[ISN] REVIEW: "Secrets of Computer Espionage", Joel McNamara

From: InfoSec News (isn@private)
Date: Tue Oct 28 2003 - 02:17:56 PST

  • Next message: InfoSec News: "[ISN] R.I.P Ghent"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>
    
    BKSCCMES.RVW   20030902
    
    "Secrets of Computer Espionage", Joel McNamara, 2003, 0-7645-3710-5,
    U$35.00/C$52.99/UK#24.50
    %A   Joel McNamara
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2003
    %G   0-7645-3710-5
    %I   John Wiley & Sons, Inc.
    %O   U$35.00/C$52.99/UK#24.50 416-236-4433 fax: 416-236-4448
    %O  http://www.amazon.com/exec/obidos/ASIN/0764537105/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0764537105/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0764537105/robsladesin03-20
    %P   362 p.
    %T   "Secrets of Computer Espionage"
    
    I suppose one might be able to make a case that this book is about
    computer espionage, but the contents are hardly secret.  The fact that
    the introduction is decidedly vague about the audience--anyone
    concerned that someone might want to spy on their data--would lead one
    to suspect that this is another attempt to jump on a hot bandwagon,
    without necessarily doing a lot of research first.  And, in this case,
    one would be right.
    
    In addition, this is, once again, a book about defence that provides
    more help to the attacker.  Not much more, mind, but more.  The
    countermeasures included after the attacks and penetration techniques
    are generally vague and not very useful.  In quite a number of cases,
    the protections are irrelevant to the attacks described.
    
    Chapter one tells us about spies, and particularly that spies are
    purposeful.  Never mind that the best data that researchers have been
    able to find points out that most network snooping and theft of
    computer equipment is random: the concentration on professional spies
    allows the author to present a much more sensational view.  The
    overview of US federal laws, in chapter two, is rather short on any
    examination of legal concepts.  The penetration activities described
    in chapter three are mostly physical, and even the computer invasions
    suggested in chapter four require physical access to the machine. 
    About all that chapter five tells you about searching for evidence, is
    that you stand a better chance of finding it if you know how the
    machine works.  I suppose this material might impress those who know
    very little about computers, but most of it is pretty simplistic and
    doesn't have enough detail to help newcomers, either to extract
    information or protect themselves.
    
    Chapter six briefly describes some means of cracking weak encryption. 
    A list of data storage devices is presented in chapter seven. 
    Keyloggers, both hardware and software, are outlined in chapter eight. 
    Chapter nine primarily concentrates on remote access trojans, although
    it makes no distinctions in regard to other types.  Network intrusion,
    in chapter ten, has countermeasures that are, unusually, *too*
    specific, dealing with particular exploits while not analyzing the
    concepts.  Again, the countermeasures are not comprehensive in regard
    to the threats that are discussed.  The overview of wireless security,
    in chapter eleven, is not bad, with decent research and an appropriate
    presentation for a general audience.  Chapter twelve reviews other
    devices, such as secure telephones.  Government surveillance tools, in
    chapter thirteen, are described well, and the text even includes
    mention of the various controversies, although without much analysis.
    
    Absent the strident and sensational tone of this book, is there
    anything really wrong with it?  Well, I suppose not, but there isn't
    anything right with it, either.  It is not a book about security in
    general, nor even privacy in particular.  The protection measures
    suggested are generally only suitable for a computer neophyte, but the
    book does not provide adequate instruction for those users to apply
    the suggestions.  As noted, the book is somewhat more appropriate for
    those trying to break into computers, but only somewhat: this is not
    exactly a guide for computer forensic analysts.
    
    copyright Robert M. Slade, 2003   BKSCCMES.RVW   20030902
    
    
    ======================  (quote inserted randomly by Pegasus Mailer)
    rslade@private      slade@private      rslade@private
    A classic is something that everybody wants to have read and
    nobody wants to read.                       - Mark Twain (1835-1910)
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 28 2003 - 06:35:41 PST