Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It [Paperback]If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

  • Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
  • Learn how attackers infect apps with malware through code injection
  • Discover how attackers defeat iOS keychain and data-protection encryption
  • Use a debugger and custom code injection to manipulate the runtime Objective-C environment
  • Prevent attackers from hijacking SSL sessions and stealing traffic
  • Securely delete files and design your apps to prevent forensic data leakage
  • Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Price:

Click here to buy from Amazon

Hacking: Digital Media and Technological Determinism

Hacking: Digital Media and Technological Determinism (Digital Media and Society)Hacking provides an introduction to the community of hackers and an analysis of the meaning of hacking in twenty-first century societies.

One the one hand, hackers infect the computers of the world, entering where they are not invited, taking over not just individual workstations but whole networks. On the other, hackers write the software that fuels the Internet, from the most popular web programmes to software fundamental to the Internet's existence. Beginning from an analysis of these two main types of hackers, categorised as crackers and Free Software/Open Source respectively, Tim Jordan gives the reader insight into the varied identities of hackers, including:

* Hacktivism; hackers and populist politics
* Cyberwar; hackers and the nation-state
* Digital Proletariat; hacking for the man
* Viruses; virtual life on the Internet
* Digital Commons; hacking without software
* Cypherpunks; encryption and digital security
* Nerds and Geeks; hacking cultures or hacking without the hack
* Cybercrime; blackest of black hat hacking

Hackers end debates over the meaning of technological determinism while recognising that at any one moment we are all always determined by technology. Hackers work constantly within determinations of their actions created by technologies as they also alter software to enable entirely new possibilities for and limits to action in the virtual world. Through this fascinating introduction to the people who create and recreate the digital media of the Internet, students, scholars and general readers will gain new insight into the meaning of technology and society when digital media are hacked.

Price: $59.95

Click here to buy from Amazon

Counting from Zero

Counting from ZeroCan a security expert save the Internet from a catastrophic zero day cyber attack by a network of zombie computers, known as a botnet? At what cost?

“Credible and believable, this story is told by a subject matter expert. I could not wait to find out what happened next.”
Vint Cerf, Internet pioneer
“The threat to the Internet from worms, viruses, botnets, and zombie computers is real, and growing. Counting from Zero is a great way to come up to speed on the alarming state of affairs, and Johnston draws you in with his story and believable cast of characters.”
Phil Zimmermann, creator of Pretty Good Privacy (PGP) the most widely used email encryption program
Today, every computer connected to the Internet is under constant attack from viruses, worms, port scans, and spam. Security professionals continually fight to contain newly unleashed cyber attacks, known as ‘zero day' attacks, only to have new attacks launched. Millions of computers have already succumbed, and, without their owner's knowledge, have become slave computers – remotely controlled ‘zombies'. Under the control of organized crime and backed by foreign governments, these computers are morphing into collections known in the industry as botnets, short for robot networks.
Internet security expert Mick O'Malley is the only one who recognizes the growing threat of the ultimate zero day attack on the Internet from a massive botnet, and his unique hacker skills and network of colleagues enable him to fight back. More cyber prep than cyber punk, Mick uses real-life tools and techniques to encrypt all his communications, and uses these skills to break the encryption used by the botnet. Mick uses encryption on a personal level, too, having multiple passports and multiple names and identities. While crisscrossing the globe in the air, on land, and at sea investigating the threat, Mick becomes the target of attacks on his reputation, his identity, and ultimately his life.
Along the way, Mick meets Kateryna Petrescu, a beautiful Romanian firewall expert. Mick's attraction to Kateryna develops as they work closely together and share the excitement and danger. Why is the government following Mick and trying to intercept his communications? Can he stop the zero day attack before it is unleashed? What will be the cost to Mick for his single mindedness?
Unfolding across three continents, the new cybercrime mystery “Counting from Zero” gives a realistic insider's view of the thrust and parry world of computer security and cryptography, and the very real threat of botnets.

Price: $11.99

Click here to buy from Amazon

Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting

Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and HoneypottingOne of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.

Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.

Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.

About the Technologies

A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.

Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.

A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leader VMware, Xen, and Microsoft's Hyper-V virtualization platform, a new part of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of security professionals, including administrators, researchers, consultants, and forensic

Price: $59.95

Click here to buy from Amazon

Hacking Exposed: Malware, Rootkits Secrets and Solutions

Hacking Exposed: Malware, Rootkits Secrets and Solutions“A harrowing guide to where the bad guys hide, and how you can find them.” –Dan Kaminsky, Director of Penetration Testing, IOActive

“An amazing resource. It is timely, focused, and what we need to better understand and defend against one of the greatest cyber threats we face.” –From the Foreword by Lance Spitzner, President of the Honeynet Project

Don't let another machine become a zombie in the malware army

Defend against the ongoing wave of malware and rootkit assaults the failsafe Hacking Exposed way. Real-world case studies and examples reveal how today's hackers use readily available tools to infiltrate and hijack systems. Step-by-step countermeasures provide proven prevention techniques. Find out how to detect and eliminate malicious embedded code, block pop-ups and websites, prevent keylogging, and terminate rootkits. The latest intrusion detection, firewall, honeynet, antivirus, anti-rootkit, and anti-spyware technologies are covered in detail.

  • Understand how malware infects, survives, and propagates across an enterprise
  • Learn how hackers use archivers, encryptors, and packers to obfuscate code
  • Implement effective intrusion detection and prevention procedures
  • Defend against keylogging, redirect, click fraud, and identity theft threats
  • Detect, kill, and remove virtual, user-mode, and kernel-mode rootkits
  • Prevent malicious website, phishing, client-side, and embedded-code exploits
  • Protect hosts using the latest antivirus, pop-up blocker, and firewall software
  • Identify and terminate malicious processes using HIPS and NIPS

Price: $49.99

Click here to buy from Amazon