(I picked this book up on release day to have something to read for the rest of the week while traveling for work, and was very happy with it. The following is my review, which I'm also posting to Amazon.)
Countdown to Zero Day hits a very nice balance for both technical and non-technical audiences. It's smart: explains a concept or term once very well, then moves on to build upon it to help the reader understand the complex subject matter. A reader without any background in the topic will find a fascinating and accessible story of some of the most interesting malicious software to date, and the people who reverse engineered it. A reader with some background in the field will find one of the most complete and coherent chronicles of Stuxnet, Duqu, and Flame available. Experienced readers will be happy that it doesn't go too light on interesting technical detail. I'd say it also serves well as a introduction to the issues surrounding ICS/SCADA security in general.
A good measure of how much I enjoyed a non-fiction book on my Kindle is to examine how many "highlights" I made to remind myself to explore something further. Zetter's Countdown to Zero Day breaks all personal records in this regard, with dozens of snippets of technical information and references I am looking forward to following up on. Zetter has done a lot of the hard work for me: documenting the years of research that went into this book with frequent and useful footnotes.
I'm going to start including this on the recommended reading list for my reverse engineering course, as I think it'll inspire and catch the interests of those who are just starting out in the field. I'm looking forward to my students' take on it.
Vegas For People Who Break Things
Black Hat USA and DEF CON are coming up next week and I am excited, and so should you, if your thing is breaking things. I'm looking forward to presenting, seeing some good technical talks, and meeting with folk I only get to see once a year. I always ...read more
An Incident in Georgia Weidman's Training (or, Don't Mess With My Students)
Today I received an email from a student who had taken my security and reverse engineering classes that had attended Circle City Con in Indianapolis this past weekend, along with another former student. He had a good time, but mentioned an incident that occurred that he'd rather discuss over ...read more
Speaking at DEF CON 22
Chinese Military Hacker Indictment
Very quickly, and without much comment yet, as I haven't dug into it much myself, here is the PDF for the indictment of the five Chinese military hackers that the Department of Justice announced today:
If you like following stories like this, I highly recoommend ...read more