REVIEW: "Hacker Attack", Richard Mansfield
- BKHCKATK.RVW 20020519
"Hacker Attack", Richard Mansfield, 2000, 0-7821-2830-0,
%A Richard Mansfield earth@...
%C 1151 Marina Village Parkway, Alameda, CA 94501
%I Sybex Computer Books
%O U$29.99/C$44.95/UK#19.99 510-523-8233 Fax: 510-523-2373
%P 293 p.
%T "Hacker Attack: Shield Your Computer from Internet Crime"
"FACT: It's unlikely that you'll ever personally experience a computer
virus in your home computer." Ah, those glowing, carefree days of
yore when ... wait a minute. This book wasn't published all THAT long
This work is intended to address three issues: intrusions, privacy,
and viruses. The author hopes that it will be as much fun to read as
it was to write. Given the unrealistic assessment of risk levels, the
almost random choice of topics, and the lighthearted approach, I did
not start out feeling confident of the chances of finding useful
(While we may agree that script kiddies and such cracker wannabes are
grubs and insects, the security community does *not* refer to them as
Part one is entitled "Hackers, Crackers, and Whackers." Chapter one
is a generic warning about the fact that some people may be trying to
probe you. Some information (such as directions on turning file and
print sharing off) are useful, others (such as the need to share IP
addresses--assuming you even know them--with friends for chatting and
instant messages) are either wrong or not very useful. Port scanning
gets mentioned, and, aside from the fact that there are more reliable
ways of determining open ports, the specific example of an open port
used isn't terribly handy since we are told neither what it is nor how
to turn it off. Phone phreaks are discussed in chapter two--without
mention of the fact that in-band signalling is now obsolete. Hackers
are academics studying decryption, viruses can harvest your passwords,
and munging your email address is an effective tool against spam, or
so we are told in chapter three. Chapter four gives names to some
really silly cracking techniques. Some equally silly defences are
suggested in chapter five. Chapter six does say that there are better
protections available, but doesn't talk about how to implement them.
High-speed connections are said to be security risks (the real culprit
being static IP addresses) in chapter seven. A variety of URLs are
given for the ZoneAlarm product, and instructions for getting warnings
about cookies from one version of the Internet Explorer browser are
provided in chapter eight.
Part two is supposed to deal with privacy. Chapter nine does, with a
rapid race through a number of related issues. Chapters ten through
thirteen, however, examine a number of encryption technologies that
are no longer used. The algorithm central to DES (Data Encryption
Standard) is used as an example of a symmetric encryption system in
chapter fourteen. Chapter fifteen explains the use of prime numbers
to create asymmetric (public key) systems. Both of these chapters are
remarkably unhelpful in terms of the actual use of encryption.
Chapter sixteen explains digital signatures, but very briefly. The
dialogue boxes involved in using the Encrypting File System of Windows
2000 are displayed in chapter seventeen. Chapter eighteen speculates
on quantum computers. Source code for a random number generator for a
one-time pad is given in chapter nineteen.
Part three looks at viruses. (Ready?) Chapter twenty gives a brief
account of the Internet/Morris/UNIX Worm of 1988, informing us that
viruses had been used for years for network administration (untrue)
and failing to explain what defrauding your girlfriend has to do with
the worm. Some basics of virus structure are correct in chapter
twenty one, but there is also confusion of pranks and trojans, and the
discussion of virus functions applies only to boot sector infectors.
Chapter twenty two provides an overview of Melissa and Loveletter.
Useless means of defending against Microsoft Word macro viruses (known
to have been bypassed long before this book was written) are given in
chapter twenty three. Chapter twenty four tells us that viruses are
Well, there are a few tips in this work that might help you to prevent
intrusions, protect your privacy, and avoid viruses. Very few. The
material is scant, and is padded out to book length with random
insertions only nominally related to the topics at hand. Although not
stated, it is fairly clear that the volume is intended for the average
computer user rather than the security specialist. In terms of that
general audience, the text is nowhere near detailed enough in those
areas that the typical user can address. The material on network
intrusions has some points, but many gaps. The section on
cryptography might be interesting to a few, but is of little practical
use. The opining on viruses is too often flatly wrong.
copyright Robert M. Slade, 2002 BKHCKATK.RVW 20020519
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
If you are riding ahead of the herd, take a look back now and
then to make sure it is still there.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade