"Security Engineering" Is Now Online 103
An anonymous reader writes "Ross Anderson, author of 'Security Engineering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses (I teach two of them)."
more free books (Score:5, Informative)
"Share and enjoy!"
Re:Backwards System (Score:5, Informative)
IOW, even though she is the copyright holder, she can't redistribute the content in any form per the contract.
OT: Mirrored Content (Score:4, Informative)
Part 1: http://momoshare.com/file.php?file=1911bc82417793
Part 2: http://momoshare.com/file.php?file=f88b489ca8f1dc
SHA1 Sums
b14f5b17f2284823cd803d2c1c01970ffe88684d seceng1.zip
740a0de7f86893326b074862abdf377c881734b3 seceng2.zip
Re:Password Changing (Score:2, Informative)
1) When I had a job where I wasn't in control (not admin, just support) and I didn't particulary fancy the admin staff, I brute forced my way into admin, had they changed it every 90 days it wouldn't have been worth the effort more than once or in particulary needed times. As it was, they appeared to agree with you, which in turn guaranteed me admin access from brute force methods until I ended my employment there (and gave the admin login to pals there), changing it once a year or so means that i just have to put a pc under my workdesk and leave it on for a couple of weeks with the monitor off. If it changes too often than it's just too much of a pain to work have to replicate the scenario every couple of weeks and i lose out on the admin status, but if it never changes, it's no pain to me to put up with the PITA of brute forcing it once. FYI, due to them using a complex password and my spare PC speed, brute force clocked in at 2 weeks to get the password - 2 weeks once, no prob, but after every 90 days, i haven't got the time to dedicate to keeping that PC online and hidden, plus it would increase my chance of getting caught by an audit or security.
2) The best thing to do is to change your password anytime there is a good chance that someone who should not know it does know it. That's fantastic, if you represented the average user I would marry you. Most users don't have this idea in mind, they want the password static for as long as possible and occassionaly share it and forget it. I have found users logged in as other users many many times. Lots of users do insanely stupid things like call work and ask someone else to log in as them to check something they forgot, even members of the management team do it at one place i worked at. By the end of 90 days I expect at least several users to have shared their passwords, no big deal, it will change, if it doesn't (and it won't unless i force it) than after a year some of those other users are working for the competition who suddenly have a great tool to check your business stats (in this country that happened to a major airline - the cause, no password change policy)
3) if your changing your passwords only after finding out about instrusions, you may as well forget it, you probably have a keystroke logger or other backdoor installed already and changing it is only going to give the intruder your new password. seriously, security should be proactive, not reactive - you've already been broken into if you have a reactive model.
4) believe it or not, but I could go on with examples and theoritcal ideas, but i've got some conference to go to....feel free to respond with something constructive rather than the "i don't want to change my password though" or "i don't think so" give some real security measures that are improved by not changing it. As an admin who has about 30 - 40 username/password combos some of which only get used monthly, I don't have any password problems, when a user on my network comes to me saying they can't handle it and I know they have one username/password I laugh at them. It's not even as difficult as remembering a phone number.
reviews (Score:3, Informative)
Re:Backwards System (Score:3, Informative)
As the author of some free, online textbooks, I actually agree with a lot of your points. However, I think they're overstated. My books have actually been reasonably successful without signing on with a publisher. I've had adoptions from 13 other schools besides my own. POD companies like lulu.com have made it pretty trivial to take care of production and distribution. Advertising also isn't rocket science. I designed my own ads, and ran them in a trade magazine (The Physics Teacher). A lot of the money that traditional college textbook publishers put into marketing is the money they pay to have book reps go around to schools giving freebie copies ot professors and trying to talk them into adopting it. Well, that's an incredibly inefficient method of marketing. The freebie copies are expensive to produce, and the reps are expensive to employ, and in most cases, the reps are wasting their time, because they don't know enough about the subject or the situation at a particular school to know whether they have any realistic chance of getting an adoption. If the book is free online, you don't have to pay to leave these expensive printed copies for professors, who will use them as doorstops. Actually, most of my adoptions have come just from teachers who ran across the book on my web page.
I acknowledge that in some specific cases self-publishing directly to the internet might be a good business plan. But to suggest that we abandon dead trees in most cases misunderstands the market.
You'r confounding two totally different issues. You can make two completely independent decisions: one is whether to make it free on the internet, and the other is whether to sell it in print.
You said it yourself, "...if they don't get it into print, it can't be used in a classroom setting."
Getting it into print is trivial with POD.
The biggest thing I think I'm missing out on by not having a publisher is that I've never had a chance to work with an editor. That would be great, but it's not a consideration that trumps all others.
Traditional publishers are becoming less relevant. The question is how much less relevant, and that really depends on the book and the author. Does the book need a ton of professional illustrations (like most physics textbooks), or not (as with most CS textbooks)? Are you trying to hit a home run (a freshman chem textbook that will dominate its market), or not (like 99% of all textbooks, which are not very profitable for anyone)? Is it an esoteric subject (quantum field theory), or something that zillions of college freshmen take every year (calculus)? See my sig for a catalog of hundreds of books that are free online. Some of these are, like the one referred to TFA, books that are also in print from major publishers. Many others, however, represent the success stories of college professors who did it on their own.
Mirror (Score:2, Informative)
http://www.badongo.com/file/1324503 [badongo.com]
Here's the torrent. (Score:2, Informative)
Re:SHA1SUMs (Score:3, Informative)
http://secunia.com/advisories/16466 [secunia.com]
Stranger things have happened.