Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they’re all DRM-free.
Even better, a portion of the proceeds goes to the EFF. As a board member, I’ve seen the other side of this. It’s significant money.
Ed Bear • August 3, 2018 3:44 PM
I got mine. Paid extra for the donation value, too. Thank you.
stryder144 • August 3, 2018 4:09 PM
This is the second time I have purchased the Cybersecurity Bundle from them (1.0 and 2.0). Very thankful for such an affordable price for such great books.
Debora Weber-Wulff • August 3, 2018 4:16 PM
Even if I already have all of your books in print, this is the right price for having them additionally as PDFs, and with other interesting books thrown in for good measure. Hooking it up with a donation to the EFF was a brilliant idea – just make sure that the money actually gets paid, Bruce. Wikipedia Germany had a similar deal once, but the donation money disappeared down a black hole and never made it into the bank account.
Czerno • August 3, 2018 4:19 PM
Congratulations ! I’d buy a copy/license (whatever it’s called) but,
excuse my ignorance : can I read so-called “e-books” on my Windows (or Linux) PC ? Would I need a dedicated program ? Or is the purchase of a dedicated reader necessary in order to access these (Bruce’s bookds) or other e-books ?
Danny • August 3, 2018 5:34 PM
@yeah
They are already there for like ages. Too lazy to do a search there?
moo • August 3, 2018 7:18 PM
Excellent
Clive Robinson • August 4, 2018 4:26 AM
@ Czerno,
excuse my ignorance : can I read so-called “e-books” on my Windows (or Linux) PC ?
From towards the bottom of HB’s offer page @Bruce links to,
As far as I’m aware there are even non Adobe origined PDF FOSS readers for both Windows and Linux[1], that take up less resources than Adobe (as for bugs / attack vectors…).
[1] The venerable “Ghostscript” as a backend with one of several wrappers was last updated back in March this year. However very effective and powerfull as it is, some people don’t like it. I’m cautious about it as it is an open program in it’s own right therefore presents some risks.
jimbo1qaz • August 4, 2018 7:38 AM
I’m cautious about it as it is an open program in it’s own right therefore presents some risks.
I don’t think it’s logical to suspect Ghostscript of being more vulnerable, just because it’s free/open source. Honestly I’d be more concerned about backdoors in bloated, proprietary programs like Adobe Reader, and exploits targeting “most common” software like Adobe Reader (there have been many Adobe Reader zero-days in the past).
Tatütata • August 4, 2018 10:33 AM
GhostScript can be dangerous, but like many other program.
Here’s an example dating back almost to a previous century:
PostScript, which contrary to PDFs, is a full programming language, includes primitives for read/write access to the file system.
An certain web application was accepting PDFs, and immediately converted them upon receipt to a different format for further processing using GhostScript, which will just as happily interpret PostScript as PDFs using a PostScript program.
I found out that the front end didn’t look for the “%PDF-1.xxx” signature or otherwise tried to limit the accepted input types. IIRC, GhostScript looks for the comment to decide whether the PDF interpreter script should be called. You could therefore upload a PostScript program that superficially resembled a valid PDF that injects a payload into the host system.
I use Foxit on Windows, but it too is turning into bloatware riddled with bells and whistles, although not quite as bad as Acrobat. It can’t handle as well some of the worse Acrobat features, e.g., Java. The Linux xreader is quite limited, but I got used to it.
Tatütata • August 4, 2018 10:33 AM
Oh yes, forgot to mention that this EFF book offer is apparently a repeat of an identical one made almost exactly one year go.
Wayne • August 4, 2018 12:13 PM
@Tatütata: VERY different selection of books than last year. Some overlap, yes, but mostly different.
@Czerno: Plenty of good ebook readers out there, such as the multi-format Calibre. Also most tablets can read any format.
My one problem with this bundle is they frequently release Bruce’s Secrets And Lies in PDF edition. I want epubs for the reflowable text – it’s not easy reading PDFs on iPad Minis or phones because of the reduced screen realestate.
If you buy the bundle, you’ll be receiving offers from Humble Bundle for other security bundles. Both O’Reilly and No Starch Press offer some interesting compsci/security bundles. As much as I spend on Humble’s site, I should own stock in the freakin’ place – I’ve bought 62 bundles from them at various price points in the last six years. 😉
If you’re in to the programming side of things, another site to check out is Packt Publishing. They give away a free ebook every day, I’ve downloaded over 500 ebooks over the years on a huge variety of subjects, including security.
65535 • August 4, 2018 3:43 PM
Great.
Price is good also.
Lazza • August 4, 2018 3:52 PM
@Wayne,
VERY different selection of books than last year. Some overlap, yes, but mostly different
Well, not really. The 2.0 Bundle is the exact same as the 1.0 Bundle minus two new books (one on Reversing, one on Cryptocurrencies).
I know because I checked the one I bought last year before deciding to go for the lower tier, so I could get the Reversing book this time. You might be talking about a different bundle with a similar topic.
Clive Robinson • August 4, 2018 6:18 PM
@ ,
First of it helps all if you use the name/handle of the commenter you are quoting as I’ve done with you above.
That said,
I don’t think it’s logical to suspect Ghostscript of being more vulnerable, just because it’s free/open source.
The vulneravility is not FOSS but that it is an open platform programe. It’s like having a Forth Interpreter open to all users to put unknown code from “deity” alone nows where through, without any checks.
After all as others have pointed out above PDF filrs in their many forms has repeatedly been a harbinger of malware.
It’s been shown that the “lighter” PDF viewers have been less susceptible to in file malware attacks.
Whilst GhostScript has been less susceptible than Adobe’s own products, the fact that GhostScript handles so many file formats, means not just it’s attack surface, but complexity are large. Which on average is an indicator of being more susceptible to attack.
There is a python program[1] you can use to pull out individual elements of PDF that with a few mods can check the individual parts safely. Thus enabling you if you wish to reduce the risk of a PDF before you run it through GhostScript.
Clive Robinson • August 4, 2018 6:20 PM
@ jimbo1qaz,
Opps forgot to “cut-n-paste” your handle in my above…
Wayne • August 5, 2018 12:53 PM
@Lazza:
I see this year’s Bundle has four books last year’s didn’t:
Advanced Penetration Testing
Investigating Cryptocurrencies
Reversing – Secrets of Reverse Engineering
Wireshark for Security Professionals
Last year vs this year included:
CEH v9 Certified Ethical Hacker Study Guide
Social Engineering – The Art of Human Hacking
The Art of Deception – Controlling the Human Element of Security
Unauthorised Access – Physical Penetration Testing for IT Security Teams
This year might include some newer editions.
Bill • August 6, 2018 9:12 AM
@wayne:
You can use Calibre to reformat PDF to epub and other formats for use on smaller screens. I have done this with several documents for use in the field.
Thomas • August 6, 2018 12:00 PM
Got my Wiley humble bundle a few days ago and added extra $$ for EFF (great cause, very important stuff!!)
echo • August 6, 2018 2:54 PM
I felt guilty so donated some money to Disability News Service. I’m not disabled but it is a one person operation and does good.
Max • August 8, 2018 4:04 AM
Any news regarding your upcoming book?
Lazza • August 9, 2018 7:44 AM
@Wayne,
I am pretty sure that when I bought it there were only two extra books, now I see four. Anyways it’s a pity that there is a lot of overlap.
Jeremy • August 15, 2018 1:33 AM
The newsletter came out after this Bundle ended. Is there a chance that this will be started again or extended?
Steven Kelly • August 15, 2018 3:48 AM
Please advise if this bundle comes available again. It was closed when I got your newsletter
Daniel Bragg • August 15, 2018 10:36 AM
+1 for notification of next Humble Bundle offering. I too was hoping that it was a month-long offering, but it looks like it was more likely a one-week offering.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
echo • August 3, 2018 2:28 PM
For the price it’s definately a better deal than ebook-free DRM.