How about "The Cuckoo's Egg" by Clifford Stoll. Alot of the material is dated now, but it's a good read and the tactics described (buffer over flow flaws and dictionary blasting) are still used. -----Original Message----- From: Rich Wiggins [mailto:[log in to unmask]] Sent: Friday, December 12, 2003 10:38 AM To: [log in to unmask] Subject: Favorite book on computer and network security? If you could hand your boss one book to read on computer and network security, what would you pick? When Lou Rosenfeld reviewed Steve Krug's "Don't Make Me Think" he said it was the one indispensable book to give to your manager if you are a Webmaster. Is there one favority Web site you'd refer your management to? (Of course security.msu.edu is assumed. :-) ) Please reply privately to me unless you feel the info would be useful to the group. Thanks, /rich