Note: Silence on the Wire is a book I published in 2005. I set up this
page to advertise it back then, and have kept the text largely intact.
If you made it to this page, you probably know who I am - but if not, not all is lost.
I am a young guy from Poland; amongst other things, I am a computer security
a homebrew photographer, and an occasional
coder. I managed to do some cool and presumably smart stuff, some of which
you can read about on my homepage. For my security research, I am
fairly well known among a good number of my peers.
Silence on the Wire is a narrated guide through the marvelously complex
and fascinating world of computer and networking security. The book offers
an in-depth dissection of some of the most interesting, beautiful, and
unique security and privacy problems that I have stumbled upon and explored to date.
SotW is not a reference book, not an almanac of known vulnerabilities,
and is not a guide to securing your enterprise over the weekend. Its
goal is to challenge, offer insight, and provoke exploration of uncharted
cyber-lands; I hope it also manages to convey a good deal of solid, practical knowledge
of use to all readers.
I believe that SotW has something novel and noteworthy to say, although I
am not to judge. If you aren't bored to death just yet, you might want to
read a sample chapter and see table of contents, over at my publisher's webpage.
NOTE: Polish translation of the book is just out. If you are interested in it instead
of the original version, click here
to read more, see a sample chapter, or order on-line. Italian version is also out;
German, Chinese, French, and Russian translations are also available somewhere.
Excerpts are also available through Computerworld. Other than the endorsements above, and a page set up by the fine folks
at Openwall, here is a non-discriminatory list of reasonably reputable reviews I am aware of:
- Srijith Krishnan Nair of ACM Reviews.com liked the book:
"Zalewski's book should be read by anyone interested in computer
security. It presents a unique view of how a hacker.s mind works; how he
or she puts together pieces of a puzzle; how innocent bits of
information reveal valuable information when considered as a whole; and
how unrelated technologies and protocol designs may be secure in an
isolated environment, but can turn out to be a different ballgame
altogether when they interact with each other."
- Robert Bruen of IEEE gives SotW a great review:
"Silence on the Wire is an unusual and greatly interesting security book. Though written in a narrative form, unlike other security books, it does not fit into the category of Kevin Mitnick (The Art of Deception and The Art of Intrusion) and Ira Winkler (Spies Among Us). The discovery of a technical book in this style is cool."
- Gregory V. Wilson of Dr. Dobb's Journal gives us thumbs up and calls the book thought-provoking:
"While some of these [attack opportunities] may seem too esoteric to be practically useful, when taken together, they paint a sobering picture of just how hard it is to ensure any kind of privacy in the electronic age."
- Mathias Thurman of
Computerworld writes (in a short review):
"When I first flipped open this book, I was intimidated by the author's use of a somewhat
complex mathematical equation to determine the type of browser used to send IP packets.
But I became fascinated by his approach to network security from a reconnaissance point of view [...]
Zalewski's explanations make it clear that he's tops in the industry."
- Sandra Henry-Stocker of IT World
votes in favor of SotW:
"What makes this book a must-read for sysadmins are the clear explanations and practical insights into the technologies that we manage. What makes it a joy to read are the author's appealing humility, sense of humor and vast knowledge. If you want to understand the stealthier side of hacking, this book is for you. Whether you are a seasoned systems administrator, a security specialist, a rank beginner or a high-level manager, this book is likely to open your eyes to issues you've never considered; you may never look at your computers in quite the same way."
- Frederick Wamsley reviews it for Technocrat.net and
"You'll have fun with this book. You'll also get scared and conclude that information security is impossible."
- Richard Bejtlich of TaoSecurity points out some minor flaws, but sums it up with a praise:
"Don't get me wrong; SOTW is one of the most innovative and original computing books available."
- Matthew Schwartz of Enterprise Systems Journal praises SotW, too:
"That do-it-yourself ethos pervades the book, and while it might seem like Zalewski is detailing outlandish threats, in fact this broad mindset can uncover major security flaws.but not where you.d think to look."
- Frank Pohlmann of Linux User & Developer magazine (paperback) is happy with it:
"...And rather than dryly detailing exploits, author
Michal Zalewski shares his compelling skillset and readily
communicates a Sherlock-like delight in his subject matter. In
his hands computer and networked security issues become as thrilling and in the
end as pleasing as any shorter work of Conan Doyles. Indeed, material is both
highly readable and intriguingly photogenic."
- Ben Rothke of ThruPoint (and an acclaimed author) writes:
"Silence on the Wire makes you think about serious security problems that you never thought of before, or were even aware existed. Read it and get ready to be humbled."
- Mike Riley of ASP.NET PRO says:
"On rare occasions, a computer book breaks away from the safe harbor of
rehashed subject matter. Instead of writing about the same mainstream
topics that countless other professionals have revisited and revised,
author Michal Zalewski, a self-taught security researcher, provides an
out-of-the-box, thought-provoking book that escapes the everyday
standard security practice discussions of firewalls and social
- Mitch Tulloch of
Windows Security (an author of several noted Windows books) provides a mini-review of SotW:
"The main audience of appeal is probably security thinkers, tinkerers, enthusiasts, even academic historians of the information age. [...]
I could also see this being an excellent supplementary text for a university-level course in information security. Bottom line: strongly recommended for those who like to think about network security."
- Corey Nachreiner of WatchGuard, Inc.
enjoyed it, too:
"If you're a security professional or a self-described geek who loves to learn new things and prefers taking the long route home just to enjoy the scenery, Silence on the Wire provides great mental stimulation while offering a rare glimpse into the thought process of a good old-fashioned classic hacker."
- INSECURE Magazine #3 mentions SotW:
"The amount of detail is stunning for such a small volume and the examples are amazing. Many have praised this book
for bringing innovative thinking into the world of security."
- Frederick Wamsley, Internet veteran, writes:
"It is possible that Zalewski's work overlaps with what the military calls "MASINT", Measurement and Signature Intelligence. Unclassified information is sparse but suggests that MASINT studies out-of-band characteristics of an opponent's activities which the opponent doesn't take the trouble to mask."
- Tom Bradley of netsecurity.about.com
"Excellent! [...] The book is called a "Field Guide" in the subtitle and it reads more or less like one. It provides the information and details you need in the trenches to wage an effective war against information insecurity. This is one that I would dub a "must read" for anyone working directly with network security."
- Stephen Northcutt of SANS has this to say:
"If you work in information warfare, this should be mandatory reading! If you are responsible for very high value targets like Walmart's dataprocessing, or Intel's or Citibank's it is imperative that you read Zalewski's work page by page."
- Dr. Wes Boudville of Caltech (and Amazon's #19) simply states:
"Makes you ponder."
- John Matlock (Amazon's #9) writes:
"Not for beginners, this is a thoughtful, clever analysis of how things work.
If you're a security type, you don't want to miss this one."
- Thomas Duff (Amazon's #111) says:
"Just when you thought you had a decent handle on how to protect yourself on-line, out comes a book that exposes a whole new series of exploits you probably haven't thought about..."
- Tony Lawrence seems to like SotW:
"The really odd thing about this book is that there's so much packed
into less than three hundred pages. It's like eating a handful of
popcorn and feeling like you just had a big holiday dinner - it's
- SANS NewsBites
makes an exception to recommend SotW:
"We rarely do book reviews, but this is an extraordinary collection of information on passive reconnaissance and the publisher is fairly unknown, so if we didn't bring "Silence on the wire" to your attention it might get missed."
- macCompanion's Robert Pritchett says:
"This is a fun book to read because it isn't a trainer or How-To book. It is an 'Oh by the way' notification kind of book that points out where the electronic dust bunnies are hiding under the computer bed. I bookmarked the heck out of SotW, and you will too."
Flavio Villanustre writes in his blog:
"Most of the described vulnerabilities are, in fact, elegant security puzzles (and many of them still unresolved) that will surely stimulate the readers. mind beyond the limits of the book itself."
- Travis H., a NetBSD contributor, recommends it:
"The best (most unique, most interesting) security book I've read, period. [...] I do
network security for a living, am a privacy fanatic, and figured I'd learn
a few new things. I was overwhelmed by the amount of new information I
learned. Reading this book was a humbling yet exhilirating experience."
- Lastly, Tracy Reed, a pilot geek of warflying fame, makes a manly admission:
"This is the only real computer security book I own. Most other books just seem too cheesy or unoriginal or out of date to bother with."
- Cameron Sturdevant of eWeek
is not convinced the book is of any importance to management audiences:
"Zalewski [...] provides flashes of insight into the method of attacks, often illustrating his points with fascinating anecdotes. However, his wit and technical knowledge never quite jell into a book that IT managers must add to their bookshelves."
- Rob Slade, one of harsher IT reviewers, has mixed feelings, too:
"The attacks suggested are interesting thought experiments, but have limited uses either in
attack or defence. As "Trivial Pursuit" (meaning the game of oddball
facts) for the tech crowd it's great, but the author never intended
the text to be a vulnerability warning."
- Elizabeth Zwicky of ;login likes
SotW, but has some reservations:
"If you are a 'hacker' type in the old sense of the word, fond of taking things apart to see how they work,
and you have any interest in security, you will probably find significant portions of this book intriguing.
Try not to be turned off by the initial
chapters, which unfortunately
are the weakest."
- Oddly enough, I have not heard of any just yet.
If you liked it, you can purchase the book through
Barnes and Noble,
at ThinkGeek - or at your friendly local bookseller.
No Starch offers a downloadable eBook.
List price for paperback is $39.95 (US).