and provide this new review.

What do you get?

The book has the same basic appearance as the previous version, with the addition of a third author, Brian Baskin, on the cover.  On the title page, Marcus Carey is added (in a smaller font) as an author, and Dustin D. Trammell is listed as the new technical editor.  Apart from “Revised Edition”, there is no discussion or acknowledgment of the book’s past.

The book has gone on a bit of a diet, roughly 70 pages.  This is a good thing, however, as the old STAR section was mostly irrelevant filler.  The fiction remains, virtually untouched from the previous version, at about 120 pages of the book’s 330 page.  The new STAR section is original content now, which is, of course, a dramatic improvement.

The Fiction

My comments from my first review mostly stand here.  The fictional F0rb1dd3n Network story was always an original creation of Jayson and Kent’s.  I am a big fan of the concept of “hacker fiction”, the likes of which you’ll find in another Syngress series, Stealing the Network.  I am definitely supportive of any attempts at writing new material in this genre.

As a story, I enjoyed this section of the book, but found it to be very short.  The plot is very much what one would expect out of a techno-thriller TV show (perhaps an episode of Leverage) and you get about the same degree of character development.  Unlike the Stealing The Network series, explanations of the attacks are saved for the STAR section, rather than given in-character in the story.  While I can see that this helps moves the story along, I think it makes the fiction seem quite short.  When it ends, you’re left wondering about some things that probably could have been wrapped up within this story, particularly an incident of “dark-grey-hat” hacking the protagonists vow to atone for, but that is never revisited.  It may be something that’s saved for a sequel, but it reads like the authors simply forgot about it by the end of the story.

I’m being critical here, but I really did like the story, as a whole, and I hope that there is an opportunity for the authors to continue it.  If you liked Stealing the Network, you’ll definitely enjoy it.  It ranks right up there with the best writing in that series.

(As an aside, if you want some awesome hacker fiction, check out Daniel Suarez’ Daemon and its sequel Freedom(TM))

While one of the selling points of the book is that all of the attacks discussed in the fiction are real and documented in greater detail in STAR, there are some minor quibbles with that.  There are times in the story where it seems as though the authors have hit the limits of their own experience with attacks, on more difficult topics like reverse engineering and exploit development.  In the handful of times this comes up, artistic license is taken, hands are waved, meaningless phrases are thrown around (“pop the sled on that buffer”) and the story moves on without one of those STAR references.  Only once does a technical error directly impact the story, and honestly it’s not something even most security professionals would have caught.  These are small issues, though I would have liked it if some outside help would have been brought in to lend some authenticity to those points and document them in STAR.

The “Security Threats Are Real” (STAR) section

The STAR section is greatly improved.  Gone are the page-chewing screenshots of blogs and descriptions of unrelated tools.  There is a greater focus on describing the attacks that are in the story than in the previous edition.  Overall, it reads as being much more professional.

It’s a good first-read for people interested in computer security.  There are some technical issues and organizational issues (some topics don’t really fit with the phase of attack they’re classified in), but it’s good for someone who’s gauging their potential interest in security.  Experienced readers might be slightly disappointed.  There is a lot of material on hacker culture that is heavily skewed to the authors’ experiences with various events, people, and conferences, which the uninitiated might take as gospel for the entire scene.  I think that a lot of this could have been trimmed down (perhaps placed on the website) to give a more in-depth and complete coverage of the attacks in the fiction section.

Should you buy it?

I believe that most of the regular readers of this site are the more technical members of the security community: penetration testers, folk who do forensics and incident response.  Readers in these are similar areas that are already “in” security will get a fun read out of this book (and it’s worth it for that, especially if you’re pining for more Stealing the Network) but are not likely to pick up any new skills.

If you’re new to this stuff, or if you’re testing the waters to see if security even catches your interest in the first place, this book might be an entertaining way to learn some basic concepts.  You’ll pick up a few simple skills, and you’ll have some points at which you can start researching something that interests you.  While I don’t see this book as keeping the attention of non-technical people that wish to stay non-technical, if you’re a motivated learner, it’s a decent place to start.

Overall:  It’s a great book for the audience it should be marketed to.  Good work and congratulations to Jayson, Kent, Brian, Marcus, and Dustin Trammell for fixing up the book and seeing it through to the end.

http://www.mcgrewsecurity.com/2009/10/12/book-review-dissecting-the-hack-the-f0rb1dd3n-network/

  2 Responses to “Book Review: Revised Edition of Dissecting the Hack – The F0rb1dd3n Network”

  1. Personally, I think your opinion is irrelevent. The fact that you think you are a credible source of book reviews I find absurd, and your ego offensive.

  2. Steve, are you serious? I mean honestly, your reading a personal blog, OF COURSE you are going to see his personal opinion on matters he feels his blog readers may find interesting. Get a grip, smoke a bowl and stfu

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha