Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Phishing: Cutting the Identity Theft Line", Rachael Liniger/Russell Dean Vines

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKPHSHNG.RVW 20061014 Phishing: Cutting the Identity Theft Line , Rachael Liniger/Russell Dean Vines, 2005, 0-7645-8498-7, U$29.99/C$38.99/UK#18.99 %A
    Message 1 of 1 , Dec 1, 2006
    View Source
    • 0 Attachment
      BKPHSHNG.RVW 20061014

      "Phishing: Cutting the Identity Theft Line", Rachael Liniger/Russell
      Dean Vines, 2005, 0-7645-8498-7, U$29.99/C$38.99/UK#18.99
      %A Rachael Liniger
      %A Russell Dean Vines
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2005
      %G 0-7645-8498-7
      %I John Wiley & Sons, Inc.
      %O U$29.99/C$38.99/UK#18.99 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0764584987/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0764584987/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0764584987/robsladesin03-20
      %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 309 p.
      %T "Phishing: Cutting the Identity Theft Line"

      The introduction to the book provides a good, and very realistic,
      prologue to the topic of phishing. The audience for the work is said
      to consist of executives and incident response teams for banks and
      large corporations, information security professionals, and general
      Internet users.

      Chapter one furnishes the reader with a solid overview of the subject,
      although it would seem to be aimed primarily at individual Web and
      email users. "Phishing Emails," in chapter two, explains various spam
      hiding and URL obfuscation technologies. The list is not exhaustive,
      but is sufficient to illustrate the basic concepts clearly. (The
      writing, in this chapter by Rachael Liniger, is delightful. Wit and
      humour are used extensively, and to good effect.) Chapter three
      presents information on false or obfuscated URLs, as well as useful
      detail on pop-ups: the content is much superior to other sources on
      the same topic. (There is also an oddly placed section on public key
      encryption.) Spyware is reviewed in chapter four.

      You cannot stop phishing completely, notes chapter five, examining
      various players in the fight against identity theft and the
      limitations of the action they can take. Chapter six is supposed to
      be about helping the organization to avoid phishing, and sets forth
      some policies in regard to email and Websites that are very practical
      in preventing abuse. (The section on authentication schemes is less
      so, and eventually the chapter devolves into random topics.) A
      generic and sometimes terse outline of incident response and network
      forensics makes chapter seven poor in relation to other parts of the
      book. In terms of consumer education, chapter eight has a number of
      recommendations for safer computing, with lots of "avoid Microsoft"
      advice, but also configuration settings, a bit of email analysis
      material, and an admonition to check your home finance statements
      carefully. Chapter nine deals with actions to take if you,
      personally, are the victim of identity theft. (Most of the agencies
      mentioned are based in the United States, but the resource list does
      have some additional contacts for the UK and Germany.)

      Identity theft (and, by extension, phishing) is a major problem, and
      not enough is being done to address the issue. This book lays out the
      risks and threats clearly, and proposes practical solutions for a
      variety of actors in the drama. The text is readable and the concepts
      are clear. I can recommend this work to almost anyone involved in a
      security role, particularly those in the financial or online
      industries, law enforcement, or working in the field of security
      awareness.

      copyright Robert M. Slade, 2006 BKPHSHNG.RVW 20061014


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Ah! When I were lad, we used to 'ave t'wait 40 milliseconds
      on noisy channel wi' 'uge 58 volt bits *and* rounded edges
      for a network link to come oop--*and* login both ends!
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.