Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "CyberShock", Winn Schwartau

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKCBRSHK.RVW 20000625 CyberShock , Winn Schwartau, 2000, 1-56025-246-4, U$24.95 %A Winn Schwartau winn@infowar.com,winns@gte.net %C Fourth Floor, 841
    Message 1 of 1 , Sep 25, 2000
      BKCBRSHK.RVW 20000625

      "CyberShock", Winn Schwartau, 2000, 1-56025-246-4, U$24.95
      %A Winn Schwartau winn@...,winns@...
      %C Fourth Floor, 841 Broadway, New York, NY 10003
      %D 2000
      %G 1-56025-246-4
      %I Thunder's Mouth/Inter.Pact Press
      %O U$24.95 212-780-0380 fax: 813-393-6361
      %P 470 p.
      %T "CyberShock: Surviving Hackers, Phreakers, Identity Thieves,
      Internet Terrorists and Weapons of Mass Disruption"

      As some may know, Winn Schwartau and I do not see eye-to-eye on the
      emphasis to be given to certain exhortations in alerting the public to
      matters of computer security. So when he informed me of his latest
      book, he noted that I might like to do the usual hatchet job on it.
      Unfortunately, I can't fully comply. While I may quibble with some
      aspects of his latest book, overall it is a good overview of the
      existing computer security situation, and would make a helpful
      introduction for new computer and Internet users.

      Part one is an outline of hackers and hacking. "The Great New Global
      Society" appears to be (although erudite and readable it's not exactly
      straightforward) a presentation of society as seriously messed up, and
      hackers as curious and determined. The results of a number of surveys
      of computer penetration are described in "Whole Lotta Hacking Goin'
      On," with unfortunately little space given to the design of the
      studies. There are some examples of Web site defacement and an ad for
      Linux in "CyberGraffiti." (And it's attrition.org, not
      attrition.com.) "Who Are the Hackers?" gives a reasonable structure
      to the current security breaking population and environment, although,
      as Schwartau notes, the game has become so big and ill-defined that
      one might be forgiven for coming out of this chapter thinking that
      anyone could be a hacker and a hacker could be anyone. Some stories
      from the annual DefCon (and the inadequacies of the Plaza Hotel) are
      retailed in "CyberChrist at the Hacker Con." "Hacktivism" lists a few
      examples of digital civil disobedience. "An American Alien Hacks
      Through Customs" is probably fair warning to customs agents that if
      you mess with Schwartau at the border you are going to look really
      silly in his next book.

      Part two looks into protecting you and yours. "In Cyberspace You're
      Guilty Until Proven Innocent" describes identity theft, and the ease
      and dangers thereof. (It also includes a rather odd section on Web
      privacy security.) The chapter admits that there is not much you can
      do about identity theft. It is also very US-centric: for example, the
      Canadian SIN (Social Insurance Number), as opposed to the US SSN
      (Social Security Number), is very seldom used for commercial
      transactions. The advice in "Protecting Your Kids and Family From
      Hackers" is not an easy or quick fix, but it is (with the notable
      exception of the piece on cyberstalking) realistic and well written.
      So is the counsel in "Spam." "Scam Spam" offers very useful and
      relevant guidance on dealing with fraud on the net.

      Part three outlines the techniques of hacking itself. "Getting
      Anonymous" is a quick overview of anonymizing services and spoofing.
      Some of the basics are skipped in "Password Hacking," but there is a
      nice introduction to biometric techniques. While not getting into the
      gritty details, there is a quick lesson on eavesdropping on
      promiscuous networks in "Hack and Sniff." "Scanning, Breaking and
      Entering" lays out the information that is--must be--available to
      anyone wanting to mount a network attack. "War Dialing" basically
      notes that phones are a means of access. Leaving aside a minor
      quibble with the definition of trojan horse software (like the Trojans
      who "installed" the horse of their own destruction because they didn't
      know what it contained, users generally install trojans because of a
      misrepresentation of what the software does), most of "Trojan Hacking"
      only describes Back Orifice. There is some small degree of comfort
      for credit card users, and some rather embarrassing points for credit
      card merchants, in "Hacking for $." While it waffles a little,
      "Viruses, Hoaxes, and Other Animals" contains good advice and a
      reasonable picture of the current situation. "Crypto Hacking" is
      (absent an impossible IP address) a nice history of cryptography,
      although it's a bit thin on details. "Steganography" defines the
      term, but misses a few points on usage. The discussion of computer
      forensics in "Hacking for Evidence" is limited to data recovery, but
      has some good points for users and companies.

      Part four deals with destructive activities. "Denial of Service"
      rather overstates the point, since the term generally is restricted to
      operations that inhibit use but do not harm hardware or data.
      "Schwartau to Congress" appears to be a minor aside. The discussion
      of electromagnetic weaponry in "Weapons of Mass Disruption" is
      fascinating, but does downplay a few inconvenient laws of physics,
      such as inverse square distance relationships.

      Part five analyses some tips for protecting yourself. "Hiring
      Hackers" examines both sides of the question. The basics of intrusion
      detection is outlined in "Catching Hackers." There is a decent
      introduction to firewalls in "Defensive Hacking," along with a pointer
      to simple automated penetration testing. "Corporate Anti-Hacking"
      presents a number of good points (although if you follow all of them
      blindly you'll likely face mass resignations). Deception is promoted
      in "Lying to Hackers is OK By Me."

      Part six discusses law enforcement. "Hacking and Law Enforcement" is
      rather depressing, but reasonable. The advice on striking back boils
      down to "be careful" in "Corporate Vigilantism." "Infrastructure Is
      Us" seems to be a bit out of place, in that it presents no protective
      measures: only a warning. Similarly, the material on infowar is
      alarming but not really illuminating in "Something Other Than War."

      Part seven looks to the future. "Luddite's Lament" expresses
      frustration with phones. "The Future of Microsoft" is one of the
      standard jokes about Microsoft's fight with the US federal government.
      Digital manipulation of propaganda is mentioned in "Messing With the
      Collective Mind." "Extreme Hacking" gives short takes on some new
      technologies. "The Toaster Rebellion of '08" is one of the standard
      scifi plots.

      While there is a heavy emphasis on the sensational, overall this book
      does provide the security novice with a fairly reliable picture of the
      current security environment. Possibilities are generally presented
      as such, and the analysis of relative dangers is usually good. A
      number of useful tips are given that can help home and small business
      computer users be more secure in their computer and network use.
      Security specialists will find little that is new here, but that is
      not the target audience for the book. I have frequently been asked
      for a recommendation for a general security introduction directed at
      the non-technical computer and Internet user, and, for all its flaws,
      I think this work may be the closest I've seen.

      copyright Robert M. Slade, 2000 BKCBRSHK.RVW 20000625

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      My mind not only wanders, sometimes it leaves completely.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.