Author: Nitesh Dhanjani, Billy Rios & Brett Hardin
Publisher: O'Reilly, 2009
Aimed at: Systems administrators and senior developers
Pros: Easy to read introduction to psychological based scams
Cons: No concrete solutions
Reviewed by: Harry Fairhead
The "Next Generation" part of the title of this book might sound encouraging but if you have been keeping up with security threats then you probably won't find much that is really new.
The idea is that we are not discussing old fashioned scanner or IP spoofing type attacks but complicated scams based on psychology and the skill of the con-man. In this sense the topics discussed are "next generation" but not really cutting edge as this sort of thing has been around for quite some time. On the other hand, if you have missed out on the rise of the more complex, but often less technical, approaches to hacking then you will find a lot to read and by the end of the book you should be enlightened.
The authors go over the usual social engineering attacks and document attacks via social networking sites and phishing. The basic idea that the more information that is available on you or your company and the easier it is to find then the greater your risk is. Obviously the problem is that publicity is the life blood of most companies and pointing out that it can come back to bite isn't really helpful. No real solutions or safe guards are proposed other than a "be on your guard" and "educate your users" type approach.
Another major theme is how multiple small security problems can be put together to create an effective attack. So called "blended" attacks are on the increase but once again what you can do to protect against them is something of a mystery.
While this isn't a particularly technical look at hacking it does go down to the level of code examples where they are appropriate - cross site scripting, for example.
As stated at the start of the review - if you haven't kept up on the softer social and psychological side of hacking then this book is an easy to read introduction to the threat it poses.