Myths of Security

I recently got myself a copy of Myths of Security written by John Viega, and am honestly impressed; so much so that I decided to blog about it. Not that I expected unimpressive work from John, I am just usually unhappy with books unless they break out they assembly and topsy krett 0dayz; although this book isn't super technical, it is definitely awesome. With short, entertaining chapters, John takes a head on approach to addressing the bullshit in the security industry (win!!!) by discussing it with language that is technical enough to be enjoyable by geeks, but non-technical enough to be understood by the masses. This is really a shining point of the book: by speaking to both audiences, he bridges and explains the frustrations from both sides in understandable terms. You can seriously recommend this book to your parents to help them understand why you have screaming fits whenever the local news mentions anything about hacking; he holds no punches calling out any part of the security industry, and the end-users it sells to. He calls out AV, HIPS, HTTPS, and even Apple fan boys (win+1!). After exposing all the snake oil, he then follows through with some sincere, candid suggestions that truly aim to secure users. Overall an awesome book.