Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Frauds, Spies, and Lies", Fred Cohen

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKFRSPLI.RVW 20060710 Frauds, Spies, and Lies , Fred Cohen, 2005, 1-878109-36-7, U$29.95/C$33.45 %A Fred Cohen Fred dot Cohen at all dot net %C 572
    Message 1 of 1 , Aug 10, 2006
      BKFRSPLI.RVW 20060710

      "Frauds, Spies, and Lies", Fred Cohen, 2005, 1-878109-36-7,
      %A Fred Cohen Fred dot Cohen at all dot net
      %C 572 Leona Dr, Livermore, CA 94550
      %D 2005
      %G 1-878109-36-7
      %I Fred Cohen and Associates
      %O U$29.95/C$33.45 925-454-0171
      %O http://www.amazon.com/exec/obidos/ASIN/1878109367/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1878109367/robsladesin03-20
      %O Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 234 p.
      %T "Frauds, Spies, and Lies: and How to Defeat Them"

      Over the years, lots of books have promised to teach us how to deal
      with social enginering, fraudulent practices, con jobs, deceit, and
      just plain old lies. There are the pedestrian warnings that it is
      dangerous out there, such as Barrett's "Bandits on the Information
      Superhighway" (cf. BKBOTISH.RVW). Or Mintz' listing of nasty Websites
      in "Web of Deception" (cf. BKWBDCPT.RVW). Or the repetitive
      recounting of confidence games in Mitnick and Simon's "The Art of
      Deception" (cf. BKARTDCP.RVW). Generally these works retail similar
      stories, with little variation and even less analysis.

      Cohen's slim volume is a bit different.

      Chapter one is a brief introduction to the structure of the book.
      Chapter two defines frauds, and then lists a huge series of variations
      on the theme. Many books that deal with the topic provide examples,
      but this exhausting (and nearly exhaustive) catalogue, even with
      minimal analysis, allows the reader to begin to see patterns and thus
      furnishes a useful alert for awareness of the issues, regardless of
      the student's background. (Fred, I wonder if you are entirely correct
      about 419 frauds.) The topic of deception, in chapter three, deals
      first with how we think, and what analytical mistakes we are likely to
      make. This preparation is augmented by examples of how fraudsters and
      confidence tricksters can use these errors. (An interesting addition
      is a section dealing with self-deception, in regard to the
      justifications scammers use.) Cohen's wit and humour are used to good
      effect in pointing out the absurdities of some of our thinking
      patterns. Most "spying" is not James Bond derring-do, and chapter
      four outlines the means that "HUMINT" (human intelligence) specialists
      use to obtain information, mostly in normal conversation. This
      material would be very useful in creating security awareness courses
      dealing with social engineering. Defence and counterintelligence is
      covered in chapter five. Chapter six leans more towards the
      countering of various types of frauds.

      This is not your normal security book, but then typical security works
      have had remarkably little success in addressing this particular
      topic. Security professionals will find little new in these pages,
      but the aggregation of the variant frauds is, itself, useful.
      Certainly no specialized background is needed to approach the text:
      anyone can pick it up and get a good deal of useful security awareness
      from a perusal of chapter two alone. The size of the work should not
      be daunting for anyone, and the content is quite readable. (I must
      note that the typography and formatting creates a bit of a problem:
      the lack of "white space" can sometimes make section changes a bit
      hard to follow, despite the careful and clear numbering of sections
      and subsections.)

      I'd recommend this book, particularly as bedtime reading for any
      security professional, and for those involved with security awareness
      programs. However, it should have a broader readership: any
      reasonably intelligent person will find something useful and helpful
      for building a safer and enlightened attitude to the dangers of this
      complex world.

      copyright Robert M. Slade, 2006 BKFRSPLI.RVW 20060710

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      If it's there and you can see it, it's real
      If it's there and you can't see it, it's transparent
      If it's not there and you can see it, it's virtual
      If it's not there and you can't see it, it's *gone*
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.