Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Googling Security", Greg Conti

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKGGLSEC.RVW 20091020 Googling Security , Greg Conti, 2009, 978-0-321-51866-8, U$49.99/C$54.99 %A Greg Conti conti@acm.org www.GregConti.com
    Message 1 of 1 , May 14, 2009
    • 0 Attachment
      BKGGLSEC.RVW 20091020

      "Googling Security", Greg Conti, 2009, 978-0-321-51866-8,
      %A Greg Conti conti@... www.GregConti.com www.rumint.org
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2009
      %G 978-0-321-51866-8 0-321-51866-7
      %I Addison-Wesley Publishing Co.
      %O U$49.99/C$54.99 416-447-5101 800-822-6339 bkexpress@...
      %O http://www.amazon.com/exec/obidos/ASIN/0321518667/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0321518667/robsladesin03-20
      %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 332 p.
      %T "Googling Security: How Much Does Google Know About You?"

      The title is ever so slightly misleading: the subtitle is much
      clearer. This is not about doing Web searches to find security tools
      or information, but, rather, the information that Google collects from
      (and relating to) Internet users in the course of providing its
      services and tools. The preface states that the intent is to raise
      awareness of the privacy risks involved in using Google, its utilities
      and services, and of similar systems and agencies. Conti does not,
      for the most part, present solutions: some activities admit of no
      resolution. Google is not being singled out because the author
      doesn't like the company, but because it is the largest and most
      pervasive search and information system, with the greatest
      implications, and because the policies and decisions resulting from
      discussions of these issues can be applied more generally.

      Chapter one is an overview of the online world, and online activity,
      and the scope and capabilities of Google. There are extensive
      endnotes supporting the stories and studies cited in the text. The
      normal information flows involved with computer operations are
      outlined in chapter two, and Conti points out the potential areas of
      leakage. Although not named as such, he provides an excellent
      explanation of the trusted computing base (TCB), as well as reviewing
      covert channels such as TEMPEST and acoustic surveillance, and
      Internet entities. Turning more specifically to the structure of
      requests from browsers, chapter three notes the information that is
      captured by server logs. The author also notes data provided by users
      themselves, and that which can be obtained from statistical analysis
      of a large amount of activity.

      Chapter four notes the various search sites and functions, as well as
      the intelligence that can be inferred about someone, simply by
      examining the search requests submitted. Communications, mostly
      Gmail, is the subject of chapter five. Chapter six examines the
      mapping and related imagery functions, discussing the information
      disclosed by requests for directions, as well as the occasional
      invasion of privacy involved in the collection of satellite
      photographs. (Personally, while I don't use Google Earth, I use
      Google Maps quite a bit. I was interested to see that my non-standard
      interaction with the system inadvertantly protected against some of
      the dangers Conti points out. I don't "express interest" by clicking
      on the "Print" or "Link ..." buttons, but tend to copy the link
      location URL and use that. Of course, if Google buys up TinyURL I may
      be in trouble ... :-) Tracing functions related to the provision of
      advertising, as well as malicious enterprises associated with
      commercial proclamations, are noted in chapter seven. Webbot, spider,
      or crawler operations are detailed in chapter eight. Although Conti
      did not promise a solution, chapter nine does provide recommendations
      and resources to raise awareness of the issues, and assist with
      protecting the reader's privacy. Chapter ten finishes off with a look
      to the future, and the forces which ensure that whether or not Google
      survives, the privacy situation online is unlikely to change.

      The book is certainly interesting and illuminating. Internet users,
      for the most part, may have encountered security awareness material
      that speaks of the dangers of certain types of activities, but not
      necessarily of how much information they disclose in the course of
      normal pursuits. While Google is used as a specific example in many
      parts of this work, the internal operations of many of the services
      and utilities are not examined to the internal depth they might have
      been. A more accurate title might be "Privacy While Surfing."

      Which is an important enough topic to read about in any case.

      copyright Robert M. Slade, 2009 BKGGLSEC.RVW 20091020

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      When a subject becomes totally obsolete we make it a required
      course. - Peter Drucker
      http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.