Book by the infamous Johnny Cache and his colleague Vincent Liu frankly rocks: Johnny Cache--the nom de Net of Jon Ellch--achieved notoriety for his efforts last summer alongside colleague David Maynor to expose wireless weaknesses in leading drivers and operating systems. Neatly glossing across the validity and provability of their claims--Maynor's promised code release in January still has not occurred--there's no question that Maynor, Ellch, and a number of their gray-hat colleagues have changed the way in which vulnerabilities are discovered and vectors exploited. Their techniques of fuzzing--throwing massive amounts of badly formatted data at a device, program, or service and seeing what sticks--should be used by all companies to stress test their products before release. Sadly, they still are not.
Ellch's book Hacking Exposed Wireless, co-written with Liu, a security expert I had no prior knowledge of, is a great primer on wireless technology, and a great read. I enjoyed it immensely--and that's not a phrase I typically use with the often dense, impenetrable books on technology and security I frequently encounter when trying to bump up my knowledge. Technical books are often hard to read because they have to convey so much detail, and there's no room to take a step back and breathe in a little life. This book reads breezily, maybe too much at times or for some people who want nothing but the deadly dull stuff. There's a narrative here, and I like that.
I would also rarely call a hacking or technical book charming, but this one is. Chapter 10 takes the form of a long story to show how a Bluetooth-based attack could allow someone's life to be exposed and monitored; in this case, it's both benign and creepy. The story is well written. Take this paragraph, for instance, with Bluejacker Jake noticing Monica, the woman whose phone he's hacked, enter a cafe she frequents:
"While she ordered her drink and waited for the barista to brew it up, Jake went to work. He pressed ENTER on his btftp connection and quickly pasted his command buffer into the window. After what seemed like an eternity, a connection banner from btftp greeted Jake. Seconds later, what appeared to be a directory listing appeared on the screen." (And, no, Monica never maces Jake, and Jake never menaces Monica. Maybe in the sequel.)
The book covers the basics with plenty of detail, recapitulating what you might read elsewhere but with a security and attack profile focus. There are runthroughs of many attacks and potential vectors for attack, as well as what to do once you've gained access. And, because this is gray-hat stuff, the section on defense lets you get your guard up after you've figured out what you have that can be broken.
I'd recommend this book as the first step for anyone trying to gain a fundamental and comprehensive understanding of the state of wireless cracking and attacks. You will find sentences like, "LORCON currently comes with a set of patches for host-ap, wlan-ng, prism54, MadWifi, rt2500/rt2570, and rtl8189." But that dense listing is followed by very comprehensible explanations of each element, how it works, and how to obtain it.