REVIEW: "CyberShock", Winn Schwartau
- BKCBRSHK.RVW 20000625
"CyberShock", Winn Schwartau, 2000, 1-56025-246-4, U$24.95
%A Winn Schwartau winn@...,winns@...
%C Fourth Floor, 841 Broadway, New York, NY 10003
%I Thunder's Mouth/Inter.Pact Press
%O U$24.95 212-780-0380 fax: 813-393-6361
%P 470 p.
%T "CyberShock: Surviving Hackers, Phreakers, Identity Thieves,
Internet Terrorists and Weapons of Mass Disruption"
As some may know, Winn Schwartau and I do not see eye-to-eye on the
emphasis to be given to certain exhortations in alerting the public to
matters of computer security. So when he informed me of his latest
book, he noted that I might like to do the usual hatchet job on it.
Unfortunately, I can't fully comply. While I may quibble with some
aspects of his latest book, overall it is a good overview of the
existing computer security situation, and would make a helpful
introduction for new computer and Internet users.
Part one is an outline of hackers and hacking. "The Great New Global
Society" appears to be (although erudite and readable it's not exactly
straightforward) a presentation of society as seriously messed up, and
hackers as curious and determined. The results of a number of surveys
of computer penetration are described in "Whole Lotta Hacking Goin'
On," with unfortunately little space given to the design of the
studies. There are some examples of Web site defacement and an ad for
Linux in "CyberGraffiti." (And it's attrition.org, not
attrition.com.) "Who Are the Hackers?" gives a reasonable structure
to the current security breaking population and environment, although,
as Schwartau notes, the game has become so big and ill-defined that
one might be forgiven for coming out of this chapter thinking that
anyone could be a hacker and a hacker could be anyone. Some stories
from the annual DefCon (and the inadequacies of the Plaza Hotel) are
retailed in "CyberChrist at the Hacker Con." "Hacktivism" lists a few
examples of digital civil disobedience. "An American Alien Hacks
Through Customs" is probably fair warning to customs agents that if
you mess with Schwartau at the border you are going to look really
silly in his next book.
Part two looks into protecting you and yours. "In Cyberspace You're
Guilty Until Proven Innocent" describes identity theft, and the ease
and dangers thereof. (It also includes a rather odd section on Web
privacy security.) The chapter admits that there is not much you can
do about identity theft. It is also very US-centric: for example, the
Canadian SIN (Social Insurance Number), as opposed to the US SSN
(Social Security Number), is very seldom used for commercial
transactions. The advice in "Protecting Your Kids and Family From
Hackers" is not an easy or quick fix, but it is (with the notable
exception of the piece on cyberstalking) realistic and well written.
So is the counsel in "Spam." "Scam Spam" offers very useful and
relevant guidance on dealing with fraud on the net.
Part three outlines the techniques of hacking itself. "Getting
Anonymous" is a quick overview of anonymizing services and spoofing.
Some of the basics are skipped in "Password Hacking," but there is a
nice introduction to biometric techniques. While not getting into the
gritty details, there is a quick lesson on eavesdropping on
promiscuous networks in "Hack and Sniff." "Scanning, Breaking and
Entering" lays out the information that is--must be--available to
anyone wanting to mount a network attack. "War Dialing" basically
notes that phones are a means of access. Leaving aside a minor
quibble with the definition of trojan horse software (like the Trojans
who "installed" the horse of their own destruction because they didn't
know what it contained, users generally install trojans because of a
misrepresentation of what the software does), most of "Trojan Hacking"
only describes Back Orifice. There is some small degree of comfort
for credit card users, and some rather embarrassing points for credit
card merchants, in "Hacking for $." While it waffles a little,
"Viruses, Hoaxes, and Other Animals" contains good advice and a
reasonable picture of the current situation. "Crypto Hacking" is
(absent an impossible IP address) a nice history of cryptography,
although it's a bit thin on details. "Steganography" defines the
term, but misses a few points on usage. The discussion of computer
forensics in "Hacking for Evidence" is limited to data recovery, but
has some good points for users and companies.
Part four deals with destructive activities. "Denial of Service"
rather overstates the point, since the term generally is restricted to
operations that inhibit use but do not harm hardware or data.
"Schwartau to Congress" appears to be a minor aside. The discussion
of electromagnetic weaponry in "Weapons of Mass Disruption" is
fascinating, but does downplay a few inconvenient laws of physics,
such as inverse square distance relationships.
Part five analyses some tips for protecting yourself. "Hiring
Hackers" examines both sides of the question. The basics of intrusion
detection is outlined in "Catching Hackers." There is a decent
introduction to firewalls in "Defensive Hacking," along with a pointer
to simple automated penetration testing. "Corporate Anti-Hacking"
presents a number of good points (although if you follow all of them
blindly you'll likely face mass resignations). Deception is promoted
in "Lying to Hackers is OK By Me."
Part six discusses law enforcement. "Hacking and Law Enforcement" is
rather depressing, but reasonable. The advice on striking back boils
down to "be careful" in "Corporate Vigilantism." "Infrastructure Is
Us" seems to be a bit out of place, in that it presents no protective
measures: only a warning. Similarly, the material on infowar is
alarming but not really illuminating in "Something Other Than War."
Part seven looks to the future. "Luddite's Lament" expresses
frustration with phones. "The Future of Microsoft" is one of the
standard jokes about Microsoft's fight with the US federal government.
Digital manipulation of propaganda is mentioned in "Messing With the
Collective Mind." "Extreme Hacking" gives short takes on some new
technologies. "The Toaster Rebellion of '08" is one of the standard
While there is a heavy emphasis on the sensational, overall this book
does provide the security novice with a fairly reliable picture of the
current security environment. Possibilities are generally presented
as such, and the analysis of relative dangers is usually good. A
number of useful tips are given that can help home and small business
computer users be more secure in their computer and network use.
Security specialists will find little that is new here, but that is
not the target audience for the book. I have frequently been asked
for a recommendation for a general security introduction directed at
the non-technical computer and Internet user, and, for all its flaws,
I think this work may be the closest I've seen.
copyright Robert M. Slade, 2000 BKCBRSHK.RVW 20000625
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
My mind not only wanders, sometimes it leaves completely.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade