Paperback: 450 pages
Publisher: Syngress; 1 edition (January 20, 2006)
Language: English
ISBN-10: 159749030X
ISBN-13: 978-1597490306
Product Dimensions: 7 x 1.1 x 8.9 inches
Shipping Weight: 1.3 pounds (View shipping rates and policies)
Average Customer Review: 4.3 out of 5 stars See all reviews (11 customer reviews)
Best Sellers Rank: #1,382,742 in Books (See Top 100 in Books) #130 in Books > Computers & Technology > Software > E-mail #1059 in Books > Law > Criminal Law > Forensic Science #1137 in Books > Computers & Technology > Networking & Cloud Computing > Network Security
Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.
The book tries to do two things. It explains what phishing is and it offers countermeasures against it. On the first issue, it gives a decent explanation of the various forms of phishing. Like how it can be email that directs you to a website (pharm) run by the phisher.On how to stop phishing, the book is sadly inadequate. For example, it explains how the phishers inject their messages into the Internet. This is the broader problem of spammers doing so. And for this, there is no feasible antidote. Mostly because of the early, trusting model of email sending that was developed for the Internet before the Web appeared. But also a deeper problem is that as the Internet continues to grow, with millions of new nodes added each year, each node is a potential injection point. Exacerbated by many of these nodes being computers owned by individuals, without the background to regularly install antivirus software.Then there are the book's suggestions on good practices. It says that users who get messages claiming to be from a bank and asking them to login to a [fake] site should be sceptical. While this is correct advice, it relies on a user acting accordingly. But this human factor is weak. It is precisely this that the phishers direct their attacks at. You might not be fooled. Probably because you are concerned enough that you are considering reading the book, and are in fact reading this review right now. However, phishing, like spam, preferentially targets the ill-educated or gullible. And they are very unlikely to read this book or any others on the subject. The point is that if a recipient gets to the point of actually reading a phishing message, then it is already too late for some non-negligible percentage of users. And it is that percentage from which banks take losses.
Phishing Exposed Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions Hacking Exposed 7: Network Security Secrets and Solutions Hacking Exposed Wireless: Wireless Security Secrets & Colutions Hacking Linux Exposed, Second Edition Hacking Exposed Linux, 3rd Edition Hacking Exposed Wireless, Third Edition: Wireless Security Secrets & Solutions Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition Gluten Exposed: The Science Behind the Hype and How to Navigate to a Healthy, Symptom-Free Life South Beach Diet Phase 1, 2 & 3 Exposed!: Pros & Cons. Do's & Don'ts PROTONS versus Prostate Cancer: EXPOSED: Learn what proton beam therapy for prostate cancer is really like from the patient's point of view in complete, uncensored detail. Sybil Exposed: The Extraordinary Story Behind the Famous Multiple Personality Case Exposed: The Secret Life of Jodi Arias Minecraft : 70 Top Minecraft Seeds & Redstone Ideas Exposed!: (Special 2 In 1 Exclusive Edition) Tom Gilmartin: The Man Who Brought Down a Taoiseach and Exposed the Greed and Corruption at the Heart of Irish Politics Ink Exposed (Montgomery Ink Book 6) Exposed: The Victorian Nude Emotional Abuse Exposed Box Set: Personality Disorders, Narcissism, Sociopath, Psychopath Series Child Trauma Handbook: A Guide for Helping Trauma-Exposed Children and Adolescents