MITM: man-in-the-middle

back to index

146 results

Engineering Security

by Peter Gutmann

the HTTP level, binding the HTTP authentication to the TLS session that it’s run inside. In this way if someone were to perform a man-in-the-middle (MITM) attack5 on the TLS session, say by using a commercially-available interception proxy, then the HTTP authentication that’s bound to the TLS session would

The long-established term for this type of attack is a “man-in-the-middle attack”. If you’re offended by this then feel free to mentally substitute “non-gender-or-race-specific-personal-noun-in-the-middle attack” wherever you see the term “MITM” used. Theoretical vs. Effective Security 9 behind the site,

banking transaction. Some of the better-designed systems also include the transaction details and cryptographically tie the authorisation code to the transaction so that a man-in-the-middle (MITM) attack that invisibly modifies the transaction details won’t work. Now pause for a moment and think of all the reasons why this security mechanism

are able to detect. There are even automated attack tools around that enable this subversion of the fingerprint mechanism. The simplest attack, provided by a man-in-the-middle (MITM) tool called ssharpd [191], uses ARP redirection to grab an SSH connect attempt and then reports a different protocol version to the one that’s

to a predefined server and then perform an active man-in-the-middle attack, a 10 Since ssharp is based on a modified, rather old, version of OpenSSH it’d be amusing to use one of the assorted OpenSSH security holes to attack the MITM while the MITM is attacking you. User Conditioning 33 considerably more

browsers is appalling when the ‘human in the loop’ is considered. Because most users dismiss certificate verification error messages, SSL provides little real protection against man-in-the-middle attacks. Users actually behaved less insecurely when interacting with the site that was not SSL-secured” [206]. The astonishing result of this research is that

still present in Apple’s iMessage system, which trusted any CA-issued certificate (rather than only ones designated as being for the iMessage servers), allowing man-in-the-middle (MITM) attacks on communications with the iMessage servers. Since iMessage sends the AppleID and password in the clear (over the potentially

by additional controls that the CA had in place [340]. Debate over whether it really was a lone Iranian hacker, the Iranian government (performing a man-in-the-middle attack on huge numbers of Iranian users would be well beyond the capabilities of an individual hacker, and the sites that were targeted, which included

on TLS SRP status”, discussion thread on ietf-tls mailing list, May-June 2007, http://www1.ietf.org/mail-archive/web/tls/current/msg01667.html. “Man-in-the-Middle in Tunnelled Authentication Protocols”, N. Asokan, Valtteri Niemi and Kaisa Nyberg, Cryptology ePrint Archive, Report 2002/163, November 2002, http://eprint.iacr.org/2002/

163. “Man-in-the-Middle in Tunnelled Authentication Protocols”, N. Asokan, Valtteri Niemi and Kaisa Nyberg, Proceedings of the 11th Security Protocols Workshop (Protocols’03), Springer-Verlag LNCS No.3364,

, http://www.w3.org/2005/Security/usability-ws/papers/08-esecurity-browser-enhancements/. “SSL/TLS Session-Aware User Authentication — Or How to Effectively Thwart the Man-in-the-Middle”, Rolf Oppliger, Ralf Hauser and David Basin, Computer Communications, Vol.29, No.12 (August 2006), p.2238. “A Proof of concept Implementation of SSL/

Durumeric, Eric Wustrow and J.Alex Halderman, Proceedings of the 21st Usenix Security Symposium (Security’12), August 2012, p.205. [206] “Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks”, Haidong Xia and José Brustuloni, Proceedings of the 14th World Wide Web Conference (WWW’05), May 2005, p.489. [207] Perry Metzger

vervalst”, Wilbert de Vries, 4 September 2011, http://tweakers.net/nieuws/76567/diginotarhackers-blijken-531-certificaten-te-hebben-vervalst.html. [324] “An update on attempted man-in-the-middle attacks”, Heather Adkins, 29 August 2011, http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html. [325] “Fraudulent *.google.com Certificate”,

merchant ID, creating a single-use credit card number that’s only valid for that one transaction and that, even if obtained via a live man-in-the-middle attack (rather than the usual process of phishing followed by eventual resale to third parties) is of limited use to an attacker [259][260]

incorporates the device into a botnet [389][390][391] (some of which have been happily running across multiple platforms for years [392]) or performs a man-in-the-middle attack on SSL servers [393], an attack that’s been found to be extremely effective in real-world tests [394], but given that most users

, a problem that’s covered in more detail in “Humans in the Loop” on page 445), they then have the ability to mount a man-in-the-middle attack on your communications whenever they want. On the other hand if they compromise the short-term shared secret key then they have to actively

indicators for the earlier EV certificate. In practice it’s a bit more complicated than that since with appropriate tricks you can perform a full man-in-the-middle (MITM) attack and capture passwords and cookies, but the end result, in technical terms an SSL rebinding attack, is that you’ve defeated the use

of the URL. If the hash matches then the client knows that it’s talking to the server given in the URL and not a man-in-the-middle or a fake server that’s been substituted through DNS spoofing or some other type of attack. No PKI of any kind is necessary.

requires updating all existing systems that use DNS spoofing, which in most cases will entail firmware upgrades and also means that you’re performing a man-in-the-middle attack on web traffic, which a different group of people than the DNSSEC camp consider an even bigger sin than spoofing DNS. A downside to

, July 2011, https://media.blackhat.com/bh-us-11/Marlinspike/BlackHat-USA-2011-Marlinspike-SSL-Future-Authenticity-SlidesOnly.mov. [562] “DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks”, Mansoor Alicherry and Angelos Keromytis, Proceedings of the 14th Symposium on Computers and Communications (ISCC’09), July 2009, p.550. [563] “ConfiDNS: Leveraging

be going very much in the opposite direction: since the OCSP protocol is inherently non-scalable, a recent performance “enhancement” was to remove protection against man-in-the-middle attacks (an issue that’s covered in more detail in “Online Revocation Authorities” on page 685), making it possible for a server (or an attacker

have to obtain the user’s First Virtual credentials, use them to change the contact details that are used to confirm the purchase, perform a man-in-the-middle attack to obtain the current VPIN, and then wait for the confirmation request to arrive at the newly-changed contact location) but now the

(In practice it’s not even as complicated as this. Because users have no idea what the expected behaviour is supposed to be a standard man-in-the-middle attack with a spoofed network error or timeout or something similar presented to the user while the attacker clears out the account will work just

for the wrong account. This practice, which is covered in a “Password Manager Browser Plugins” on page 781, is being actively exploited by phishers in man-in-the-middle attacks and to harvest passwords for multiple accounts in a single attack. The characteristic disabling of echo in text-mode password entry can even be

the user’s data from an existing account can just proxy the authentication to the old provider that currently has it, mounting a user-approved man-in-the-middle attack in order to obtain the desired information. Alternatively, users will simply exercise their right not to use the service and go elsewhere to one

current password with a new one without leaking any password details to an outsider (including the remote system, if it’s an attacker performing a man-in-the-middle attack) [344]. Passwords on the Client The most effective client-side password management technique that the typical computer user can employ is to write them

public key to the other side over the encrypted link (with optional embellishments such as “Read it backwards in a John Cleese accent”) [595]. A man-in-the-middle (MITM) attack on this technique would require breaking into the call in real-time and imitating the voice of the caller. Similarly, SSH generally avoids any

html. [135] “Trustwave admits crafting SSL snooping certificate”, John Leyden, 8 February 2012, http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert. [136] “Trustwave admits issuing man-in-the-middle digital certificate; Mozilla debates punishment”, Lucian Constantin, 8 February 2012, http://www.computerworld.com/s/article/9224082/Trustwave_admits_i ssuing

HTTPS traffic from their phone”, Gaurang Pandya, 9 January 2013, http://gaurangkp.wordpress.com/2013/01/09/nokiahttps-mitm. [471] “Nokia Admits Decrypting User Data But Denies Man-in-the-Middle Attacks”, Tom Brewster, Tech Week Europe, 10 January 2013, http://www.techweekeurope.co.uk/news/nokia-decrypting-trafficman-in-the-middle-attacks-103799. [

was the third most popular banking target (ranking just behind HSBC for this particular botnet) and SiteKey specifically was the single most popular target for man-in-the-middle attacks [97] (the bank later added a genuine two-factor authentication system called SafePass that used SMS messaging to send out one-time authenticators,

machines this result shouldn’t be too surprising, but geeks can take some convincing of this fact. Other attacks on site images include a standard man-in-the-middle attack (which is quite simple to perform, despite claims from the marketing manager of the service that it’s impossible) [103], or just displaying

a random image from the selection provided by the bank. The ease of performing a man-in-the-middle attack has already been demonstrated by a video made by a group of students who carried out such an attack [104], and although the effectiveness

Hands-On RESTful API Design Patterns and Best Practices

by Harihara Subramanian  · 31 Jan 2019  · 422pp  · 86,414 words

Cross-site request forgery Denial-of-service attack Distributed denial of service Injection attacks Insecure direct object references Missing function-level access control Man-in-the-middle attacks Common types of MITM attacks and protection measures Replay attacks and spoofing Causes of vulnerabilities API design and development flaws Poor system configuration Human error Internal and

be secured through the SSL/TLS mechanism. Microservices and API gateways are, therefore, mandated to be SSL/TLS-compliant. Such a setup easily safeguards against man-in-the-middle attacks. Also, the widely used message and data encryption method secures against peeking at and tampering with service messages and data. Apart from other functionalities

, schematic, fast to develop, and quick to deploy. This naturally brings challenges in terms of ensuring that implementations are secured from various threats, such as man-in-the-middle-attacks (MITM), a lack of XML encryptions, insecure endpoints, and API URL parameters. REST APIs have similar vulnerabilities as web applications; we will present the most

scenarios—whether the user can directly browse a resource, and whether the UI accessing the API resources expose an unauthorized resource to that UI. Man-in-the-middle attacks An MITM attack is an attack by a perpetrator who has placed themself in the middle of a network or communication between a genuine user and

The Best of 2600: A Hacker Odyssey

by Emmanuel Goldstein  · 28 Jul 2008  · 889pp  · 433,897 words

uberpenguin If you are reading this magazine, it is probably safe to assume you are familiar with the concept of a man-in-the-middle attack (which from here will be referred to as MITM for brevity) as it pertains to networking resources. In this article I hope to point out how this old and

sharing RFC822 electronic, 152–153 UUCP network, 149, 152 Mailnet, 149–151 mains powered transmitters, 354 malls, hackers in, 512–514 Manhattan Project, 5–7 man-in-the-middle attacks (MITMs), WiFi, 744–746 manuals, exploring cell phones, 425 MapQuest, 638 Marine law enforcement agencies, 620–623 marine telephone fraud, 423–424 Market Navigation, 81

using, 103 miniature tape recorders, 361–362 MINIX operating system, 392–396 Miramax, Takedown screenplay, 249–256 MISSI (Multilevel Information Systems Security Initiative), 310–312 MITMs (man-in-the-middle attacks), WiFi, 744–746 Mitnick, Kevin conditional freedom of, 564, 586–587 on doing time, 586 facts in, 523 false charges against, 528–529 forced

PostgreSQL 9 Admin Cookbook: Over 80 Recipes to Help You Run an Efficient PostgreSQL 9. 0 Database

by Simon Riggs and Hannu Krosing  · 23 Oct 2010  · 360pp  · 96,275 words

overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. The MITM in the preceding table means Man-In-The-Middle attack, that is, someone posing as your server, but actually just observing and forwarding the traffic. Checking server authenticity The last two

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman and Robert G. Byrnes  · 8 Jun 2003

your web browser) will ask if you would like to trust this certificate in the future. Self-signing is convenient but runs the risk of man-in-the-middle attacks on the first connection, before the client trusts the certificate. A more secure method is to pre-install this certificate on the client machine

independent Strong session protection Weak session protection Strong authentication Protects all Protects password, but session is still vulnerable to eavesdropping, corruption, hijacking, server spoofing, or man-in-the-middle attack Weak authentication Protects all No protection: avoid this combination 8.9.3 Discussion Many mail clients can run POP or IMAP over SSL to

are distributed with every Red Hat system: they are public knowledge. If you deploy a service using default, dummy keys, you are vulnerable to a man-in-the-middle (MITM) attack, in which the attacker impersonates your system using the well-known dummy private keys. Furthermore, the name in the certificate does not match your

"always," mutt will store the certificate in ~/.mutt/certificates and accept it automatically from then on. Be cautious before doing this, however: it allows a man-in-the-middle attack on the first connection. A far better solution is to add the appropriate, trusted issuer certificates to cert.pem. 8.12.4 See Also

with -v as for mailsnarf or filesnarf. A few other programs are provided with dsniff as a proof of concept for attacks on switched networks, man-in-the-middle attacks, and slowing or killing TCP connections. Some of these programs can be quite disruptive, especially if used incorrectly, so we don't recommend trying

-NIDS attacks buffer overflow detection with ngrep indications from system daemon messages dictionary attacks on terminals dsniff, using to simulate inactive accounts still enabled, using man-in-the-middle (MITM) risk with self-signed certificates services deployed with dummy keys operating system vulnerability to forged connections setuid root program hidden in filesystems on specific protocols

erasure official web site using with GnuPG mailpgp (script for encrypting/sending email) mailsnarf command -v option, capturing only unencrypted messages malicious program, /tmp/ls man-in-the-middle (MITM) attacks dsniff, proof of concept with self-signed certificates, risk of services deployed with dummy keys manual integrity checks mask format, CIDR Massachusetts Institute of

MD5 checksum verifying for RPM-installed files merging system log files MH (mail handler) mirroring a set of files securely between machines MIT Kerberos MITM [See man-in-the-middle attacks] modules PAM CrackLib listfile 2nd pam_stack Perl Sys::Lastlog and Sys::Utmp Sys::Syslog XML::Simple monitoring systems for suspicious activity account use

devices security policies [See policies] security tests [See monitoring systems for suspicious activity] security tools (Insecure.org) self-signed certificates creating generating X.509 certificate man-in-the-middle attacks, risk of setting up your own CA to issue certificates sending-filters for email (PinePGP) sendmail accepting mail from other hosts authentication mechanisms accepted

Python Web Penetration Testing Cookbook

by Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May and Dave Mound  · 28 Jun 2015  · 224pp  · 45,431 words

Service Design Patterns: Fundamental Design Solutions for SOAP/WSDL and RESTful Web Services

by Robert Daigneau  · 14 Sep 2011

immediately reads the data on customer C again, it may appear as though their update was lost because they now see client B’s updates. Man-in-the-Middle Attack (MITM)—Occurs when a third party intercepts communications between a client and service. In the case of web services, the malicious party co-opts the

, 201–303. See also Service Interceptor Long-running processes, 188. See also Workflow Connector Loose coupling, 9–10 Lost Update Problem, 49, 286 M Man-in-the-Middle Attack (MITM), 286 Mapper [POEAA], 272. See also Request Mapper; Response Mapper Marshal. See Serializing data Media preferences. See Media Type Negotiation Media Type Negotiation content negotiation

routing, 222 workflow management, 224–225 Microformat, definition, 286 MIDL (Microsoft Interface Definition Library), 287 MIME (Multipurpose Internet Mail Extensions), 287. See also Media type MITM (Man-in-the-Middle Attack), 286 MOM (Message-Oriented Middleware), web service alternative, 8–9 MSMQ (Microsoft Message Queuing), 287 MTOM (Message Transmission Optimization Mechanism), 286 MVC pattern. See

The Blockchain Alternative: Rethinking Macroeconomic Policy and Economic Theory

by Kariappa Bheemaiah  · 26 Feb 2017  · 492pp  · 118,882 words

identification number (SIN) that is a hash of the public key, it allows for password-less authentication across web services. It uses signage to prevent man-in-the-middle (MITM) attacks, and a nonce to prevent replay attacks (Raval, 2016). The private key is never revealed to the server and can be stored safely and

cellular automata (CA) equilibrium business-cycle models genetic algorithm (GA) neural networks rational expectations structural models traditional structural models vector autoregression (VAR) models Macroeconomic theories Man-in-the-middle (MITM) Marketing money cashless system crime and taxation economy IRS money Seigniorage tax evasion Mathematical game theory McFadden Act Mincome, Canada Minority Game (MG) Money anddebt

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

by Bruce Schneier  · 3 Sep 2018  · 448pp  · 117,325 words

. As bad as software vulnerabilities are, the most common way hackers break into networks is by abusing the authentication process. They steal passwords, set up man-in-the-middle attacks to piggyback on legitimate log-ins, or masquerade as authorized users. Credential stealing doesn’t require finding a zero-day or an unpatched vulnerability

user sees on the screen and sends to the bank in order to change, for example, the destination of bank transfers. This is called a man-in-the-middle attack, and it works even if the bank has instituted two-factor authentication. To defend against such attacks, one can monitor the system looking for

the underlying Internet communications protocols. Most of the traffic between your computer and the Internet is unencrypted, and what is encrypted is often vulnerable to man-in-the-middle attacks because of insecurities in both the Internet protocols and the encryption protocols that protect it. We know from the Snowden documents that the NSA

, https://www.nytimes.com/2017/08/21/business/dealbook/phone-hack-bitcoin-virtual-currency.html. 49This is called a man-in-the-middle attack: Rapid7 (9 Aug 2017), “Man-in-the-middle (MITM) attacks,” Rapid7 Fundamentals, https://www.rapid7.com/fundamentals/man-in-the-middle-attacks. 49A credit card issuer might flag: Gartner (accessed 24 Apr 2018), “Reviews for online fraud detection,” https

, 198 machine learning, 7, 82–87 adversarial, 84 algorithms beyond human comprehension, 111–12 autonomous, 82–83, 85 Maersk, 71, 94 malware, 26, 30, 196 man-in-the-middle attacks, 49, 169 market economics, and competition, 6 mass shootings, 202 May, Theresa, 197 McConnell, Mike, 198 McVeigh, Timothy, 202 medical devices: bugs in, 41

Hacking Exposed: Network Security Secrets and Solutions

by Stuart McClure, Joel Scambray and George Kurtz  · 15 Feb 2001  · 260pp  · 40,943 words

to evil.ip.address using the standard NTLM challenge-response mechanism. This mechanism, as we saw in Chapter 5, can be vulnerable to eavesdropping and man-in-the-middle (MITM) attacks that reveal the victim’s username and password. This attack affects a multitude of HTML parsers and does not rely on any form of

assumes the continued restricted availability of programs that will extract hashes from NTLMv2 challenge-response traffic.) Rogue server and man-in-the-middle (MITM) attacks against NTLMv2 authentication are still feasible, assuming that the rogue/MITM server can negotiate the NTMv2 dialect with the server on behalf of the client. IRC HACKING Internet Relay Chat (IRC

On the Road to Kandahar: Travels Through Conflict in the Islamic World

by Jason Burke  · 21 May 2025  · 323pp  · 108,377 words

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

by Kevin Mitnick, Mikko Hypponen and Robert Vamosi  · 14 Feb 2017  · 305pp  · 93,091 words

Multitool Linux: Practical Uses for Open Source Software

by Michael Schwarz, Jeremy Anderson and Peter Curtis  · 7 May 2002

Money in the Metaverse: Digital Assets, Online Identities, Spatial Computing and Why Virtual Worlds Mean Real Business

by David G. W. Birch and Victoria Richardson  · 28 Apr 2024  · 249pp  · 74,201 words

Extremely Hardcore: Inside Elon Musk's Twitter

by Zoë Schiffer  · 13 Feb 2024  · 343pp  · 92,693 words

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece

by Ron Jeffries  · 14 Aug 2015  · 444pp  · 118,393 words

Eloquent JavaScript: A Modern Introduction to Programming

by Marijn Haverbeke  · 15 Nov 2018  · 560pp  · 135,629 words

Chaos Engineering: System Resiliency in Practice

by Casey Rosenthal and Nora Jones  · 27 Apr 2020  · 419pp  · 102,488 words

Mastering Blockchain, Second Edition

by Imran Bashir  · 28 Mar 2018

Getting Started With OAuth 2.0

by Ryan Boyd  · 29 Feb 2012  · 91pp  · 18,831 words

Why geography matters: three challenges facing America : climate change, the rise of China, and global terrorism

by Harm J. De Blij  · 15 Nov 2007  · 481pp  · 121,300 words

Boeing Versus Airbus: The Inside Story of the Greatest International Competition in Business

by John Newhouse  · 16 Jan 2007  · 278pp  · 83,504 words

The Architecture of Open Source Applications

by Amy Brown and Greg Wilson  · 24 May 2011  · 834pp  · 180,700 words

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski and Adam Stubblefield  · 29 Mar 2020  · 1,380pp  · 190,710 words

The Children of the Sky

by Vernor Vinge  · 11 Oct 2011  · 746pp  · 221,583 words

An Elegant Puzzle: Systems of Engineering Management

by Will Larson  · 19 May 2019  · 227pp  · 63,186 words

Mastering Blockchain: Unlocking the Power of Cryptocurrencies and Smart Contracts

by Lorne Lantz and Daniel Cawrey  · 8 Dec 2020  · 434pp  · 77,974 words

Principles of Protocol Design

by Robin Sharp  · 13 Feb 2008

API Marketplace Engineering: Design, Build, and Run a Platform for External Developers

by Rennay Dorasamy  · 2 Dec 2021  · 328pp  · 77,877 words

Information Doesn't Want to Be Free: Laws for the Internet Age

by Cory Doctorow, Amanda Palmer and Neil Gaiman  · 18 Nov 2014  · 170pp  · 51,205 words

Bitcoin for the Befuddled

by Conrad Barski  · 13 Nov 2014  · 273pp  · 72,024 words

Six Degrees: The Science of a Connected Age

by Duncan J. Watts  · 1 Feb 2003  · 379pp  · 113,656 words

Ansible for DevOps: Server and Configuration Management for Humans

by Jeff Geerling  · 9 Oct 2015  · 313pp  · 75,583 words

Black Code: Inside the Battle for Cyberspace

by Ronald J. Deibert  · 13 May 2013  · 317pp  · 98,745 words

Building Microservices

by Sam Newman  · 25 Dec 2014  · 540pp  · 103,101 words

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

by Ben Buchanan  · 25 Feb 2020  · 443pp  · 116,832 words

Django Book

by Matt Behrens  · 24 Jan 2015

Who Stole the American Dream?

by Hedrick Smith  · 10 Sep 2012  · 598pp  · 172,137 words

A New History of the Future in 100 Objects: A Fiction

by Adrian Hon  · 5 Oct 2020  · 340pp  · 101,675 words

The Next Shift: The Fall of Industry and the Rise of Health Care in Rust Belt America

by Gabriel Winant  · 23 Mar 2021  · 563pp  · 136,190 words

Smart Grid Standards

by Takuro Sato  · 17 Nov 2015

Digital Bank: Strategies for Launching or Becoming a Digital Bank

by Chris Skinner  · 27 Aug 2013  · 329pp  · 95,309 words

Consent of the Networked: The Worldwide Struggle for Internet Freedom

by Rebecca MacKinnon  · 31 Jan 2012  · 390pp  · 96,624 words

Beautiful security

by Andy Oram and John Viega  · 15 Dec 2009  · 302pp  · 82,233 words

The New Digital Age: Transforming Nations, Businesses, and Our Lives

by Eric Schmidt and Jared Cohen  · 22 Apr 2013  · 525pp  · 116,295 words

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

by Kim Zetter  · 11 Nov 2014  · 492pp  · 153,565 words

Oil: Money, Politics, and Power in the 21st Century

by Tom Bower  · 1 Jan 2009  · 554pp  · 168,114 words

Culture & Empire: Digital Revolution

by Pieter Hintjens  · 11 Mar 2013  · 349pp  · 114,038 words

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

by Richard A. Clarke and Robert K. Knake  · 15 Jul 2019  · 409pp  · 112,055 words

Enshittification: Why Everything Suddenly Got Worse and What to Do About It

by Cory Doctorow  · 6 Oct 2025  · 313pp  · 94,415 words

Blood and Oil: Mohammed Bin Salman's Ruthless Quest for Global Power

by Bradley Hope and Justin Scheck  · 14 Sep 2020  · 339pp  · 103,546 words

What We Cannot Know: Explorations at the Edge of Knowledge

by Marcus Du Sautoy  · 18 May 2016

The Generals: American Military Command From World War II to Today

by Thomas E. Ricks  · 14 Oct 2012  · 812pp  · 180,057 words

America in the World: A History of U.S. Diplomacy and Foreign Policy

by Robert B. Zoellick  · 3 Aug 2020

The Upswing: How America Came Together a Century Ago and How We Can Do It Again

by Robert D. Putnam  · 12 Oct 2020  · 678pp  · 160,676 words

Reaganland: America's Right Turn 1976-1980

by Rick Perlstein  · 17 Aug 2020

Rainbows End

by Vernor Vinge  · 1 May 2006

The system of the world

by Neal Stephenson  · 21 Sep 2004  · 1,199pp  · 384,780 words

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words

DarkMarket: Cyberthieves, Cybercops and You

by Misha Glenny  · 3 Oct 2011  · 274pp  · 85,557 words

Accelerando

by Stross, Charles  · 22 Jan 2005  · 489pp  · 148,885 words

Wireless

by Charles Stross  · 7 Jul 2009

I Hate the Internet: A Novel

by Jarett Kobek  · 3 Nov 2016  · 302pp  · 74,350 words

Applied Cryptography: Protocols, Algorithms, and Source Code in C

by Bruce Schneier  · 10 Nov 1993

Only Americans Burn in Hell

by Jarett Kobek  · 10 Apr 2019  · 338pp  · 74,302 words

Ansible: Up and Running: Automating Configuration Management and Deployment the Easy Way

by Lorin Hochstein  · 8 Dec 2014  · 761pp  · 80,914 words

A Peace to End All Peace: The Fall of the Ottoman Empire and the Creation of the Modern Middle East

by David Fromkin  · 2 Jan 1989  · 681pp  · 214,967 words

The Oil Kings: How the U.S., Iran, and Saudi Arabia Changed the Balance of Power in the Middle East

by Andrew Scott Cooper  · 8 Aug 2011

Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley

by Antonio Garcia Martinez  · 27 Jun 2016  · 559pp  · 155,372 words

The One Device: The Secret History of the iPhone

by Brian Merchant  · 19 Jun 2017  · 416pp  · 129,308 words

Fuller Memorandum

by Stross, Charles  · 14 Jan 2010  · 366pp  · 107,145 words

Atrocity Archives

by Stross, Charles  · 13 Jan 2004  · 404pp  · 113,514 words

Jennifer Morgue

by Stross, Charles  · 12 Jan 2006

Red Plenty

by Francis Spufford  · 1 Jan 2007  · 544pp  · 168,076 words

How to Build a Billion Dollar App: Discover the Secrets of the Most Successful Entrepreneurs of Our Time

by George Berkowski  · 3 Sep 2014  · 468pp  · 124,573 words

Little Brother

by Cory Doctorow  · 29 Apr 2008  · 398pp  · 120,801 words

Hard Times: The Divisive Toll of the Economic Slump

by Tom Clark and Anthony Heath  · 23 Jun 2014  · 401pp  · 112,784 words

Werner Herzog - a Guide for the Perplexed: Conversations With Paul Cronin

by Paul Cronin  · 4 Aug 2014  · 807pp  · 225,326 words

A History of Zionism

by Walter Laqueur  · 1 Jan 1972  · 965pp  · 267,053 words

1968: The Year That Rocked the World

by Mark Kurlansky  · 30 Dec 2003  · 538pp  · 164,533 words

George Marshall: Defender of the Republic

by David L. Roll  · 8 Jul 2019

Look Homeward, Angel

by Thomas Wolfe  · 9 Oct 2006  · 747pp  · 218,317 words

The Forever War

by Dexter Filkins  · 15 Sep 2008  · 385pp  · 115,697 words

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

by Dafydd Stuttard and Marcus Pinto  · 30 Sep 2007  · 1,302pp  · 289,469 words

Dhalgren

by Samuel R. Delany  · 31 Dec 1973  · 1,212pp  · 312,349 words

The Accidental Empire: Israel and the Birth of the Settlements, 1967-1977

by Gershom Gorenberg  · 1 Jan 2006  · 600pp  · 165,682 words

Reamde

by Neal Stephenson  · 19 Sep 2011  · 1,318pp  · 403,894 words

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

by Justin Schuh  · 20 Nov 2006  · 2,054pp  · 359,149 words

The Long Game: China's Grand Strategy to Displace American Order

by Rush Doshi  · 24 Jun 2021  · 816pp  · 191,889 words

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

by David E. Sanger  · 18 Jun 2018  · 394pp  · 117,982 words

Likewar: The Weaponization of Social Media

by Peter Warren Singer and Emerson T. Brooking  · 15 Mar 2018

Mr Five Per Cent: The Many Lives of Calouste Gulbenkian, the World's Richest Man

by Jonathan Conlin  · 3 Jan 2019  · 604pp  · 165,488 words

Bosnia and Herzegovina

by Tim. Clancy  · 15 Mar 2022  · 716pp  · 209,067 words

Age of Greed: The Triumph of Finance and the Decline of America, 1970 to the Present

by Jeff Madrick  · 11 Jun 2012  · 840pp  · 202,245 words

The Wealth and Poverty of Nations: Why Some Are So Rich and Some So Poor

by David S. Landes  · 14 Sep 1999  · 1,060pp  · 265,296 words

Secrets and Lies: Digital Security in a Networked World

by Bruce Schneier  · 1 Jan 2000  · 470pp  · 144,455 words

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

by Parmy Olson  · 5 Jun 2012  · 478pp  · 149,810 words

The Burning Land

by George Alagiah  · 28 Aug 2019  · 299pp  · 87,059 words

Fearsome Particles

by Trevor Cole  · 2 Jan 2006

Python Requests Essentials

by Rakesh Vidya Chandra and Bala Subrahmanyam Varanasi  · 16 Jun 2015  · 134pp  · 29,488 words

Back to School: Why Everyone Deserves a Second Chance at Education

by Mike Rose  · 17 Sep 2012  · 225pp  · 55,458 words

The Coke Machine: The Dirty Truth Behind the World's Favorite Soft Drink

by Michael Blanding  · 14 Jun 2010  · 385pp  · 133,839 words

The Stack: On Software and Sovereignty

by Benjamin H. Bratton  · 19 Feb 2016  · 903pp  · 235,753 words

Arabian Sands

by Wilfred Thesiger  · 15 Sep 1959  · 403pp  · 138,026 words

Demanding the Impossible: A History of Anarchism

by Peter Marshall  · 2 Jan 1992  · 1,327pp  · 360,897 words

Days of Fire: Bush and Cheney in the White House

by Peter Baker  · 21 Oct 2013

The Collected Stories of Vernor Vinge

by Vernor Vinge  · 30 Sep 2001  · 659pp  · 203,574 words

Cyber War: The Next Threat to National Security and What to Do About It

by Richard A. Clarke and Robert Knake  · 15 Dec 2010  · 282pp  · 92,998 words

The Snowden Files: The Inside Story of the World's Most Wanted Man

by Luke Harding  · 7 Feb 2014  · 266pp  · 80,018 words

We Are Never Meeting in Real Life

by Samantha Irby  · 14 Apr 2017  · 234pp  · 84,737 words

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

by Marc Goodman  · 24 Feb 2015  · 677pp  · 206,548 words

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age

by Steven Levy  · 15 Jan 2002  · 468pp  · 137,055 words

Facebook: The Inside Story

by Steven Levy  · 25 Feb 2020  · 706pp  · 202,591 words

House of God

by Samuel Shem  · 1 Jan 1978  · 436pp  · 131,430 words

The Language Instinct: How the Mind Creates Language

by Steven Pinker  · 1 Jan 1994  · 661pp  · 187,613 words

Reaper Force: The Inside Story of Britain’s Drone Wars

by Dr Peter Lee  · 14 Jul 2019

Wait: The Art and Science of Delay

by Frank Partnoy  · 15 Jan 2012  · 342pp  · 94,762 words

Freezing Order: A True Story of Money Laundering, Murder, and Surviving Vladimir Putin's Wrath

by Bill Browder  · 11 Apr 2022  · 335pp  · 100,154 words

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

by Michal Zalewski  · 4 Apr 2005  · 412pp  · 104,864 words

Rebel Code: Linux and the Open Source Revolution

by Glyn Moody  · 14 Jul 2002  · 483pp  · 145,225 words

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

by Kevin Mitnick  · 14 Aug 2011

Rope: How a Bundle of Twisted Fibers Became the Backbone of Civilization

by Tim Queeney  · 11 Aug 2025  · 264pp  · 88,907 words

High Steel: The Daring Men Who Built the World's Greatest Skyline

by Jim Rasenberger  · 15 Mar 2004  · 397pp  · 114,841 words

Zbig: The Life of Zbigniew Brzezinski, America's Great Power Prophet

by Edward Luce  · 13 May 2025  · 612pp  · 235,188 words

Dark Mirror: Edward Snowden and the Surveillance State

by Barton Gellman  · 20 May 2020  · 562pp  · 153,825 words

Sunfall

by Jim Al-Khalili  · 17 Apr 2019  · 381pp  · 120,361 words

The Perfect Storm: A True Story of Men Against the Sea

by Sebastian Junger  · 30 Sep 1999

Ghost Fleet: A Novel of the Next World War

by P. W. Singer and August Cole  · 28 Jun 2015  · 537pp  · 149,628 words

Barefoot Into Cyberspace: Adventures in Search of Techno-Utopia

by Becky Hogge, Damien Morris and Christopher Scally  · 26 Jul 2011  · 171pp  · 54,334 words

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers

by Andy Greenberg  · 12 Sep 2012  · 461pp  · 125,845 words

The Quantum Thief

by Hannu Rajaniemi  · 1 Jan 2010  · 324pp  · 91,653 words

Tools of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers

by Timothy Ferriss  · 6 Dec 2016  · 669pp  · 210,153 words

How Not to Grow Up: A Coming of Age Memoir. Sort Of.

by Richard Herring  · 5 May 2010  · 368pp  · 115,889 words

The Story of Philosophy

by Will Durant  · 23 Jul 2012  · 685pp  · 203,431 words

King Richard: Nixon and Watergate--An American Tragedy

by Michael Dobbs  · 24 May 2021  · 426pp  · 117,722 words

Cybersecurity: What Everyone Needs to Know

by P. W. Singer and Allan Friedman  · 3 Jan 2014  · 587pp  · 117,894 words

Light This Candle: The Life & Times of Alan Shepard--America's First Spaceman

by Neal Thompson  · 2 Jan 2004  · 577pp  · 171,126 words

Moon Shot: The Inside Story of America's Apollo Moon Landings

by Jay Barbree, Howard Benedict, Alan Shepard, Deke Slayton and Neil Armstrong  · 1 Jan 1994  · 469pp  · 124,784 words

The Icon Thief

by Alec Nevala-Lee  · 1 Mar 2012  · 342pp  · 104,315 words

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery

by Raphaal Hertzog and Roland Mas  · 24 Dec 2013  · 678pp  · 159,840 words

Docker in Action

by Jeff Nickoloff and Stephen Kuenzli  · 10 Dec 2019  · 629pp  · 109,663 words

The Minor Adjustment Beauty Salon: No. 1 Ladies' Detective Agency

by Alexander McCall Smith  · 5 Nov 2013

Designing Web APIs: Building APIs That Developers Love

by Brenda Jin, Saurabh Sahni and Amir Shevat  · 28 Aug 2018

Drown

by Junot Diaz  · 27 Jul 1997

Ubuntu 15.04 Server with systemd: Administration and Reference

by Richard Petersen  · 15 May 2015

Node.js in Action

by Mike Cantelon, Marc Harter, Tj Holowaychuk and Nathan Rajlich  · 27 Jul 2013  · 628pp  · 107,927 words