"Frauds, Spies, and Lies", Fred Cohen, 2005, 1-878109-36-7,
%A Fred Cohen Fred dot Cohen at all dot net
%C 572 Leona Dr, Livermore, CA 94550
%I Fred Cohen and Associates
%O U$29.95/C$33.45 925-454-0171
%O Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 234 p.
%T "Frauds, Spies, and Lies: and How to Defeat Them"
Over the years, lots of books have promised to teach us how to deal
with social enginering, fraudulent practices, con jobs, deceit, and
just plain old lies. There are the pedestrian warnings that it is
dangerous out there, such as Barrett's "Bandits on the Information
Superhighway" (cf. BKBOTISH.RVW). Or Mintz' listing of nasty Websites
in "Web of Deception" (cf. BKWBDCPT.RVW). Or the repetitive
recounting of confidence games in Mitnick and Simon's "The Art of
Deception" (cf. BKARTDCP.RVW). Generally these works retail similar
stories, with little variation and even less analysis.
Cohen's slim volume is a bit different.
Chapter one is a brief introduction to the structure of the book.
Chapter two defines frauds, and then lists a huge series of variations
on the theme. Many books that deal with the topic provide examples,
but this exhausting (and nearly exhaustive) catalogue, even with
minimal analysis, allows the reader to begin to see patterns and thus
furnishes a useful alert for awareness of the issues, regardless of
the student's background. (Fred, I wonder if you are entirely correct
about 419 frauds.) The topic of deception, in chapter three, deals
first with how we think, and what analytical mistakes we are likely to
make. This preparation is augmented by examples of how fraudsters and
confidence tricksters can use these errors. (An interesting addition
is a section dealing with self-deception, in regard to the
justifications scammers use.) Cohen's wit and humour are used to good
effect in pointing out the absurdities of some of our thinking
patterns. Most "spying" is not James Bond derring-do, and chapter
four outlines the means that "HUMINT" (human intelligence) specialists
use to obtain information, mostly in normal conversation. This
material would be very useful in creating security awareness courses
dealing with social engineering. Defence and counterintelligence is
covered in chapter five. Chapter six leans more towards the
countering of various types of frauds.
This is not your normal security book, but then typical security works
have had remarkably little success in addressing this particular
topic. Security professionals will find little new in these pages,
but the aggregation of the variant frauds is, itself, useful.
Certainly no specialized background is needed to approach the text:
anyone can pick it up and get a good deal of useful security awareness
from a perusal of chapter two alone. The size of the work should not
be daunting for anyone, and the content is quite readable. (I must
note that the typography and formatting creates a bit of a problem:
the lack of "white space" can sometimes make section changes a bit
hard to follow, despite the careful and clear numbering of sections
I'd recommend this book, particularly as bedtime reading for any
security professional, and for those involved with security awareness
programs. However, it should have a broader readership: any
reasonably intelligent person will find something useful and helpful
for building a safer and enlightened attitude to the dangers of this
copyright Robert M. Slade, 2006 BKFRSPLI.RVW 20060710
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
If it's there and you can see it, it's real
If it's there and you can't see it, it's transparent
If it's not there and you can see it, it's virtual
If it's not there and you can't see it, it's *gone*
Dictionary of Information Security www.syngress.com/catalog/?pid=4150