BKMZNAGN.RVW 20041009 "The Mezonic Agenda", Herbert H. Thompson/Spyros Nomikos, 2004, 1-931836-83-3, U$34.95/C$50.95 %A Herbert H. Thompson %A Spyros Nomikos %C 800 Hingham Street, Rockland, MA 02370 %D 2004 %G 1-931836-83-3 %I Syngress Media, Inc. %O U$34.95/C$50.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1931836833/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1931836833/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1931836833/robsladesin03-20 %P 368 p. + CD-ROM %T "The Mezonic Agenda: Hacking the Presidency" Using a fictional story and premise to examine serious security concerns seems to be getting more popular. This one purports to discuss the issues surrounding electronic voting. As a piece of fiction, the book isn't very good. The dialogue is stilted, the writing and sentence construction is often jarringly awkward, and the plotting, description, and story subtext are simplistic and formulaic, making the occasional intrusions of "reality" (which would otherwise give depth to the narrative and characters) odd and unwelcome. Characterization is telegraphed in strange ways: the e-voting analyst's name is Chad, someone driven insane by personal tragedy is called Payne, and a turncoat politician is Shift. (The copy editing is reasonable, at least as far as spelling is concerned, but there is a very strange, and repeated, typographical error of "Davis'ss".) There are a number of mistakes that would have thriller aficionados rolling in the aisles: Amsterdam isn't a member country of Interpol because it isn't a country, Interpol is not an investigative agency (they do communications and liaison), and subliminal advertising has proven to be extremely undependable. The technical content is uneven. There are good bits: the description of buffer-overflows doesn't handle all cases but is clear. The example of SQL injection is missing pieces, but isn't bad. A lot of it is realistic, but there are frequent over-simplifications. Reverse engineering is not just the finding of buffer overflow exploits. Various types of blackhats are grouped in one undifferentiated lump. Silly errors are made, such as a conflict in IP addressing between pages 39 and 44. The importance of a paper trail is mentioned, but somewhat peripherally. The book itself does not mention the bulk of the problems with, and reservations about, electronic voting systems, although an appendix touches on many of them briefly. Probably the biggest problem relates to why the analyst is proceeding in the way he does: without being able to review source code, any problems that you do find will be largely by accident. And, of course, in any kind of software review you can prove the presence of bugs, but never their absence. As fiction the book doesn't work very well. As a review of the problems involved with electronic voting there is a lot of verbiage to get through in order to find the few points of interest. copyright Robert M. Slade, 2004 BKMZNAGN.RVW 20041009