Silence on the Wire : A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski

No Starch Press, ISBN 1593270461
IT security common sense tells people that are defending their systems to always identify the attacker, where the ‘attack’ is intended as a vertical and treacherous action for breaking up the system’s protections. This ‘cops and robbers’ game is not only extremely limited in perspective, but also dangerous if implemented by biunique couples of causes and remedies (i.e. exploits and patches), because then it looses sight on the real philosophy that people who really want to enter a system embrace. This philosophy is based on overcoming a limit, a task rarely achieved with brute force, more often through a work of the intellect. These tasks abstract the problems in order to find new solutions. In this text the author is showing off visions and possibilities, drawing a sort of ‘zen of security’ that is a in-depth technical description of possible (or already started) scenarios. The ‘silence’, cited in the title, is the metaphor in which data are read or monitored without asking permission before, and out of the system administrator’s sight. All the complexity of the IT system interaction (and their infinite programming possibilities) emerges. This systematically leaves the doors open to the one that uses the talent to wriggle out of the danger of navigating the system not being metaphorically seen nor heard.