Detecting Malice eBook
Just about every conference I speak at someone comes up to me and says, “I’ve been reading your stuff for years, but you don’t write anywhere near as much as you used to - what happened?” Alas, I actually have been writing more now than I ever have before. Just not on this blog. My latest endeavor has actually been the most ambitious writing experiment I have ever undertaken. I decided to write a new book from scratch with no outside additional authors. For those of you who’ve done it or tried it, you know what I’m talking about. I shopped the book around to a number of publishers, but in the end, I decided to pull the publishing rights back from O’Reilly (yes, it was going to be an O’Reilly book for a while) and after working with a few other potential publishers I eventually decided to simply drop the price and make it an eBook.
When I originally started writing the book it’s working title was “The First 100 Packets” because it was going to be all about what you could detect about user intentions within the first 100 packets - makes sense, right? Well, as I wrote it I started thinking that was a worse and worse title because, of course, long term user disposition is a really important and related topic (and just as interesting to me as well). So I up-ended the book and re-wrote a big chunk of it and the title became "Detecting Malice". You can check out the website for a table of contents. Now, why should you buy this book?
What if you could get the equivalent of 500 hours of my brain shoved into one big 300+ PDF book for only $39.95? What if it was written very similar to this blog, in bite sized chunks and from my own voice, so it wasn’t stuffy and boring like a lot of technical books tend to be? I’m honestly very proud of this book and I think it’ll have a lot of value for anyone who is tasked with the horrible job of trying to secure a website, as opposed to breaking into it. As such it’s also not for everyone as it was not written with offense in mind at all. This is not a book to learn how to be a better penetration tester! This is a book for people who want to know how to detect malicious users, and understand user intent through data analysis.
Anti-fraud and fraud loss prevention is an important area of security that I don’t talk about all that much on the site, mostly because security is less sexy than hacking - let’s be honest. I’ve received a lot of flak over the years for not talking about security enough from those who are on the defense side. People have told me that I focus way too much on the hacking side of things and don’t help the good guys out enough. Well, consider this my big contribution to the area of anti-fraud research! Like I said, I’m actually very proud of this book for its technical merits but feedback is always welcome as I revise it and make it better in future revisions.
October 26th, 2009 at 7:29 am
I’d like to know more about this book but the link you give is currently 403 Forbidden. Don’t be such a teaser
October 26th, 2009 at 7:31 am
Sorry, my bad - Just updated the link.
October 26th, 2009 at 7:43 am
That site looks… weird.
Like those sites selling that “Omg make 999999 dollars a day!!1″ kit things.
On the other hand, its made by RSnake, so it has to be good. Right?
October 26th, 2009 at 8:23 am
Am I crazy or the book website looks just like those become-rich-in-2-weeks-ebook scams websites ?
October 26th, 2009 at 8:28 am
@Meh and Sébastien - that’s because you CAN make millions of dollars per day doing nothing!!!
October 26th, 2009 at 8:34 am
@RSnake - Oh yeah? Tell me one of those sites that aint a scam. (Not counting yours)
October 26th, 2009 at 8:35 am
The bank robbery one.
October 26th, 2009 at 8:36 am
Or, like Madoff - ponzi schemes!
October 26th, 2009 at 8:44 am
Dumb questions:
1.What is the update thing?
2.Do you send the entire book every update?
3.Do I have to pay before I can input my email there (and actually get emails)?
If the answer to 2 is yes and the one to 3 is no, wouldn´t that be a way to get the book for free?
October 26th, 2009 at 8:46 am
@meh - dumb answers:
1) It’s so you can recieve notifications about new versions and so I can email you and let you know something about X chapter has changed in the world. Like the fact that X hacker group has built Y exploit that works against Z analytics.
2) No
3) No - I’ll give anyone updates that wants them. Those are free.
October 26th, 2009 at 8:47 am
Is this some new MLM scheme? If yes, count me in.
October 26th, 2009 at 8:51 am
Why don’t you publish it at lulu.com? then you control the price too, they have hardcover as well as e-downloads, without setup fees.
October 26th, 2009 at 8:52 am
@rvdh - because I’m new to this whole eBook thing, frankly. I just wanted to get it out there. I was kinda tired of having it just hanging around on my computer doing nothing.
October 26th, 2009 at 9:35 am
FYI, I’ll likely buy it, but I’d never have bought it if I found that site first.
I imagine its a complex call, but I wouldn’t have recognized your name either… I’d have recognized rsnake of course.
The page sets off so many red flags its not even funny…
I don’t think you have your target audience right either… Based on the table of contents, I expect it to be a good book, but the scare marketing really hurts its credibility.
Here are the red flags that I see…
* “WE GUARANTEE YOUR CONFIDENTIALITY.” — with what exactly? A Guarantee implies I get something. A promise is just a promise. This isn’t even that since there is no specificity. I don’t know what the guarantee is offering … an apology maybe?
… Do I get my purchase back? a $100? what? Do I find out if your database is stolen?
* You mention you briefed many organizations. You don’t say anything about your role in elevating XSS or CSRF visibility or any other vulnerability. It looks like a get rich scheme because there is ’secret knowledge in the book that will make me awesome!’ Thats a terriable hook in my opinions. I’d only buy the book b/c I know you and because I know something about many of the subjects in the book and I gather despite the website’s appearance it will not be bullshit.
* FREE! (This is the era of the internet everything is free just about.) My time is not. Free is not a very good hook and its a red flag and makes me not want to give out my email.
* The site has too much text is jarring fonts. It is screaming at me. I only
read it because I followed the link from here.
* I have no site I am personally vested in defending. I will likely buy the book. I think I am like many of people interested in the book. I might write patches to apache modules or work on libraries used by web developers, but my point is the same. I think you got your audience wrong.
Writing this page imagining it will not be read by security people is a mistake, IMO.
I love your blog and I will likely buy this.
I hope this is helpful feedback.
Best of luck!
October 26th, 2009 at 9:39 am
Congrats - about time this came out
Are you not doing a “dead tree” version? As much as I like the idea of PDF books, I hate reading large quantaties of text on a screen. I’m only going to print this out, and usually when one does that it doesnt look nearly as good as professional printing (especially doesnt look as good on my shelf next to all the other dead trees).
October 26th, 2009 at 9:41 am
@MikeA - I toyed with the idea of a dead tree version and I still might at some point, but I wanted to get it out quickly, so I opted for the self publishing route. But come on - you’ve got a laptop and you travel enough. I know you. You’ve got nothing better to do on that 4 hour flight from CA to NY.
October 26th, 2009 at 10:52 am
I like how it says something like “Oh my god BUY THIS BOOK BEFORE YOUR WEBSITE GETS HACKED INTO THE GROUND, your dogs gets MURDERED, your wife RAPED and your kids… uhm, RAPED TOO”
I know that the book is awesome, but this way of, uhm, “marketing” is just, you know, stupid.
October 26th, 2009 at 10:54 am
@Meh - agreed… the marketing isn’t for you. The book is.
The SEO guys I know convinced me that if I want to appeal to the wider webmaster market I had to dumb it down a tad. Consider your intelligence being insulted for the good of all humanity. 
October 26th, 2009 at 11:01 am
@bitmonger - it’s a hard call. I actually totally agree with you and I had no intention of even making a paid version of the book in the first place. So that site came to be within the last two weeks. It’s also meant to be read by everyone and not just security people, so that’s why the text sucks. The book sucks significantly less than the website, IMHO.
October 26th, 2009 at 11:47 am
Judging by the TOC your book looks like it should be great. But the web page really puts me off.
If you actually read the whole page it makes sense, but the very top part of the page (above the fold) really does not look professional. Like other people have mentioned in the above comments it looks like one of those scam sites.
This is great…
“Could Your Business Survive A Hacker? Detecting Malice Is Filled With 300+ Pages of Must-Have Technical Insights From One of the Foremost Minds in Web Application Security!”
…but its the way the page looks that’s the problem. The book looks good, you are obviously an expert, but your page really doesn’t sell it to me.
Sorry to be so negative, you have obviously spent a lot of time on this and are right to be proud. I wish I had so much expertise in a subject I could write a book like this.
October 26th, 2009 at 10:38 pm
Hi Rsnake,
Is this book available in India at INR (Indian Currency) price?
Is there any Indian edition available?
I would love to buy this book.
Thanks,
Nilesh
http://nileshkumar83.blogspot.com
October 26th, 2009 at 10:44 pm
The web page for the book really is awful. It doesn’t have to be so cheesy and tacky in order to be “dumbed down”.
It wouldn’t take that long to clean it up.
October 27th, 2009 at 1:26 am
Rsnake. Come on man. You are my hero. You are the one that defies everything. Don’t sell yourself to the Marketing people
Fuck em 
I know you could do a better sailes webpage then any of those fucking marketing assholes. COME ON! Step up! Sell your book as you dreamed it would be advetised and sold. Be a Man damn it 
Be the man i learned to love to read.. Please?
October 27th, 2009 at 6:04 am
@All - okay okay, point taken - I’ll look at revising it this weekend when I have a little time. Fear not!
@Nilesh - PayPal may take Indian currency, but I can’t say for sure. Did you try to go through the shopping cart to see?
October 27th, 2009 at 12:53 pm
is the downloadable pdf drm free?
October 27th, 2009 at 3:17 pm
I would love love love a hard-copy of this. Sure, eBooks are more convenient, but reading books on a computer just doesn’t feel right.
October 27th, 2009 at 4:12 pm
@gr00ve it is DRM free, although it comes with a copyright not to transmit. So… pretty much what you’d expect from any eBook. But I have psychic powers that tell me people will transmit anyway. Bastards - all of them.
@Robert - you could always print it if you want. This is my commitment to the save a tree program.
October 27th, 2009 at 6:35 pm
Could you please post the md5/sha1 hashes of the ebook?
October 27th, 2009 at 9:58 pm
One of the beauties of the internet is that domain names are not case *in*sensitive. I think you want to remove the ‘in’.
Also could you please post the md5 and sha1 hashes of the book.
October 27th, 2009 at 10:25 pm
@Nilesh - PayPal may take Indian currency, but I can’t say for sure. Did you try to go through the shopping cart to see?
I checked but I am not sure whether Paypal will make it in Indian Currency.
Anyways, I will wait for Indian Edition if launched,that will be economical one for me.
Thanks,
Nilesh
http://nileshkumar83.blogspot.com
October 28th, 2009 at 12:43 am
Yaaaaaaaaay!!
Thanks man i knew that you are my hero for a reasone. 
October 28th, 2009 at 5:34 am
I guess it’s gonna be on p2p networks in no time…
Hence most ppl will read it off “secondary sources”
I haven’t bought it yet so i can’t tell if you’ve already done this, but I encourage you to stick an “if you like it consider paying for it” sign on some random page
October 28th, 2009 at 7:53 am
@Steven - the version you have is already out of date thanks to your own errata (thank you for that, btw). So sha1/md5 wouldn’t match.
@Picci - Yeah, I do hope people buy it if they like it, but I also hope for world peace, and a private jet, and a mansion and…
October 29th, 2009 at 5:09 pm
How do I get the up-to-date version?
October 29th, 2009 at 6:38 pm
@Steven - I’ll be sending out email updates to anyone who signs up to the email newsletter on the website. It’ll probably be a few weeks before the changes settle down where it’s worth sending out a new update to everyone.
October 30th, 2009 at 2:07 pm
Well I must say that you should fire your SEO people and copywriters. Long copy generally works on people that are not focused and what a quick fix “they get bored and want to jump to the buy it now button”. From what I see with the table of contents your target market is going to be people from a technical background. This target market will by nature attempt to read all the copy and will not like the message and the delivery. For example today I have had to spend over two hours of my time talking to vendors trying to sell me crap, when I seen this site I thought “great more crap”. That being said I have read some of your other work and respect the quality of it. I will be buying this book but I recommend reviewing work of people like clayton makepeace for ideas on how to breakdown your target audience and deliver what they want and how they want it.
October 30th, 2009 at 2:42 pm
@yaya - like everything that’s free, I got what I paid for. It wasn’t paid advice. It was simply bad free advice.
November 1st, 2009 at 9:49 am
The ToC looks very cool actually.. I agree with rvdh, you should send it to lulu.com..
Oh, and change the design, I recommend you google sites
100% safe hehe.
Greetz! and congrats for the book
November 3rd, 2009 at 1:15 pm
@All - for everyone who hated the look and feel of the website, if you hadn’t noticed, I revamped it just for you guys. Hope it’s a little less caustic.
November 5th, 2009 at 12:53 am
Site looks much better now.
But…
“When you purchase the link below, you will be taken to your download immediately.”
When I purchase the link?
November 5th, 2009 at 1:58 am
That E-book site needs to have this posted at the top:
“Matthew Lesko presents…”
But, I was more shocked to find the PDF actually contained malicious javascript embedded in it.
Now I am stuck with AntiVirus-Pro 2010.
You sneaky guy you !
(ok, ok.. just kidding)
November 5th, 2009 at 8:51 am
@Ben - Yes, damnit, purchase my link! Okay, fine, fixed.
@BigWorrrrrrrmmm - How else am I going to make millions of dollars a day doing nothing than infecting my eBook? Silly haX0r.
November 6th, 2009 at 5:20 am
What scares to me is that the purchase site is something called “clickbank”:
https://ssl.clickbank.net/order/orderform.html?time=1257509742&vvvv=72736e616b6532313235&item=1
But when I go to either
https://www.clickbank.net/
or
https://ssl.clickbank.net/
I get nothing (yep, 404, etc).
Would someone in its sanity trust in such a site? And give it credit card details?
Not me, certainly.
Sorry “Mr RSnake”, but I think that for some reasons “real” publishers are in the market.
Sorry for this,
Khan.
November 6th, 2009 at 9:08 am
@Khan You’re linking to the wrong site, which is why you don’t see anything. clickbank.com is their main site. But if the way their site is constructed worries you this much, don’t buy it, or use a pre-paid credit card. Simple solutions to simple problems, my friend.
December 7th, 2009 at 3:14 am
It would be really great if we could buy your book on Lulu, like the OWASP’s ones.
Please please create an account on Lulu and let us buy a printed “Detecting Malice” !!!
December 14th, 2009 at 6:48 am
Great RSnake
I’ll be reading it during the Christmas holiday!