[ISN] REVIEW: "Cyber Crime", Laura E. Quarantiello

From: mea culpa (jerichot_private)
Date: Fri Jul 03 1998 - 03:04:26 PDT

  • Next message: mea culpa: "[ISN] Reminder about WIPO Bill (from COAST)"

    Forwarded From: Peter Tonoli <anarchiet_private>
    To: lacct_private
    From: "Rob Slade, doting grandpa of Ryan and Trevor" <rsladet_private>
    BKCBRCRM.RVW   980425
    "Cyber Crime", Laura E. Quarantiello, 1997, 0-936653-74-4, U$16.95
    %A   Laura E. Quarantiello 73733.1653t_private
    %C   P.O. Box 493, Lake Geneva, WI   53147
    %D   1997
    %G   0-936653-74-4
    %I   Limelight Books/Tiare Publications
    %O   U$16.95 +1-414-248-4845
    %P   144 p.
    %T   "Cyber Crime: How to Protect Yourself from Computer Criminals"
    Running through the text of "About This Book," the preface, and the
    introduction, is a statement that this work is for the protection of
    the average computer user.  Unfortunately, the "average" computer user
    is a fairly ill-defined concept, and it is difficult to know
    specifically what type fo user and what type of risks the book is
    about.  As the author notes, generic computer security books are of
    daunting size, but that is because data security is a large field of
    Chapter one opens with a general look at computer crime.  Most of the
    chapter discusses the computer criminal, however.  While Quarantiello
    at least acknowledges the multiple users of the term "hacker" the
    origins of unauthorized computer exploration lie at least two decades
    further back than the book states, and the division between ethical
    and non-ethical uses of computers is hardly the amicable separation
    implied by the text.  The more serious error, however, is that
    computer crime somehow involves some extra level of skill or
    knowledge.  Not even system security breakers are the evil genii
    suggested by the book, and, in fact, the bulk of computer crime is
    committed by insiders with little knowledge of computers beyond menial
    use.  A very similar review of phone phreaks and system crackers
    constitutes chapter two, which also includes a brief and jumbled
    collection of the common types of telephone and computer scams and
    myths, including the amazingly resilient legend of the "salami scam."
    Except for the mention of shoulder surfing and social engineering,
    though, little is of help to the common user.  The coverage of viruses
    in chapter three is abysmal.  Although I am well used to
    misinformation in general security texts, there is not a paragraph
    that does not contain at least one error of fact, and most are not
    minimal mistakes.  (This is the more disappointing when the book twice
    quotes from Fred Cohen.)  Chapter four looks at the various dangers of
    fraud, harassment, and invasion of privacy online.  Unfortunately,
    details are few, confusing criminal invasion with legitimate,
    commercial databases of information, and weakening the warnings about
    stalking by failing to explain the situations realistically.
    Part two of the book discusses protective and defensive measures users
    can take to safeguard themselves.  Chapter five recommends a number of
    steps to take.  Unfortunately, few of the suggestions are practical.
    Make a policy never to discuss company computers with anyone aside
    from the sysop?  This is a simple rule?  It'll last until the first
    coffee break.  "Take a minute or two to back up your hard disk" each
    time you look at a new diskette or CD-ROM?  I suppose it'll work if
    your backup device is /dev/null.  Get a copy of all public records
    about you?  You probably have no idea what they are, or how to access
    them, and even if you have records of them all (updated how often?),
    the records will still be public.  Use encryption for all email?
    *Which* encryption?  The proposals for password choice are acceptable,
    although nothing special.  The advice for protecting children online
    is basic but reasonably good.
    Chapter six seems to be a collection of stories about the times that
    authorities have been able to deal with computer crime.  The final
    chapter is a brief and rather naive personal view of the security
    This book is yet another attempt by a complete novice to inform the
    world about data security.  There are, regrettably, a great many
    similar tomes, long on frantic warnings and short on both facts and
    useful counsel.  I have no doubt that many of the cautions are based
    on true stories, taken from court cases and possibly personal
    correspondence.  However, I also know that a number of the tales are
    mythic, and even the true anecdotes are presented in a spectacular
    fashion.  Statistics given are questionable, or not presented in
    sufficient detail to give a true picture.
    Overall, this is unlikely to be of value to the average computer user,
    however defined.
    copyright Robert M. Slade, 1998   BKCBRCRM.RVW   980425
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:43 PDT