Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Tangled Web", Richard Power

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKTANGWB.RVW 20001027 Tangled Web , Richard Power, 2000, 0-7897-2443-X, U$25.00/C$37.95/UK#18.50 %A Richard Power %C 201 W. 103rd Street, Indianapolis,
    Message 1 of 1 , Feb 26, 2001
    • 0 Attachment
      BKTANGWB.RVW 20001027

      "Tangled Web", Richard Power, 2000, 0-7897-2443-X,
      U$25.00/C$37.95/UK#18.50
      %A Richard Power
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2000
      %G 0-7897-2443-X
      %I Macmillan Computer Publishing (MCP)
      %O U$25.00/C$37.95/UK#18.50 800-858-7674 317-581-3743 www.mcp.com
      %P 431 p.
      %T "Tangled Web: Tales of Digital Crime from the Shadows of
      Cyberspace"

      This book gives a reasonably balanced review of the perception of
      security experts in regard to the level of computer or communications
      involved crime going on in our networked world. That is because this
      is not so much a book, as an extended compilation article. Power
      reproduces interviews with, or grabs quotations from the written works
      of, a great many forensic and security specialists or researchers.
      Very large chunks of the book are taken from previously published
      works.

      Note also that I say "balanced," and not "complete."

      Part one appears to be intended as a general introduction to computer
      related crime. Chapter one is the usual statement that it goes on,
      mercifully brief. Despite an interview with Sarah Gordon and
      extensive quoting from Donn Parker, chapter two's look at
      cybercriminals focusses rather narrowly on the fact that people who do
      crimes aren't normal. The CSI (Computer Security Institute)/FBI
      Computer Crime and Security Survey is introduced with many graphs and
      tables in chapter three. The description does mention, but doesn't
      emphasize, the fact that the survey was self-selecting and self-
      reporting, and therefore only marginally more informative than an
      opinion poll. Chapter four tries to look at costs.

      The title of part two seems to indicate a deeper analysis of criminals
      and system breakers. Chapter five touches on the infamous Operation
      Sundevil (the law enforcement disaster that was the inspiration behind
      Bruce Sterling's "The Hacker Crackdown," cf. BKHKRCRK.RVW), and the
      even more infamous Morris Internet Worm: is Power trying to equate
      police activity with system breaking? Three penetration episodes that
      led to the arrest of young crackers are described in chapter six.
      Some stories of theft of credit card numbers, bank fraud, and advanced
      phone phreaking are given in chapter seven, but these are cobbled
      together from published interviews with police, and have little
      technical background. There is a little bit about nuisances and
      vandalism, and a lot about distributed denial of service, in chapter
      eight. Chapter nine tells the stories of the Melissa and Love Bug
      email worms. As with the earlier tales in the book, the material is
      technically weak, and has other errors of fact as well. (I exclude
      the respective CERT advisories, which are reproduced in full.)

      Part three is about spies and espionage. However, chapter ten, which
      talks about spies, doesn't really have anything to say about computer
      penetration. The stories are all very terse mentions of spying culled
      from general news reports. The tales of insider fraud, in chapter
      eleven, vary in length and don't really present any more than trivial
      information. Infowar gets a mix of anecdotes and speculation in
      chapter twelve.

      Part four looks at personal attacks. Both chapter thirteen, on
      identity theft, and chapter fourteen, on child pornography, are short
      and oddly unhelpful.

      Part five turns to defensive activities. Chapter fifteen concentrates
      on where the security department should be on the corporate org chart.
      Global law enforcement recounts a few presentations by non-US law
      enforcement people in chapter sixteen. There are more details on US
      government security offices and activities, in chapter seventeen, but
      not many. Countermeasures, in chapter eighteen, is a "once over
      lightly" of the entire security field. The epilogue, entitled "The
      Human Factor," is vague.

      If you haven't been paying any attention to computer security, this
      book is a quick read that will get you a very rough idea of what is
      going on in the areas of greatest concern to large corporations. If
      it scares a few people that will be all to the good: it certainly
      doesn't help you to start doing anything about security. Presumably
      it is the general public, with little knowledge of computer security,
      that is the intended audience. However, the lack of structure and
      uneven quality and depth of information make it difficult to know what
      those readers will take from this book.

      If, of course, you have been paying any attention at all, this is
      pretty old news.

      copyright Robert M. Slade, 2001 BKTANGWB.RVW 20001027

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Anything a faculty member can learn, a student can easily.
      - Richard Wesley Hamming
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.