CTRL + ALT + SEC

Category: review

  • This Is How They Tell Me the World Ends Review: Zero-Day Exploits and Cyberwarfare

    This Is How They Tell Me the World Ends Review: Zero-Day Exploits and Cyberwarfare

    A Deep Dive into the Zero-Day Market and the Future of Cyberwarfare

    Nicole Perlroth’s This Is How They Tell Me the World Ends: The Cyberweapons Arms Race is a chilling and meticulously researched exposé that delves into the clandestine world of zero-day exploits, the shadowy figures who trade in them, and the governments that weaponize them. As a cybersecurity enthusiast or professional, this book is essential reading to understand the complex and increasingly dangerous landscape of cyberwarfare.

    What is a Zero-Day?

    For those new to the term, Perlroth expertly explains that a “zero-day” is a software vulnerability that is unknown to the software vendor. This means there’s “zero days” to fix it, making it a highly valuable and dangerous tool for hackers and nation-states alike. These vulnerabilities can be exploited to gain unauthorized access to systems, steal sensitive data, and even disrupt critical infrastructure.

    Key Takeaways for Cybersecurity Professionals:

    • The Zero-Day Market: Perlroth unveils the hidden economy where zero-day exploits are bought and sold, often for exorbitant sums. This market fuels the development of increasingly sophisticated cyberweapons.
    • The Role of Nation-States: The book highlights how governments, including the United States, have been major players in the acquisition and use of zero-days. This has led to a global cyberarms race with potentially catastrophic consequences.
    • The Escalating Threat: This Is How They Tell Me the World Ends underscores the growing threat of cyberattacks on critical infrastructure, businesses, and individuals. Perlroth provides numerous real-world examples, from Stuxnet to the Shadow Brokers leak, illustrating the devastating impact of these attacks.
    • Ethical Dilemmas: The book raises important ethical questions about the development, sale, and use of zero-day exploits. Should governments be stockpiling these vulnerabilities? What are the implications for privacy and security?
    • A Call to Action: Perlroth’s work serves as a wake-up call, urging greater awareness and proactive measures to defend against cyber threats. She emphasizes the need for a more robust and resilient cybersecurity posture at all levels.

    Why You Should Read This Book:

    • In-Depth Research: Perlroth, a seasoned cybersecurity reporter for The New York Times, draws on years of reporting and hundreds of interviews to provide a comprehensive and insightful account.
    • Compelling Narrative: The book reads like a thriller, with gripping stories of hackers, spies, and cyberattacks that will keep you on the edge of your seat.
    • Relevance: In an increasingly interconnected world, cybersecurity is more important than ever. This book provides crucial context for understanding the threats we face and the challenges ahead.

    Overall Assessment:

    This Is How They Tell Me the World Ends is a must-read for anyone interested in cybersecurity. It’s a sobering yet essential exploration of the cyberweapons arms race and its implications for our digital future. Whether you’re a seasoned professional or just starting your journey in cybersecurity, this book will provide valuable insights and leave you with a deeper understanding of the challenges and opportunities in this critical field.

  • Book Review: Geoff White’s “Rinsed” – Exploring Cryptocurrency Fraud

    Book Review: Geoff White’s “Rinsed” – Exploring Cryptocurrency Fraud

    Summary

    “Rinsed” by Geoff White exposes how modern technology enables criminals, from drug cartels to cyber gangs, to launder vast amounts of money through digital platforms like cryptocurrency and online banking. Through gripping case studies and expert insights, the book reveals how these illicit networks operate on a global scale, outpacing law enforcement efforts. White uncovers the hidden financial infrastructure behind organized crime, showing how tech industry loopholes are exploited to move dirty money undetected.

    Impressions

    What the critics say…

    Critics have praised Rinsed for its compelling storytelling, in-depth research, and eye-opening revelations about the intersection of crime and technology. The Financial Times called it a “riveting” exposé on cybercrime and law enforcement techniques, while The Economist described it as “gripping.” The Irish Times found it “engrossing and mind-blowing,” highlighting its ability to make complex financial crimes accessible to readers. Reviewers commend Geoff White’s investigative approach and ability to connect real-world cases to broader systemic issues, making Rinsed both an informative and alarming read about the hidden world of digital money laundering.

    What I thought…

    Each chapter covers a different caper. I had already read about some of these major crimes in cyber, so a some of the book was covering some stories I have already heard. Other than that I thought the book was well-written and and never lost interest, even in the stories that I have already heard.

    How I Discovered It

    I don’t remember where exactly I heard about this book, but it was probably from a podcast like Smashing Security.

    Should You Read It?

    Rinsed is ideal for readers interested in true crime, cybercrime, and financial corruption, particularly those curious about how technology enables modern money laundering. It’s a must-read for journalists, law enforcement officials, cybersecurity professionals, and policymakers who want to understand the global impact of illicit financial networks. Tech enthusiasts and cryptocurrency investors may also find it insightful, as it exposes the darker side of digital finance. Additionally, anyone who enjoyed Geoff White’s previous works, such as The Lazarus Heist or Crime Dot Com, will appreciate his investigative storytelling and deep dive into the world of financial crime.

    What I Learned From the Book

    • I didn’t really think about how difficult it is for criminals to launder money before, Geoff covers this in detail through the book.
    • The crime is only a small part of the effort, and its the easy part. Laundering the money so people can be paid is usually more difficult.
    • There are a lot of different ways to launder money and criminals are coming up with new ones all the time.

    Geoff takes the complex and invisible, and makes it understandable in a way that only a real investigative journalist can. He delivers it on stage in an engaging and high energy manner that will leave you more aware of the danger, a little bit stunned and with stories to retell to colleagues and friends – Mastercard

  • Book Review: “Cult of the Dead Cow” – Inside the World of the Original Hacking Supergroup

    Book Review: “Cult of the Dead Cow” – Inside the World of the Original Hacking Supergroup

    • Author: Joseph Menn
    • Fiction: Non-Fiction
    • Genres: Technology, Cyber Security
    • Rating: 3.5 Stars
    • Date Finished: 3/6/25

    The Book in 3 Sentences

    The book explores the history and influence of the legendary hacking collective known as cDc, which pioneered hacktivism and shaped modern cybersecurity. The book delves into the group’s groundbreaking contributions, such as exposing software vulnerabilities, promoting ethical hacking, and influencing figures like Beto O’Rourke. Menn also highlights the evolving cyber threat landscape, emphasizing the ongoing battle between hackers, corporations, and governments over privacy and security.

    Impressions

    How I Discovered It

    I’m reading through all the information security books that my local library has. I’m also try to get them to include more books from this subject.

    Who Should Read It?

    Cult of the Dead Cow is ideal for cybersecurity professionals, ethical hackers, and tech enthusiasts interested in the origins of hacktivism and its impact on modern security. It’s also a great read for policymakers, journalists, and privacy advocates who want to understand the ethical dilemmas and power struggles shaping the digital world. Additionally, anyone curious about the intersection of technology, activism, and government surveillance will find this book insightful and thought-provoking.

    How the Book Changed Me

    • Expanded Perspective on Hacktivism – It shifted your view of hackers to individuals who use their skills for social good, advocating for privacy, security, and accountability.
    • Strengthened Awareness of Cybersecurity Risks – It revalidated by view of digital vulnerabilities, how governments and corporations handle (or mishandle) cybersecurity, and the importance of protecting personal data.
    • Inspiration for Ethical Advocacy – The book motivated me to push for stronger digital rights.

    My Top 3 Quotes

    • “Hacking is not inherently bad. It’s about figuring out how things work and making them better.”
    • “The greatest threat to cybersecurity is not hackers—it’s apathy.”
    • “Privacy is not about having something to hide; it’s about having control over your own life.”

    Summary

    Cult of the Dead Cow by Joseph Menn chronicles the rise and influence of one of the most legendary and impactful hacking groups in history. The book explores how the cDc pioneered hacktivism, exposing software vulnerabilities, advocating for digital privacy, and shaping cybersecurity policies. Menn highlights their role in pushing companies and governments to take security more seriously while also delving into their ethical dilemmas and controversial tactics. The book also reveals the surprising connection of some members to mainstream politics and business, illustrating how hacking culture has evolved from the underground to the halls of power. Ultimately, Cult of the Dead Cow is a compelling look at the battle for control over the internet, security, and personal freedoms in the digital age.

  • A Must-Read for Parents of Gen Z and Gen Alpha: “The Anxious Generation” by Jonathan Haidt

    A Must-Read for Parents of Gen Z and Gen Alpha: “The Anxious Generation” by Jonathan Haidt

    As a parent, it’s natural to be concerned about the impact of social media on our children. In recent years, we’ve seen an alarming rise in anxiety, depression, and other mental health issues among young people. That’s why I was excited to dive into “The Anxious Generation” by Jonathan Haidt, a thought-provoking book that sheds light on this critical issue.

    I really enjoyed reading this book, which offers a comprehensive analysis of how social media is affecting our children’s lives and the world at large. As someone who values play-based childhoods and more independence for kids, I found myself nodding in agreement with Haidt’s arguments throughout the book. Although, I’m not always the best at executing these principles in my own children.

    One of the most compelling aspects of “The Anxious Generation” is its accessibility. Written in an approachable tone, Haidt breaks down complex concepts into easy-to-understand language, making it a must-read for parents and caregivers alike. The author’s passion for this topic shines through on every page, inspiring readers to take action.

    What I appreciated most about the book was how Haidt tackles tough topics like social media addiction, pornography, and the impact of technology on relationships. He offers practical advice for parents, educators, employers, and policymakers on how to mitigate these effects and promote healthier habits among young people.

    As a parent of Gen Z or Alpha children, I highly recommend “The Anxious Generation” as an essential read. It’s not just a book – it’s a call to action. By speaking up and supporting the four foundational reforms outlined in the book, we can create a better future for our children. Haidt encourages readers to connect with others who share their values, creating a powerful movement that will inspire positive change.

    If you’re looking for a thought-provoking read that will make you think about your role as a parent and how you can support your child’s well-being in the digital age, “The Anxious Generation” is an excellent choice. Sign up at www.afterbabel.com to access Haidt’s Substack posts on related topics and join the conversation.

    Rating: 4.5/5 stars

    I highly recommend this book to anyone concerned about the impact of social media on our children’s lives. It’s a must-read for parents, educators, policymakers, and anyone who wants to make a difference in creating a healthier digital landscape for future generations.

  • Book Review: Confident Cyber Security

    Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career by Jessica Barker

    The Book in 3 Sentences

    1. Jessica Barker is the co-CEO of Cygenta and a leader in cybersecurity awareness who is very active on social media.
    2. The book acts as a primer for those interested in cyber security but don’t have a foundation in it.
    3. I think the sub-title is misleading as the book spends 95% of its content teaching the basics of cyber security, which isn’t bad in itself, but it doesn’t go deep on ‘how to get started in cyber security and futureproof your career’.

    Impressions

    As I said in point 3 above, the book spent all its content educating on the basics of cyber and did not dive deep into getting into the field or futureproofing your career in cyber. This is all contained in 1 chapter second to last in the book. This is not a bad book, but it doesn’t accomplish the goal on the cover. I was looking for something deeper about securing a future in a cyber career.

    Who Should Read It?

    Anyone interested in cybersecurity that does not already have a foundation in it. Those with a basic understanding will find, like me, 90% of the book covers the basics they already know.

    How the Book Changed Me

    I wouldn’t say this book had a huge impact on me. I got a couple of book and website recommendations and further solidified my cyber security understanding. Other than that, I learned maybe to abandon a book a little earlier in the future.

  • Book Review: The Art of Invisibility

    The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin D. Mitnick

    The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin D. Mitnick

    The Book in 3 Sentences

    1. Kevin Mitnick is a famous hacker, who teaches you how to reduce your attack surface in this book.
    2. Any privacy you think you have is false.
    3. While some of this information is dated, the book was published in 2017, it still has a lot of useful information.

    Impressions

    While I knew most of what was covered in this book, I did still find the content interesting. The little stories that Mitnick shares throughout the book were very interesting. Also, the length that one has to go to remain anonymous in our digital world, even back in 2017 is pretty crazy. I don’t believe that many American’s understand the amount of their privacy they are giving up by maintaining their current lifestyle, including participating in social media and using technology. Mostly, we have given up data about us, what we do online, by using tools like google, gmail, cellular phones, etc.

    Who Should Read It?

    While I think that this book is overkill for most, as most people don’t think that what they are doing is giving up their data. They believe as Mitnick points out that no one cares about what they are doing because they are just one of the 8 billion people on the planet. Hacker’s are going to over after the low-hanging fruit. They will not only attack large companies, data shows that they are attacking SMBs and individuals. Everyone should be aware, but this book is going to scare people and I believe that most people don’t have the skill set to execute Mitnick’s advise, even the minor things.

    How the Book Changed Me

    • It made me more aware of existing privacy concerns.
    • I plan to implement some of the suggestions that Mitnick discusses to protect myself and my family.

  • Book Review | Countdown to Zero Day

    Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
    by Kim Zetter

    The Book in Three Sentences

    1. The first cyber war attack by the US targeting centrifuges in Iran.
    2. This was the first attack, but it is seen as only the beginning and shows that many systems all over the world are in danger of being exploited.
    3. Real physical destruction can be caused by a malicious computer code.

    Impressions

    This book is not the first cyber security book I’ve read. The story telling was done well, if a little long winded, like many non-fiction books I think this book could have been condensed further. At times it read as though the author was trying to make an article into a book, but at 400 plus pages, I think there was too much repetitive content. Nonetheless, this was an interesting book and covers a pivotal part of cyber history. Stuxnet is mentioned and discussed in many of the virtual training classes I have been taking in the last few months.

    Who Should Read It

    I think there are two categories of people who would be interested in this book. One being history people. I fit in this category as well. This was such a pivotal part of how technology is changing modern warfare that it can’t be ignored.

    The second group that will be interested in this book are those with an interest in computers especially information security folks. This is the first virus designed specifically to target a very niche device. It was purposely written to attack, just that device to accomplish political goals.

    My Takeaways

    • It made me aware that governments can leverage malicious code to attack each other, minimizing human loss
    • I learned that governments is keeping zero days to themselves in order to carry out attacks against their enemies

  • ChatGPT Learning Possibilities

    …and ways people can take advantage of this new artificial intelligence.

    I’ve been hearing a lot about ChatGPT and I wanted to explore more of what it can do. I wanted to see how easy it was to use myself. I created a user account and typed in my prompt:

    write an information article about software bill of materials in easy to understand terms

    I published what I got as a post on this website. This strikes me as interesting initially in two ways. First, I can type in questions and have this AI produce short and easy to understand articles for me to learn more about whatever topic I want, probably cybersecurity for the moment.

    Secondly, I could also have it write lots of content for this blog or any other along with google adwords or anything else. All I’m doing is posting content, and I don’t even have to write it anymore. ChatGPT comes up with the content about a subject I want it to write about and people visit the site to read the content. I mean it’s not horrible content after all. Nothing really wrong with it.

    This could flood the internet with many useless sites that are written by the same AI. Yes, I’m well aware that the internet is already flooded with lots of useless content, but not all of it is generating revenue for the owners. Just an idea. This is pretty neat, but getting a little scary quickly too!