Three of My Books Are Available in DRM-Free E-Book Format

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they're all DRM-free.

Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this. It's significant money.

Posted on August 3, 2018 at 2:10 PM • 25 Comments

Comments

stryder144August 3, 2018 4:09 PM

This is the second time I have purchased the Cybersecurity Bundle from them (1.0 and 2.0). Very thankful for such an affordable price for such great books.

Debora Weber-WulffAugust 3, 2018 4:16 PM

Even if I already have all of your books in print, this is the right price for having them additionally as PDFs, and with other interesting books thrown in for good measure. Hooking it up with a donation to the EFF was a brilliant idea - just make sure that the money actually gets paid, Bruce. Wikipedia Germany had a similar deal once, but the donation money disappeared down a black hole and never made it into the bank account.

CzernoAugust 3, 2018 4:19 PM

Congratulations ! I'd buy a copy/license (whatever it's called) but,
excuse my ignorance : can I read so-called "e-books" on my Windows (or Linux) PC ? Would I need a dedicated program ? Or is the purchase of a dedicated reader necessary in order to access these (Bruce's bookds) or other e-books ?

Clive RobinsonAugust 4, 2018 4:26 AM

@ Czerno,

excuse my ignorance : can I read so-called "e-books" on my Windows (or Linux) PC ?

From towards the bottom of HB's offer page @Bruce links to,

    Read them anywhere. These books are available in PDF and ePUB formats, and some in MOBI too. Secrets and Lies: Digital Security in a Networked World is only available in PDF. Instructions and a list of recommended reading programs can be found here.

As far as I'm aware there are even non Adobe origined PDF FOSS readers for both Windows and Linux[1], that take up less resources than Adobe (as for bugs / attack vectors...).

[1] The venerable "Ghostscript" as a backend with one of several wrappers was last updated back in March this year. However very effective and powerfull as it is, some people don't like it. I'm cautious about it as it is an open program in it's own right therefore presents some risks.

jimbo1qazAugust 4, 2018 7:38 AM

>I'm cautious about it as it is an open program in it's own right therefore presents some risks.

I don't think it's logical to suspect Ghostscript of being more vulnerable, just because it's free/open source. Honestly I'd be more concerned about backdoors in bloated, proprietary programs like Adobe Reader, and exploits targeting "most common" software like Adobe Reader (there have been *many* Adobe Reader zero-days in the past).

TatütataAugust 4, 2018 10:33 AM

GhostScript can be dangerous, but like many other program.

Here's an example dating back almost to a previous century:

PostScript, which contrary to PDFs, is a full programming language, includes primitives for read/write access to the file system.

An certain web application was accepting PDFs, and immediately converted them upon receipt to a different format for further processing using GhostScript, which will just as happily interpret PostScript as PDFs using a PostScript program.

I found out that the front end didn't look for the "%PDF-1.xxx" signature or otherwise tried to limit the accepted input types. IIRC, GhostScript looks for the comment to decide whether the PDF interpreter script should be called. You could therefore upload a PostScript program that superficially resembled a valid PDF that injects a payload into the host system.

I use Foxit on Windows, but it too is turning into bloatware riddled with bells and whistles, although not quite as bad as Acrobat. It can't handle as well some of the worse Acrobat features, e.g., Java. The Linux xreader is quite limited, but I got used to it.

TatütataAugust 4, 2018 10:33 AM

Oh yes, forgot to mention that this EFF book offer is apparently a repeat of an identical one made almost exactly one year go.

WayneAugust 4, 2018 12:13 PM

@Tatütata: VERY different selection of books than last year. Some overlap, yes, but mostly different.

@Czerno: Plenty of good ebook readers out there, such as the multi-format Calibre. Also most tablets can read any format.

My one problem with this bundle is they frequently release Bruce's Secrets And Lies in PDF edition. I want epubs for the reflowable text - it's not easy reading PDFs on iPad Minis or phones because of the reduced screen realestate.

If you buy the bundle, you'll be receiving offers from Humble Bundle for other security bundles. Both O'Reilly and No Starch Press offer some interesting compsci/security bundles. As much as I spend on Humble's site, I should own stock in the freakin' place - I've bought 62 bundles from them at various price points in the last six years. ;-)

If you're in to the programming side of things, another site to check out is Packt Publishing. They give away a free ebook every day, I've downloaded over 500 ebooks over the years on a huge variety of subjects, including security.

LazzaAugust 4, 2018 3:52 PM

@Wayne,

VERY different selection of books than last year. Some overlap, yes, but mostly different

Well, not really. The 2.0 Bundle is the exact same as the 1.0 Bundle minus two new books (one on Reversing, one on Cryptocurrencies).

I know because I checked the one I bought last year before deciding to go for the lower tier, so I could get the Reversing book this time. You might be talking about a different bundle with a similar topic.

Clive RobinsonAugust 4, 2018 6:18 PM

@ ,

First of it helps all if you use the name/handle of the commenter you are quoting as I've done with you above.

That said,

I don't think it's logical to suspect Ghostscript of being more vulnerable, just because it's free/open source.

The vulneravility is not FOSS but that it is an open platform programe. It's like having a Forth Interpreter open to all users to put unknown code from "deity" alone nows where through, without any checks.

After all as others have pointed out above PDF filrs in their many forms has repeatedly been a harbinger of malware.

It's been shown that the "lighter" PDF viewers have been less susceptible to in file malware attacks.

Whilst GhostScript has been less susceptible than Adobe's own products, the fact that GhostScript handles so many file formats, means not just it's attack surface, but complexity are large. Which on average is an indicator of being more susceptible to attack.

There is a python program[1] you can use to pull out individual elements of PDF that with a few mods can check the individual parts safely. Thus enabling you if you wish to reduce the risk of a PDF before you run it through GhostScript.

[1] https://en.m.wikipedia.org/wiki/Pdf-parser

Clive RobinsonAugust 4, 2018 6:20 PM

@ jimbo1qaz,

Opps forgot to "cut-n-paste" your handle in my above...

WayneAugust 5, 2018 12:53 PM

@Lazza:

I see this year's Bundle has four books last year's didn't:

Advanced Penetration Testing
Investigating Cryptocurrencies
Reversing - Secrets of Reverse Engineering
Wireshark for Security Professionals

Last year vs this year included:
CEH v9 Certified Ethical Hacker Study Guide
Social Engineering - The Art of Human Hacking
The Art of Deception - Controlling the Human Element of Security
Unauthorised Access - Physical Penetration Testing for IT Security Teams

This year might include some newer editions.

BillAugust 6, 2018 9:12 AM

@wayne:

You can use Calibre to reformat PDF to epub and other formats for use on smaller screens. I have done this with several documents for use in the field.

ThomasAugust 6, 2018 12:00 PM

Got my Wiley humble bundle a few days ago and added extra $$ for EFF (great cause, very important stuff!!)

LazzaAugust 9, 2018 7:44 AM

@Wayne,

I am pretty sure that when I bought it there were only two extra books, now I see four. Anyways it's a pity that there is a lot of overlap.

JeremyAugust 15, 2018 1:33 AM

The newsletter came out after this Bundle ended. Is there a chance that this will be started again or extended?

Steven KellyAugust 15, 2018 3:48 AM

Please advise if this bundle comes available again. It was closed when I got your newsletter

Daniel BraggAugust 15, 2018 10:36 AM

+1 for notification of next Humble Bundle offering. I too was hoping that it was a month-long offering, but it looks like it was more likely a one-week offering.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.