Book Review: Silence on the Wire

For Christmas, Valorie got me a copy of Michal Zalewski’s “Silence on the Wire“.  I have a fair amount of respect for Michal as a security researcher, he’s done some realy interesting stuff, so I was looking forward to reading it (I have no idea where Valorie found it, I didn’t even realize the book existed).

“Silence on the Wire” describes itself as “a Field Guide to Passive Reconnaissance and Indirect Attacks” (I know that because it’s on the front cover of the book).  In it, Michal discusses Information Disclosure vulnerabilities and the various ways that information can leak out from a system, even when that system is protected by a firewall.  He also discusses (although not in as much detail) ways that you can mount indirect attacks against a host.


I finished it a while ago, and found it “interesting”.  Overall, it was a reasonably enjoyable read, but I have to be honest and say that I’m not really sure that the book actually met the discription on the cover.  There were also several mysterious (to me) diversions during the course of the book.

For instance, Chapter 2 starts with a huge discussion about how von Neumann computers work, including how memory gates are assembled, etc.  While   The end of the chapter discusses a way of of using detailed timing analysis to as a covert channel to detect information leaking from sensitive calculation.  The hardware discussion was interesting stuff, I’m not sure why it needed to be in a book on passive analysis (and realistically, Charles Petzold did a better job of it in his book “Code“).

There are similar digressions throughout the book (although none as notable as this one).

One of my favorite portions of the book was the one with the pretty pictures ;).  In it he discusses a fascinating analysis of the pseudo random number generator that’s used to generate TCP/IP sequence numbers.  He showed a series of pictures and some analysis for a series of operating systems, ranging from good to not so good.  I do wish he had used more up-to-date operating systems in his analysis, the book was printed in 2005, but he uses examples from Mac OS 9, and Win98 and NT4, and none from Win2K3, or OS X.

Some of my problems with the book are:

While he does a good job pointing out ways information can leak out, he doesn’t really provide ways of mitigating the flaws.  That’s a shame, because it limits the usefulness of the book IMHO. 

In addition, he doesn’t go back and discuss how vendors have responded to vulnerabilities.  A good example of this is his discussion of the GUID.  As originally designed, GUIDs were tied to a particular network adapter, and Michal discusses some of the issues associated with this.  However, starting in Windows 2000, all UUIDs created no longer have this association with the hardware, he never mentions that fact. 

This latter issue means that even if a vendor responded and removed a potential vulnerability, a reader won’t know about it, which is a shame, because it leads the user to believe that there are unaddressed security issues in the vendors product.

Overall, I enjoyed reading the book, I found much of the information presented to be fascinating (and a bit scary).

Comments (5)

  1. Ken Buchanan says:

    I quite enjoyed this book so I feel compelled to defend it.

    You’re reading it as a software developer with a technical book, which I think is why it comes across as strange and inadequate.  I believe it’s intended more as a philosophy book, not a source of technical information.

    I don’t think it’s fair to say Zalewski doesn’t discuss mitigation of these information leaks.  Some of them are architectural problems, or inherent flaws in protocol specifications, so there isn’t a whole lot one can do about it.  But one example of mitigation is the description of how to camouflage the fingerprint of your TCP/IP implementation.

    But that’s not the point, really.  The intent is to make the reader think about unintended consequences of design and implementation decisions, and how they can come together to leak information to passive listeners.  It’s not intended as an exhaustive list of side-channel attacks paired with mitigation techniques.

    It may be of limited use for programmers, who aren’t usually able to influence these types of attacks.  But it should be required reading for security researchers, who have to understand how apparently meaningless, and often unnoticed, bits of information that pervade our systems and networks can be induced into revealing secrets.

    I agree with you that it could have stood as well without the brief technical primers scattered throughout it (the blinkenlights chapter could have been a lot shorter without the history of the modem).

  2. That’s a good point Ken.  And looking at this as a philosophy book makes a lot of sense.