Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Hacker Attack", Richard Mansfield

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKHCKATK.RVW 20020519 Hacker Attack , Richard Mansfield, 2000, 0-7821-2830-0, U$29.99/C$44.95/UK#19.99 %A Richard Mansfield earth@worldnet.att.net %C
    Message 1 of 1 , Jul 18, 2002
    • 0 Attachment
      BKHCKATK.RVW 20020519

      "Hacker Attack", Richard Mansfield, 2000, 0-7821-2830-0,
      %A Richard Mansfield earth@...
      %C 1151 Marina Village Parkway, Alameda, CA 94501
      %D 2000
      %G 0-7821-2830-0
      %I Sybex Computer Books
      %O U$29.99/C$44.95/UK#19.99 510-523-8233 Fax: 510-523-2373
      %P 293 p.
      %T "Hacker Attack: Shield Your Computer from Internet Crime"

      "FACT: It's unlikely that you'll ever personally experience a computer
      virus in your home computer." Ah, those glowing, carefree days of
      yore when ... wait a minute. This book wasn't published all THAT long
      ago ...

      This work is intended to address three issues: intrusions, privacy,
      and viruses. The author hopes that it will be as much fun to read as
      it was to write. Given the unrealistic assessment of risk levels, the
      almost random choice of topics, and the lighthearted approach, I did
      not start out feeling confident of the chances of finding useful
      information herein.

      (While we may agree that script kiddies and such cracker wannabes are
      grubs and insects, the security community does *not* refer to them as

      Part one is entitled "Hackers, Crackers, and Whackers." Chapter one
      is a generic warning about the fact that some people may be trying to
      probe you. Some information (such as directions on turning file and
      print sharing off) are useful, others (such as the need to share IP
      addresses--assuming you even know them--with friends for chatting and
      instant messages) are either wrong or not very useful. Port scanning
      gets mentioned, and, aside from the fact that there are more reliable
      ways of determining open ports, the specific example of an open port
      used isn't terribly handy since we are told neither what it is nor how
      to turn it off. Phone phreaks are discussed in chapter two--without
      mention of the fact that in-band signalling is now obsolete. Hackers
      are academics studying decryption, viruses can harvest your passwords,
      and munging your email address is an effective tool against spam, or
      so we are told in chapter three. Chapter four gives names to some
      really silly cracking techniques. Some equally silly defences are
      suggested in chapter five. Chapter six does say that there are better
      protections available, but doesn't talk about how to implement them.
      High-speed connections are said to be security risks (the real culprit
      being static IP addresses) in chapter seven. A variety of URLs are
      given for the ZoneAlarm product, and instructions for getting warnings
      about cookies from one version of the Internet Explorer browser are
      provided in chapter eight.

      Part two is supposed to deal with privacy. Chapter nine does, with a
      rapid race through a number of related issues. Chapters ten through
      thirteen, however, examine a number of encryption technologies that
      are no longer used. The algorithm central to DES (Data Encryption
      Standard) is used as an example of a symmetric encryption system in
      chapter fourteen. Chapter fifteen explains the use of prime numbers
      to create asymmetric (public key) systems. Both of these chapters are
      remarkably unhelpful in terms of the actual use of encryption.
      Chapter sixteen explains digital signatures, but very briefly. The
      dialogue boxes involved in using the Encrypting File System of Windows
      2000 are displayed in chapter seventeen. Chapter eighteen speculates
      on quantum computers. Source code for a random number generator for a
      one-time pad is given in chapter nineteen.

      Part three looks at viruses. (Ready?) Chapter twenty gives a brief
      account of the Internet/Morris/UNIX Worm of 1988, informing us that
      viruses had been used for years for network administration (untrue)
      and failing to explain what defrauding your girlfriend has to do with
      the worm. Some basics of virus structure are correct in chapter
      twenty one, but there is also confusion of pranks and trojans, and the
      discussion of virus functions applies only to boot sector infectors.
      Chapter twenty two provides an overview of Melissa and Loveletter.
      Useless means of defending against Microsoft Word macro viruses (known
      to have been bypassed long before this book was written) are given in
      chapter twenty three. Chapter twenty four tells us that viruses are
      mainly hype.

      Well, there are a few tips in this work that might help you to prevent
      intrusions, protect your privacy, and avoid viruses. Very few. The
      material is scant, and is padded out to book length with random
      insertions only nominally related to the topics at hand. Although not
      stated, it is fairly clear that the volume is intended for the average
      computer user rather than the security specialist. In terms of that
      general audience, the text is nowhere near detailed enough in those
      areas that the typical user can address. The material on network
      intrusions has some points, but many gaps. The section on
      cryptography might be interesting to a few, but is of little practical
      use. The opining on viruses is too often flatly wrong.

      copyright Robert M. Slade, 2002 BKHCKATK.RVW 20020519

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      If you are riding ahead of the herd, take a look back now and
      then to make sure it is still there.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.