Book Review: Malicious Cryptography- Exposing Cryptovirology

R. A. Hettinga rah at shipwright.com
Thu May 6 08:17:04 EDT 2004 

<http://netsecurity.about.com/cs/encryptionbooks/gr/aaprmalcrypto.htm>

About.com


Book Review: Malicious Cryptography
>From Tony Bradley, CISSP,
Your Guide to Internet/Network Security.

Guide Rating -

The Bottom Line

Most people are familiar with malware- viruses, worms, Trojans, etc.- and
most people are familiar, at least with the concept, of cryptography.
However there are far fewer people that truly understand either of these
technologies, and even fewer still who understand how the two can be
combined to create the next generation of malicious code. Good reading, but
a certain level of understanding of malware and cryptography is needed in
order to follow the information in this book.
Pros
	* 	Cutting edge look at new threats on the malware horizon
	* 	Informative without being boring
	* 	Appendices provide basics of viruses and PKI

Cons
	* 	Solid understanding of cryptography and malware needed

Description
	* 	Opening chapter provides engaging fictional look at the potential
impact of malicious cryptography
	* 	Basics of viruses and PKI are provided in appendices, but this
book is not for beginners
	* 	Cutting edge information on how cryptography might impact malware
development

Guide Review - Book Review: Malicious Cryptography
 Almost everyone (or should that be literally everyone) who has touched a
computer keyboard is familiar with malware in some way. Not a day goes by
it seems without news of the latest Netsky or Bagle variant. Many people
remember the impact Codered, Nimda, SQL Slammer, MyDoom and other malware
threats have had on them or the Internet as a whole over the past few years.

 A much smaller subset of people is familiar with cryptography. Some users
may be aware that encryption is an option or they may have heard that they
should encrypt their data or protect their email communications with
encryption, but they don't "understand" cryptography. Those people probably
shouldn't bother trying to read this book.

 Those who do understand cryptography- who know what MD5, Blowfish, RSA or
3DES mean and how they work- should probably read this book. Being on an
intermediate level in cryptography myself I found some of the concepts and
details required me to do some extra digging and research to understand,
but I found the book to be informative and intriguing.

 The book seems to waiver in search of an audience- at times covering the
information at a higher level that many network and security administrators
can grasp and at other times delving into detail that only true
cryptographers will follow- but the authors combine information about
malware and cryptography in a way that experts from each can comprehend.

 Overall, this is a good book that I recommend- but not for beginners.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list