• Malicious Cryptography: Exposing Cryptovirology

    by  • July 30, 2009 • J-M

    Rating four

    The Bottom Line

    Most people are familiar with malware- viruses, worms, Trojans, etc.- and most people are familiar, at least with the concept, of cryptography. However there are far fewer people that truly understand either of these technologies, and even fewer still who understand how the two can be combined to create the next generation of malicious code. Good reading, but a certain level of understanding of malware and cryptography is needed in order to follow the information in this book.
    Pros
    • Cutting edge look at new threats on the malware horizon
    • Informative without being boring
    • Appendices provide basics of viruses and PKI
    Cons
    • Solid understanding of cryptography and malware needed

    Description

    • Opening chapter provides engaging fictional look at the potential impact of malicious cryptography
    • Basics of viruses and PKI are provided in appendices, but this book is not for beginners
    • Cutting edge information on how cryptography might impact malware development

    Review:

    Almost everyone (or should that be literally everyone) who has touched a computer keyboard is familiar with malware in some way. Not a day goes by it seems without news of the latest Netsky or Bagle variant. Many people remember the impact Codered, Nimda, SQL Slammer, MyDoom and other malware threats have had on them or the Internet as a whole over the past few years.A much smaller subset of people is familiar with cryptography. Some users may be aware that encryption is an option or they may have heard that they should encrypt their data or protect their email communications with encryption, but they don’t “understand” cryptography. Those people probably shouldn’t bother trying to read this book.

    Those who do understand cryptography- who know what MD5, Blowfish, RSA or 3DES mean and how they work- should probably read this book. Being on an intermediate level in cryptography myself I found some of the concepts and details required me to do some extra digging and research to understand, but I found the book to be informative and intriguing.

    The book seems to waiver in search of an audience- at times covering the information at a higher level that many network and security administrators can grasp and at other times delving into detail that only true cryptographers will follow- but the authors combine information about malware and cryptography in a way that experts from each can comprehend.

    Overall, this is a good book that I recommend- but not for beginners.

    Malicious Cryptography: Exposing Cryptovirology

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com