Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
with foreword by Solar Designer of Openwall Project


"Zalewski's new work is a demonstration of how seemingly innocuous observations can lead to security vulnerabilities. [He] works like a detective, piecing together basic facts and evidence, until at last, in a moment of understanding, you find out why your PRNG may help disclose your keystrokes, or how someone can tell what OS you run by looking at your packets." - Elias Levy (Aleph One), Symantec

"Zalewski is a rare gem of a person, pursuing pure discovery and investigation, and artfully combines this with his intelligence.." - Jose Nazario, Arbor Networks

"Zalewski has taken a powerful, low-level approach to information security. He covers many issues not discussed before in so comprehensive a volume, including the inner workings of computers, electronic emissions, and concepts of passive data collection." - Lance Spitzner, Honeynet


Note: Silence on the Wire is a book I published in 2005. I set up this page to advertise it back then, and have kept the text largely intact.

If you made it to this page, you probably know who I am - but if not, not all is lost. I am a young guy from Poland; amongst other things, I am a computer security enthusiast, a homebrew photographer, and an occasional coder. I managed to do some cool and presumably smart stuff, some of which you can read about on my homepage. For my security research, I am fairly well known among a good number of my peers.

Silence on the Wire is a narrated guide through the marvelously complex and fascinating world of computer and networking security. The book offers an in-depth dissection of some of the most interesting, beautiful, and unique security and privacy problems that I have stumbled upon and explored to date.

SotW is not a reference book, not an almanac of known vulnerabilities, and is not a guide to securing your enterprise over the weekend. Its goal is to challenge, offer insight, and provoke exploration of uncharted cyber-lands; I hope it also manages to convey a good deal of solid, practical knowledge of use to all readers.

I believe that SotW has something novel and noteworthy to say, although I am not to judge. If you aren't bored to death just yet, you might want to read a sample chapter and see table of contents, over at my publisher's webpage.

NOTE: Polish translation of the book is just out. If you are interested in it instead of the original version, click here to read more, see a sample chapter, or order on-line. Italian version is also out; German, Chinese, French, and Russian translations are also available somewhere.

Excerpts are also available through Computerworld. Other than the endorsements above, and a page set up by the fine folks at Openwall, here is a non-discriminatory list of reasonably reputable reviews I am aware of:

    FAVORABLE REVIEWS:

  • Srijith Krishnan Nair of ACM Reviews.com liked the book: "Zalewski's book should be read by anyone interested in computer security. It presents a unique view of how a hacker.s mind works; how he or she puts together pieces of a puzzle; how innocent bits of information reveal valuable information when considered as a whole; and how unrelated technologies and protocol designs may be secure in an isolated environment, but can turn out to be a different ballgame altogether when they interact with each other."

  • Robert Bruen of IEEE gives SotW a great review: "Silence on the Wire is an unusual and greatly interesting security book. Though written in a narrative form, unlike other security books, it does not fit into the category of Kevin Mitnick (The Art of Deception and The Art of Intrusion) and Ira Winkler (Spies Among Us). The discovery of a technical book in this style is cool."

  • Gregory V. Wilson of Dr. Dobb's Journal gives us thumbs up and calls the book thought-provoking: "While some of these [attack opportunities] may seem too esoteric to be practically useful, when taken together, they paint a sobering picture of just how hard it is to ensure any kind of privacy in the electronic age."

  • Mathias Thurman of Computerworld writes (in a short review): "When I first flipped open this book, I was intimidated by the author's use of a somewhat complex mathematical equation to determine the type of browser used to send IP packets. But I became fascinated by his approach to network security from a reconnaissance point of view [...] Zalewski's explanations make it clear that he's tops in the industry."

  • Sandra Henry-Stocker of IT World votes in favor of SotW: "What makes this book a must-read for sysadmins are the clear explanations and practical insights into the technologies that we manage. What makes it a joy to read are the author's appealing humility, sense of humor and vast knowledge. If you want to understand the stealthier side of hacking, this book is for you. Whether you are a seasoned systems administrator, a security specialist, a rank beginner or a high-level manager, this book is likely to open your eyes to issues you've never considered; you may never look at your computers in quite the same way."

  • Frederick Wamsley reviews it for Technocrat.net and concludes: "You'll have fun with this book. You'll also get scared and conclude that information security is impossible."

  • Richard Bejtlich of TaoSecurity points out some minor flaws, but sums it up with a praise: "Don't get me wrong; SOTW is one of the most innovative and original computing books available."

  • Matthew Schwartz of Enterprise Systems Journal praises SotW, too: "That do-it-yourself ethos pervades the book, and while it might seem like Zalewski is detailing outlandish threats, in fact this broad mindset can uncover major security flaws.but not where you.d think to look."

  • Frank Pohlmann of Linux User & Developer magazine (paperback) is happy with it: "...And rather than dryly detailing exploits, author Michal Zalewski shares his compelling skillset and readily communicates a Sherlock-like delight in his subject matter. In his hands computer and networked security issues become as thrilling and in the end as pleasing as any shorter work of Conan Doyles. Indeed, material is both highly readable and intriguingly photogenic."

  • Ben Rothke of ThruPoint (and an acclaimed author) writes: "Silence on the Wire makes you think about serious security problems that you never thought of before, or were even aware existed. Read it and get ready to be humbled."

  • Mike Riley of ASP.NET PRO says: "On rare occasions, a computer book breaks away from the safe harbor of rehashed subject matter. Instead of writing about the same mainstream topics that countless other professionals have revisited and revised, author Michal Zalewski, a self-taught security researcher, provides an out-of-the-box, thought-provoking book that escapes the everyday standard security practice discussions of firewalls and social engineering."

  • Mitch Tulloch of Windows Security (an author of several noted Windows books) provides a mini-review of SotW: "The main audience of appeal is probably security thinkers, tinkerers, enthusiasts, even academic historians of the information age. [...] I could also see this being an excellent supplementary text for a university-level course in information security. Bottom line: strongly recommended for those who like to think about network security."

  • Corey Nachreiner of WatchGuard, Inc. enjoyed it, too: "If you're a security professional or a self-described geek who loves to learn new things and prefers taking the long route home just to enjoy the scenery, Silence on the Wire provides great mental stimulation while offering a rare glimpse into the thought process of a good old-fashioned classic hacker."

  • INSECURE Magazine #3 mentions SotW: "The amount of detail is stunning for such a small volume and the examples are amazing. Many have praised this book for bringing innovative thinking into the world of security."

  • Frederick Wamsley, Internet veteran, writes: "It is possible that Zalewski's work overlaps with what the military calls "MASINT", Measurement and Signature Intelligence. Unclassified information is sparse but suggests that MASINT studies out-of-band characteristics of an opponent's activities which the opponent doesn't take the trouble to mask."

  • Tom Bradley of netsecurity.about.com likes SotW: "Excellent! [...] The book is called a "Field Guide" in the subtitle and it reads more or less like one. It provides the information and details you need in the trenches to wage an effective war against information insecurity. This is one that I would dub a "must read" for anyone working directly with network security."

  • Stephen Northcutt of SANS has this to say: "If you work in information warfare, this should be mandatory reading! If you are responsible for very high value targets like Walmart's dataprocessing, or Intel's or Citibank's it is imperative that you read Zalewski's work page by page."

  • Dr. Wes Boudville of Caltech (and Amazon's #19) simply states: "Makes you ponder."

  • John Matlock (Amazon's #9) writes: "Not for beginners, this is a thoughtful, clever analysis of how things work. If you're a security type, you don't want to miss this one."

  • Thomas Duff (Amazon's #111) says: "Just when you thought you had a decent handle on how to protect yourself on-line, out comes a book that exposes a whole new series of exploits you probably haven't thought about..."

  • Tony Lawrence seems to like SotW: "The really odd thing about this book is that there's so much packed into less than three hundred pages. It's like eating a handful of popcorn and feeling like you just had a big holiday dinner - it's extremely filling."

  • SANS NewsBites makes an exception to recommend SotW: "We rarely do book reviews, but this is an extraordinary collection of information on passive reconnaissance and the publisher is fairly unknown, so if we didn't bring "Silence on the wire" to your attention it might get missed."

  • macCompanion's Robert Pritchett says: "This is a fun book to read because it isn't a trainer or How-To book. It is an 'Oh by the way' notification kind of book that points out where the electronic dust bunnies are hiding under the computer bed. I bookmarked the heck out of SotW, and you will too."

  • Flavio Villanustre writes in his blog: "Most of the described vulnerabilities are, in fact, elegant security puzzles (and many of them still unresolved) that will surely stimulate the readers. mind beyond the limits of the book itself."

  • Travis H., a NetBSD contributor, recommends it: "The best (most unique, most interesting) security book I've read, period. [...] I do network security for a living, am a privacy fanatic, and figured I'd learn a few new things. I was overwhelmed by the amount of new information I learned. Reading this book was a humbling yet exhilirating experience."

  • Lastly, Tracy Reed, a pilot geek of warflying fame, makes a manly admission: "This is the only real computer security book I own. Most other books just seem too cheesy or unoriginal or out of date to bother with."

    MIXED REVIEWS:

  • Cameron Sturdevant of eWeek is not convinced the book is of any importance to management audiences: "Zalewski [...] provides flashes of insight into the method of attacks, often illustrating his points with fascinating anecdotes. However, his wit and technical knowledge never quite jell into a book that IT managers must add to their bookshelves."

  • Rob Slade, one of harsher IT reviewers, has mixed feelings, too: "The attacks suggested are interesting thought experiments, but have limited uses either in attack or defence. As "Trivial Pursuit" (meaning the game of oddball facts) for the tech crowd it's great, but the author never intended the text to be a vulnerability warning."

  • Elizabeth Zwicky of ;login likes SotW, but has some reservations: "If you are a 'hacker' type in the old sense of the word, fond of taking things apart to see how they work, and you have any interest in security, you will probably find significant portions of this book intriguing. Try not to be turned off by the initial chapters, which unfortunately are the weakest."

    NEGATIVE REVIEWS:

  • Oddly enough, I have not heard of any just yet.

If you liked it, you can purchase the book through O'Reilly, on Amazon, from Barnes and Noble, at ThinkGeek - or at your friendly local bookseller. No Starch offers a downloadable eBook. List price for paperback is $39.95 (US).


Michal Zalewski, "Silence on the Wire", No Starch Press (2005), ISBN 1593270461
You are a visitor number 16032985.