REVIEW: "Black Hat Physical Device Security", Drew Miller

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Aug 12, 2005.

  1. BKPHDVSC.RVW 20050615

    "Black Hat Physical Device Security", Drew Miller, 2005,
    1-932266-81-X, U$49.95/C$72.95
    %A Drew Miller
    %C 800 Hingham Street, Rockland, MA 02370
    %D 2005
    %G 1-932266-81-X
    %I Syngress Media, Inc.
    %O U$49.95/C$72.95 781-681-5151 fax: 781-681-3585
    %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
    %P 363 p.
    %T "Black Hat Physical Device Security"

    The introduction asserts that products are insecure, and also tries to
    say something about trust. There is no clear statement in regard to
    the purpose or intent of the book, however. In addition, there are an
    alarming number of grammatical and spelling errors, and this error
    rate doesn't get any better in the course of the text.

    Chapter one notes that it is possible to program safely. Most systems
    have bugs, notes chapter two, but despite the fact that we have to
    rely on insecure systems, the document points out that we can retrofit
    security onto systems. Encryption is covered in chapter three, which
    also contains ten pages of C language source code, which apparently is
    an attempt to convince you how simple encryption is. There is also
    some discussion of standard authentication forms and biometrics: it
    seems rather odd, but is tied in towards the end of the chapter with a
    discussion of how encryption can protect authentication data. Chapter
    four describes a number of attacks involving input, and suggests
    mitigating procedures. Monitoring of data submitted is recommended in
    chapter five. Various hardware security devices are considered in
    chapter six. Chapter seven is mostly authentication, and a little bit
    of cryptography. There is more on monitoring in chapter eight.
    Chapter nine closes off with discussions of notification.

    Given no stated purpose for the book, it is very difficult to say
    whether it reaches its own, or any other, objective. There are scraps
    of useful information contained in these pages, but little structure
    and no apparent purpose.

    copyright Robert M. Slade, 2005 BKPHDVSC.RVW 20050615


    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Aug 12, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Quean
    G. Morgan
    Jan 17, 2005
  2. Writer R5
    Writer R5
    Jan 9, 2004
  3. Bratboy
    Jun 21, 2005
  4. David Von Pein
    David Von Pein
    Nov 10, 2006
  5. David Von Pein
    David Von Pein
    Nov 10, 2006