You can translate the content of this page by selecting a language in the select box.
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
You get from them a PGP identity (public key). How you do that is entirely up to you.
Your PGP program uses that identity to perform a single public key encryption of a message key.
Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
Hash the message.
Do a public key signature operation on the hash and attach the result to the message.
Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
A Signal session requires the storage and maintenance of a lot of state information.
Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
With average increases in salary of over 25% for certified individuals, you’re going to be in a much better position to secure your dream job or promotion if you earn your AWS Certified Solutions Architect Associate or AWS Cloud Practitioner certification. Get the books below to for real practice exams:
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
We know you like your hobbies and especially coding, We do too, but you should find time to build the skills that’ll drive your career into Six Figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive. Start your cloud journey with these excellent books below:
- So you think you know DMARC? Prove it (and learn)by /u/freddieleeman (cybersecurity) on November 28, 2022 at 2:14 pm
submitted by /u/freddieleeman [link] [comments]
- Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Reportby /u/TheDFIRReport (cybersecurity) on November 28, 2022 at 1:27 pm
submitted by /u/TheDFIRReport [link] [comments]
- The mental health impact of ransomware attacks: 81% report sleeping problems, 15% seek psychological help within first year after attackby /u/rmw132 (cybersecurity) on November 28, 2022 at 12:40 pm
submitted by /u/rmw132 [link] [comments]
- Belgian (Antwerp, Zwijndrecht) Police Under Fire After Major Ransomware (Ragnar Locker) Leak; data dating back to 2006 include crime reports, fine notices, and photographs of child abuseby /u/Skipper3943 (cybersecurity) on November 28, 2022 at 11:24 am
submitted by /u/Skipper3943 [link] [comments]
- Security Analysis of Radar Systemby /u/skrubitos (cybersecurity) on November 28, 2022 at 11:05 am
Hello, what program can i use to make radar analysis on vessel? Its for my masters. thanks submitted by /u/skrubitos [link] [comments]
- Ratio of bot farms of different countries?by /u/arktozc (cybersecurity) on November 28, 2022 at 10:53 am
Hi, out of curiosity, is there some study or way to estimate rough ratio of bot farms of major countries (meanded they they are getting orders from government/army, sercet service) like Russia, China, USA, France, etc.? submitted by /u/arktozc [link] [comments]
- Any InfoSec company in Lower Saxony?by /u/FBIAgent469 (cybersecurity) on November 28, 2022 at 10:33 am
So basically I am searching for a place to make an internship at. I have found and written some but I can't seem to find many companies submitted by /u/FBIAgent469 [link] [comments]
- MFA support to 3rd party Appsby /u/johnnoah06 (cybersecurity) on November 28, 2022 at 9:07 am
we have started using CISCO's Duo MFA (Multi Factor Authentication) solution to secure our organization's users identity. but some of the 3rd party Apps can't support to use MFA. what would be ideal security solution to fit in this case? submitted by /u/johnnoah06 [link] [comments]
- Why would you locate bot farm in enemy territory?by /u/arktozc (cybersecurity) on November 28, 2022 at 8:26 am
Hi, I have recently read through some SSU (Ukraine secret service) articles about shuting down decent amount of Russian bot farms during last year and one thing keeps me wondering. What would/could be the motivation create bot farms on enemy territory? Is there some technical lmitation or benefit or is there some financial reason or just why? Like why dont you make those farms on your territory or in some country in Africa that nobody cares about, etc.? PS: Not sure what tag to choose, so if Russ/UK is more apropriate, then just send me a msg and I will edit it submitted by /u/arktozc [link] [comments]
- How is triggering DNS lookups on a foreign system a security risk?by /u/mangyCarl3 (cybersecurity) on November 28, 2022 at 8:06 am
In Text4shell (CVE-2022-42889) there are 3 potential security vulnerabilities which are triggered by String substitution marked by specific prefixes, which could lead to problems. One of them is "script" which can lead to code injection, self explainatory. The other two are "dns" and "url" which according to the CVE "could result in (...) contact with remote servers". I can't quite understand why pure contact with remote servers is a security concern. How is it exploitable to make dns lookups for the hostname of an ip address via a foreign system? Why should that be a problem? To map out internal structure if its a bigger network? submitted by /u/mangyCarl3 [link] [comments]
- 5.4 million Twitter users' stolen data leaked online — more shared privatelyby /u/CyberMasterV (cybersecurity) on November 28, 2022 at 7:54 am
submitted by /u/CyberMasterV [link] [comments]
- Passed my Sec+ a couple hours ago! YESS!!by /u/Organic-Exercise-946 (cybersecurity) on November 28, 2022 at 6:39 am
Passed my Sec+ a couple hours ago! YES!! After 1 month of studying or so. Used Udemy, Practice exams (On Udemy), All in One Text book. Any questions feel free to ask! I also get to finally build my first PC as a reward for passing the exam! Also I've been seeing alot of people saying once you get Sec+ and you have a DOD Security Clearance the rest is easy peasy getting into Cyber Security. Not really sure how that's easy, anyone with that kind of experience care to elaborate ? I recently landed a Help Desk Remote Job for an ISP with just a Net+ Cert and having good troubleshooting skills over the phone. Not really sure where to go on from there. As I seen some cyber security job postings and most need a CS or something related with 3-5 years of experience in the field. I'll also add that I'll be starting a cloud computing degree at WGU and plan on finishing as fast as possible, maybe 2 years or even less. I also plan on taking my CySa+ in December and afterwards finishing it off with CCNA. Thoughts anyone ? submitted by /u/Organic-Exercise-946 [link] [comments]
- Cybersecurity case interview insightsby /u/CrazyAutopilot (cybersecurity) on November 28, 2022 at 5:58 am
Hello all! I'm in the final rounds of a Cybersecurity manager position at a consulting firm. I'm told it'll be a 6 person, half hour each, case/ case study interview. Following which I'll have to send in a write up with my summary for the case. I can see why, they're wanting to examine how you approach a problem and break it down. I've been through quite a variety of interview types for Cybersecurity roles but never come across a case or case study interview. I tried to find some Cybersecurity case interview examples online but couldn't really find anything. Almost all examples online for case interviews were all business/profitability related. Has anyone on here who has gone through Cybersecurity case interviews for consulting firms? Would you be willing to share insights with examples of what that looked like? What can i do to prep? I'm very confident about my abilities but having never done a case interview has me quite nervous. Anything you can share would be helpful. I'm also open to engaging in a chat if it makes it easier to share. submitted by /u/CrazyAutopilot [link] [comments]
- How harmful can it be to have access to the WordPress panel of a page?by /u/CourageNo6010 (cybersecurity) on November 28, 2022 at 3:27 am
how can i solve this error? I want nobody to have access to the WordPress login on the page submitted by /u/CourageNo6010 [link] [comments]
- How necessary is CompTia Security+ for experienced engineers?by /u/sold_myfortune (cybersecurity) on November 28, 2022 at 2:59 am
I have multiple years of professional work experience as a senior infosec engineer at one of the world's largest defense companies. I also have multiple years at a senior engineering level for infosec at one of the world's largest banks. This is my current job. The HR departments of both companies will officially confirm this for anyone that asks. I am not attempting to break into cybersecurity, that happened a long time ago. When I decided to credentialize I never bothered to get the Sec+ but got several more advanced GIAC certifications instead. I'm wondering if the Sec+ is so ubiquitous now that it's expected that all professional infosec practitioners should have it? Might it be detrimental in some way to not have this entry level certification? submitted by /u/sold_myfortune [link] [comments]
- Hak5 devicesby /u/jamesmiller9048 (cybersecurity) on November 28, 2022 at 2:57 am
I've seen many Hak5 gadgets demos on YouTube and stuffs like rubber ducky bash bunny O.MG Cable and so on In most of these the screen is on and we can see the activities like URL visited, an apk is downloaded and installed. Another thing that I noticed is that the random passwords are entered by the device but if there are 5 attempts and it fails then wait for next 30 secs it's put on hold from entering anything. Just imagine if there are 1 million attempts, like user would have to wait Every 30 seconds after 5 attempts. I thought nothing will be displayed on the screen and the job will be done within like 30 seconds or less. If this is the case then the user will be suspicious right Then what's the use. Please correct me if I'm wrong. submitted by /u/jamesmiller9048 [link] [comments]
- HackNotice spam emails, any legitimacy based on experience?by /u/LastingTransient (cybersecurity) on November 28, 2022 at 2:46 am
As we all know there are many spammers and campaigns out there trying to scare companies into replying and paying for bogus info, but recently we have been getting some emails from HackNotice based out of Austin, TX, with emails stating things like “trying to reach out to find the best way to share all of the indexed records, which may include employee PII, we have seen for your domain in HackNotice.” I’m aware probably just purely scare tactics and spam, but curious if anyone has experience with HackNotice and their legitimacy? Or just more of the same spam junk? submitted by /u/LastingTransient [link] [comments]
- CyberSecurity Discord group chats?by /u/Comfortable-View-713 (cybersecurity) on November 28, 2022 at 12:42 am
submitted by /u/Comfortable-View-713 [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on November 28, 2022 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
- PEN-100 and Tryhackmeby /u/Feeling_Beautiful_85 (cybersecurity) on November 27, 2022 at 7:17 pm
Hi everyone, i would like to start studying the PEN-100 from Offensive Security, and buying the anual package that includes every xxx-100 subject. I'm studying right now from tryhackme and i would like to know if tryhackme it's enough to get into Offensive Security and then escalate to OSCP step by step. How hard is PEN-100? Do i need a really good base to start studying there? Thank you so much! Edit: Maybe i can directly go to PEN-200? I think PEN-100 is like an introduction. submitted by /u/Feeling_Beautiful_85 [link] [comments]
- Anyone here NOT burnt out and like their cyber security job?by /u/BeyondTheGreenHill (cybersecurity) on November 27, 2022 at 6:33 pm
There has been a run of burn out posts lately where everyone that hates their job piles in to echo the OP. Nothing wrong with this, I stayed too long in a sys admin, soul crushing position that almost killed me. I get it. I’m a sys eng now with 15 years experience and thinking of transitioning into a remote cyber job. Would love to hear from anyone that isn’t getting bludgeoned to death every day. Thanks submitted by /u/BeyondTheGreenHill [link] [comments]
- How the hell do you get a job?by /u/Taffyoka (cybersecurity) on November 27, 2022 at 3:29 pm
I’m scared and worried about job hunting that I keep looking at applications for jobs in Computer Security and I freeze. I’ve studied for it but the requirements are all different. This field is huge but I wasn’t ready for any interview nor required experience. I’ve self studied for threat hunting and threat analysis, but I feel not ready for a job at SOC. I don’t have any networks and always been by myself which is something I regret. I’ve had past experiences of finishing studying and never landing a interview for years. I’m aware that is normal and that someone applied for 1000 jobs only get 2 but Damn!. (Might delete this cause it’s just anxiety and taking things off my chest) submitted by /u/Taffyoka [link] [comments]
- Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breachesby /u/Skipper3943 (cybersecurity) on November 27, 2022 at 11:28 am
submitted by /u/Skipper3943 [link] [comments]
- Attackers bypass Coinbase and MetaMask 2FA via Phishing emails, Fake Support Chat, and Teamviewerby /u/Skipper3943 (cybersecurity) on November 27, 2022 at 8:37 am
submitted by /u/Skipper3943 [link] [comments]
- How BlackBerry moved from iconic cellphones to cybersecurityby /u/Puzzleheaded_Basil13 (cybersecurity) on November 27, 2022 at 6:35 am
submitted by /u/Puzzleheaded_Basil13 [link] [comments]
- Russian Hackers Now Offering Stealer as a Service; 34 new Russian-speaking groups have compromised 890,000 individuals and stolen 50M passwordsby /u/Skipper3943 (cybersecurity) on November 26, 2022 at 11:04 pm
submitted by /u/Skipper3943 [link] [comments]
Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon
My favorite tool for creating blog content about tiny topics is the Jasper AI blog writer.
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 (Email us for more))
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action