BKCBRSHK.RVW 20000625 "CyberShock", Winn Schwartau, 2000, 1-56025-246-4, U$24.95 %A Winn Schwartau winn@infowar.com,winns@gte.net %C Fourth Floor, 841 Broadway, New York, NY 10003 %D 2000 %G 1-56025-246-4 %I Thunder's Mouth/Inter.Pact Press %O U$24.95 212-780-0380 fax: 813-393-6361 %P 470 p. %T "CyberShock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption" As some may know, Winn Schwartau and I do not see eye-to-eye on the emphasis to be given to certain exhortations in alerting the public to matters of computer security. So when he informed me of his latest book, he noted that I might like to do the usual hatchet job on it. Unfortunately, I can't fully comply. While I may quibble with some aspects of his latest book, overall it is a good overview of the existing computer security situation, and would make a helpful introduction for new computer and Internet users. Part one is an outline of hackers and hacking. "The Great New Global Society" appears to be (although erudite and readable it's not exactly straightforward) a presentation of society as seriously messed up, and hackers as curious and determined. The results of a number of surveys of computer penetration are described in "Whole Lotta Hacking Goin' On," with unfortunately little space given to the design of the studies. There are some examples of Web site defacement and an ad for Linux in "CyberGraffiti." (And it's attrition.org, not attrition.com.) "Who Are the Hackers?" gives a reasonable structure to the current security breaking population and environment, although, as Schwartau notes, the game has become so big and ill-defined that one might be forgiven for coming out of this chapter thinking that anyone could be a hacker and a hacker could be anyone. Some stories from the annual DefCon (and the inadequacies of the Plaza Hotel) are retailed in "CyberChrist at the Hacker Con." "Hacktivism" lists a few examples of digital civil disobedience. "An American Alien Hacks Through Customs" is probably fair warning to customs agents that if you mess with Schwartau at the border you are going to look really silly in his next book. Part two looks into protecting you and yours. "In Cyberspace You're Guilty Until Proven Innocent" describes identity theft, and the ease and dangers thereof. (It also includes a rather odd section on Web privacy security.) The chapter admits that there is not much you can do about identity theft. It is also very US-centric: for example, the Canadian SIN (Social Insurance Number), as opposed to the US SSN (Social Security Number), is very seldom used for commercial transactions. The advice in "Protecting Your Kids and Family From Hackers" is not an easy or quick fix, but it is (with the notable exception of the piece on cyberstalking) realistic and well written. So is the counsel in "Spam." "Scam Spam" offers very useful and relevant guidance on dealing with fraud on the net. Part three outlines the techniques of hacking itself. "Getting Anonymous" is a quick overview of anonymizing services and spoofing. Some of the basics are skipped in "Password Hacking," but there is a nice introduction to biometric techniques. While not getting into the gritty details, there is a quick lesson on eavesdropping on promiscuous networks in "Hack and Sniff." "Scanning, Breaking and Entering" lays out the information that is--must be--available to anyone wanting to mount a network attack. "War Dialing" basically notes that phones are a means of access. Leaving aside a minor quibble with the definition of trojan horse software (like the Trojans who "installed" the horse of their own destruction because they didn't know what it contained, users generally install trojans because of a misrepresentation of what the software does), most of "Trojan Hacking" only describes Back Orifice. There is some small degree of comfort for credit card users, and some rather embarrassing points for credit card merchants, in "Hacking for $." While it waffles a little, "Viruses, Hoaxes, and Other Animals" contains good advice and a reasonable picture of the current situation. "Crypto Hacking" is (absent an impossible IP address) a nice history of cryptography, although it's a bit thin on details. "Steganography" defines the term, but misses a few points on usage. The discussion of computer forensics in "Hacking for Evidence" is limited to data recovery, but has some good points for users and companies. Part four deals with destructive activities. "Denial of Service" rather overstates the point, since the term generally is restricted to operations that inhibit use but do not harm hardware or data. "Schwartau to Congress" appears to be a minor aside. The discussion of electromagnetic weaponry in "Weapons of Mass Disruption" is fascinating, but does downplay a few inconvenient laws of physics, such as inverse square distance relationships. Part five analyses some tips for protecting yourself. "Hiring Hackers" examines both sides of the question. The basics of intrusion detection is outlined in "Catching Hackers." There is a decent introduction to firewalls in "Defensive Hacking," along with a pointer to simple automated penetration testing. "Corporate Anti-Hacking" presents a number of good points (although if you follow all of them blindly you'll likely face mass resignations). Deception is promoted in "Lying to Hackers is OK By Me." Part six discusses law enforcement. "Hacking and Law Enforcement" is rather depressing, but reasonable. The advice on striking back boils down to "be careful" in "Corporate Vigilantism." "Infrastructure Is Us" seems to be a bit out of place, in that it presents no protective measures: only a warning. Similarly, the material on infowar is alarming but not really illuminating in "Something Other Than War." Part seven looks to the future. "Luddite's Lament" expresses frustration with phones. "The Future of Microsoft" is one of the standard jokes about Microsoft's fight with the US federal government. Digital manipulation of propaganda is mentioned in "Messing With the Collective Mind." "Extreme Hacking" gives short takes on some new technologies. "The Toaster Rebellion of '08" is one of the standard scifi plots. While there is a heavy emphasis on the sensational, overall this book does provide the security novice with a fairly reliable picture of the current security environment. Possibilities are generally presented as such, and the analysis of relative dangers is usually good. A number of useful tips are given that can help home and small business computer users be more secure in their computer and network use. Security specialists will find little that is new here, but that is not the target audience for the book. I have frequently been asked for a recommendation for a general security introduction directed at the non-technical computer and Internet user, and, for all its flaws, I think this work may be the closest I've seen. copyright Robert M. Slade, 2000 BKCBRSHK.RVW 20000625