disLEXia

Cyberterror

Author: R. J. Pineiro; $18.17 (Pre Order, release date February, 2003)
[Amazon Books: cyberterror] Huh - a book on Cyberterror!
09:09 | #

Sunday, 08. September 2002

Cybercrime Vandalizing the Information Society

Cybercrime Vandalizing the Information Society
Author: Steven Furnell; $20.99 (Available)
[Amazon Books: cybercrime] Recived this book a few days ago, flipped torough it and it looks promising.
09:25 | #

Wednesday, 04. September 2002

Out of Control

AllConsuming.Net "offers new insight into what the weblog community is reading at the moment." [Scripting News via Blogging Alone]

I found a link to an interesting-looking book over there: Out of Control, by Kevin Kelly. The book is available in full online.

Out of Control is a summary of what we know about self-sustaining systems, both living ones such as a tropical wetland, or an artificial one, such as a computer simulation of our planet. [...] The major themes of the book are:

As we make our machines and institutions more complex, we have to make them more biological in order to manage them.

The most potent force in technology will be artificial evolution. We are already evolving software and drugs instead of engineering them.

Check out the table of contents for the book. Speaking of biological mechanisms, ever notice how biological systems have a tendency to fail gracefully? And to recover impressively well from disruptive events they were not designed to handle? [Seb's Open Research] [dws.] It's a good book. Read it.
10:39 | #

Friday, 30. August 2002

Just another Cybercrime Book?

The Transnational Dimension of Cybercrime and Terrorism.
The Transnational Dimension of Cybercrime and Terrorism
Author: Seymour F. Goodman; $34.95 (Special Order)
[Amazon Books: cybercrime]
01:12 | #

Just another Cybercrime Book?

The Transnational Dimension of Cybercrime and Terrorism.
The Transnational Dimension of Cybercrime and Terrorism
Author: Seymour F. Goodman; $34.95 (Special Order)
[Amazon Books: cybercrime]
01:12 | #

Another Cybercrime Book to check

Cybercrime.
Cybercrime
Author: Neil McIntosh; $25.64 (Pre Order, release date October, 2002)
[Amazon Books: cybercrime]
01:12 | #

Another Cybercrime Book to check

Cybercrime.
Cybercrime
Author: Neil McIntosh; $25.64 (Pre Order, release date October, 2002)
[Amazon Books: cybercrime]
01:12 | #

Hacker Culture

Hacker Culture
Author: Douglas Thomas; $18.17 (Special Order)
A View of the Views of Hackers and Views About Hackers
It may be that computer hackers, those who can break into someone else's computer system and take data, or fiddle with it, or just look around, are scary criminals who may collapse our baroque internet architecture. It may be that they are dangerous outlaws who, since they know computers so well, must be put into prison for years away from any keyboard or mouse. It may also be that they simply know people very well, and that stereotypes of hackers in the media (even in journalism) show nothing so much as our worry over the unprecedented new computer tools piped into our homes and offices. This last is the view of Douglas Thomas, who, in _Hacker Culture_ (University of Minnesota Press), has written a history of how hackers came to be, and how they came to be seen as villainous outcasts. It is a surprising look at hackers, but is more about how a society uses computers, and it takes in the entire short history of digital electronics.

One of the surprising parts of this history is just how far antipathy between hackers and Microsoft goes, and it starts right at the beginning with the first personal computer. Bill Gates co-wrote a version of the BASIC programming language that could be run on the Altair, but Altair users had become used to sharing programs, not buying them. Gates thought of his BASIC as a secret that could be licensed or purchased, and hobbyists that shared it (the earliest hackers) were simply thieves. Ill feelings between Gates and hackers have continued for almost three decades now over similar issues. The reputation of hackers, forged in the popular media, is one of this book's strengths. _WarGames_, the 1983 release about the kid who nearly causes nuclear war by hacking into military supercomputers, gave hacker culture a national audience. The 1995 _Hackers_ showed hackers as young Robin Hoods, but had a freakish number of technical errors and it tried to promote erroneous hacker language and clothing styles. The film's website, therefore, became a focus for hacker attacks, with defacement of the photographs and replacement of ad-copy hype with such non-recommendations as "Hackers, the new action adventure movie from those idiots in Hollywood, takes you inside a world where there's no plot or creative thought, there's only boring rehashed ideas."

The scariness of the depictions of hackers in the media has resulted in strange legal decisions. The famous Kevin Mitnick was trumpeted as such an "evil genius" and "cyberterrorist" that he was denied a bail hearing and was kept in jail for over four years awaiting trial, with the government denying his legal team access to evidence to be presented against him. (Some fellow hackers redesigned web sites as political pranks to call attention to his plight.) This sort of basic misunderstanding about what hackers are and what they do is what _Hacker Culture_ seeks to correct. Douglas Thomas, an academic who is able to use ideas from Plato, Nietzsche, and Wittgenstein, kindly does not use this talent too often, but restricts his entertaining depiction of hacker history to the important battles the information age has spawned concerning basic issues of privacy, property, and secrecy. He shows us that hackers have been at the edge of defining these issues, and in a remarkably well balanced account which refuses black and white labels, he shows that they are not always on the wrong side.

[Amazon Books: hacker]
00:45 | #

Hacker Culture

Hacker Culture
Author: Douglas Thomas; $18.17 (Special Order)
A View of the Views of Hackers and Views About Hackers
It may be that computer hackers, those who can break into someone else's computer system and take data, or fiddle with it, or just look around, are scary criminals who may collapse our baroque internet architecture. It may be that they are dangerous outlaws who, since they know computers so well, must be put into prison for years away from any keyboard or mouse. It may also be that they simply know people very well, and that stereotypes of hackers in the media (even in journalism) show nothing so much as our worry over the unprecedented new computer tools piped into our homes and offices. This last is the view of Douglas Thomas, who, in _Hacker Culture_ (University of Minnesota Press), has written a history of how hackers came to be, and how they came to be seen as villainous outcasts. It is a surprising look at hackers, but is more about how a society uses computers, and it takes in the entire short history of digital electronics.

One of the surprising parts of this history is just how far antipathy between hackers and Microsoft goes, and it starts right at the beginning with the first personal computer. Bill Gates co-wrote a version of the BASIC programming language that could be run on the Altair, but Altair users had become used to sharing programs, not buying them. Gates thought of his BASIC as a secret that could be licensed or purchased, and hobbyists that shared it (the earliest hackers) were simply thieves. Ill feelings between Gates and hackers have continued for almost three decades now over similar issues. The reputation of hackers, forged in the popular media, is one of this book's strengths. _WarGames_, the 1983 release about the kid who nearly causes nuclear war by hacking into military supercomputers, gave hacker culture a national audience. The 1995 _Hackers_ showed hackers as young Robin Hoods, but had a freakish number of technical errors and it tried to promote erroneous hacker language and clothing styles. The film's website, therefore, became a focus for hacker attacks, with defacement of the photographs and replacement of ad-copy hype with such non-recommendations as "Hackers, the new action adventure movie from those idiots in Hollywood, takes you inside a world where there's no plot or creative thought, there's only boring rehashed ideas."

The scariness of the depictions of hackers in the media has resulted in strange legal decisions. The famous Kevin Mitnick was trumpeted as such an "evil genius" and "cyberterrorist" that he was denied a bail hearing and was kept in jail for over four years awaiting trial, with the government denying his legal team access to evidence to be presented against him. (Some fellow hackers redesigned web sites as political pranks to call attention to his plight.) This sort of basic misunderstanding about what hackers are and what they do is what _Hacker Culture_ seeks to correct. Douglas Thomas, an academic who is able to use ideas from Plato, Nietzsche, and Wittgenstein, kindly does not use this talent too often, but restricts his entertaining depiction of hacker history to the important battles the information age has spawned concerning basic issues of privacy, property, and secrecy. He shows us that hackers have been at the edge of defining these issues, and in a remarkably well balanced account which refuses black and white labels, he shows that they are not always on the wrong side.

[Amazon Books: hacker]
00:45 | #

Hacker's Delight

Contemplating to buy this: Hacker's Delight
Author: Henry S. Warren; $39.99 (Available)
[Amazon Books: hacker]
00:43 | #

Hacker's Delight

Contemplating to buy this: Hacker's Delight
Author: Henry S. Warren; $39.99 (Available)
[Amazon Books: hacker]
00:43 | #

Thursday, 29. August 2002

Hacker Cracker: A Journey from the Mean Streets of Brooklyn to the Frontiers of Cyberspace

Should I buy this Book? Hacker Cracker: A Journey from the Mean Streets of Brooklyn to the Frontiers of Cyberspace
Author: Ejovi Nuwere; $17.47 (Pre Order, release date October, 2002)
[Amazon Books: hacker]
23:59 | #

Hacker Cracker: A Journey from the Mean Streets of Brooklyn to the Frontiers of Cyberspace

Should I buy this Book? Hacker Cracker: A Journey from the Mean Streets of Brooklyn to the Frontiers of Cyberspace
Author: Ejovi Nuwere; $17.47 (Pre Order, release date October, 2002)
[Amazon Books: hacker]
23:59 | #

Tuesday, 27. August 2002

Transnational Criminal Organizations, Cybercrime, and Money Laundering: A Handbook for Law Enforcement Officers

Author: James R. Richards; $79.95 (Pre Order, release date 13 December, 2002

Strange Book. Amazon tells me it will be published in 4 months and is has already raving reviews. I like the last review most:

Tuesday, 20. August 2002

REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford

BKCMETCB.RVW 20020606

"Computers and Ethics in the Cyberage", D. Micah Hester/Paul J. Ford,
2001, 0-13-082978-1, U$41.00
%A D. Micah Hester
%A Paul J. Ford
%C Scarborough, Ontario
%D 2001
%G 0-13-082978-1
%I Prentice Hall
%O U$41.00 800-576-3800 416-293-3621 fax: 201-236-7131
%P 498 p.
%T "Computers and Ethics in the Cyberage"

This volume is a collection of essays, arranged in a rather complex fashion. There are parts, subdivided into chapters, with each chapter containing about four papers. It isn't necessarily difficult to find the theme running through each set of papers, but neither does the conjunction of ideas support the individual discussions.

[...] Many of the papers in this collection are lifted wholesale from their origin. Although ellipses seem to indicate that material has been cut in a number of places, there are still some very odd references to other papers or presentations no longer "present," and even comments directed at people who are no longer in the audience.

Much of this material is quite seriously flawed by a lack, on the part of the authors, of a technical background. This is not to say that non-technical people cannot comment on the social aspects of technology, nor that discussions of technical ethics could not benefit from the input of philosophers, ethicists, sociologists, and the like. However, many of the speculations bear little relationship to technical reality, and therefore the arguments and decisions are invalid.

Overall, there is a lack of direction to the work. In the end, it gives an impression of a vague complaint that computers aren't moral, and aren't taking the burden of ethical decisions away from mankind. Personally, I find this position not only unhelpful, but extremely odd.

copyright Robert M. Slade, 2002 BKCMETCB.RVW 20020606 [Rob Slade via risks-digest Volume 22, Issue 20]
23:12 | #

Monday, 15. July 2002

REVIEW: "The Hacker Diaries", Dan Verton

BKHCKDRY.RVW 20020519

"The Hacker Diaries", Dan Verton, 2002, 0-07-222364-2, U$24.99
%A Dan Verton
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 2002
%G 0-07-222364-2
%I McGraw-Hill Ryerson/Osborne
%O U$24.99 905-430-5000 +1-800-565-5758 fax: 905-430-5020
%P 219 p.
%T "The Hacker Diaries: Confessions of Teenage Hackers"

Teenaged hackers are misunderstood. Definitions are for lamers, morality is a "bogus" concept. These noble idealists are questers after the Holy Grail of knowledge: problem solvers who are attempting to enlighten the masses. Given a little dedication, you too can, inside of six months, go from being a technopeasant to "knowing everything there [is] to know" about computers. Thus it is written in the Gospel of Verton.

(While we are at it, I have this nice bridge you might want to purchase ...)

Even if you ignore questions about the definition of what "hacking" actually is, and even if you leave aside the author's biased sympathy for rebels-without-a-clue, the introduction alone points out that Verton has not performed the research one would think minimal to such a project: reading the "popular" literature on the subject, never mind the more serious analyses by researchers like Denning and Gordon. How else can he make the statement that this book is the first ever to try and penetrate the veil of secrecy surrounding the computer vandal community, an assertion that must come as a bit of a shock to authors like Levy ("Hackers," cf. BKHACKRS.RVW), Sterling ("Hacker Crackdown," cf. BKHKRCRK.RVW), Taylor ("Hackers," cf. BKHAKERS.RVW), Dreyfus ("Underground," cf. BKNDRGND.RVW), and a host of others. It is, therefore, no surprise that this author gets basic factual information wrong, such as the confusion of the infamous Operation Sundevil with more successful prosecutions of computer crime.

Verton decries the blind and ignorant stereotyping of loners who are more comfortable with computers than with their peers, but he is, himself, guilty of promoting the same kind of confusion. The group targeted after the Columbine shootings was not the computer community but the Goths, who share almost no characteristics with hackers except for a slightly obsessive interest in an esoteric topic and a position outside the mainstream. (Well, possibly also an aversion to sunlight ...) Verton has attempted to include "representative" examples of both maladjusted criminals and ethical hackers, but draws no distinctions between them and, indeed, seems to be trying to lump them all together.

No, I've changed my mind. Let's not leave aside the question of a definition of hacking. Like too many authors, Verton also wants to continue the confusion of the original idea of a hacker as a skilled technologist with the more recent concept of the vandals of computer systems. But he also immediately destroys his position by pointing out that a cracker cannot change his "handle," the (usually offensive) nickname used to achieve both identity and anonymity online. If an underground "hacker" changes his handle, he loses his status and becomes just another wannabe. Verton does not seem to realize the import of this statement. A cracker's credibility is tied to his nickname, since he is only as good as his "rep," the record of defacements or intrusions he is able to boast about. There is no actual skill set behind such a reputation. In opposition, if true hackers like Richard Stallman or Eric Raymond were to change their names, and were then to write new programs and release them to the world, those programs would still be useful and of good quality. (Top programmers would, in fact, probably be able to identify the authors of emacs and fetchmail by programming excellence and style.)

Verton's writing seems clear and readable unless you start to think about it. A story will say that A happened, then B happened, then C happened, then B happened, then D happened, then B happened. Times are quite indefinite, but since the narrative is unclear even about simple sequences it is not any real shock to find out that the author does not know larger items of technical history, such as that UNIX predates VMS. Likewise, Verton isn't interested in having consistency get in the way of a good story, even if the story doesn't make any sense. Directions and motivations change suddenly and without apparent reason: reading between the lines indicates that there is a lot that we aren't being told. Probably the author wasn't told, either. It sounds like he didn't even ask. (The interview subjects seem to have realized that they were dealing with a credulous author: Verton retails stories out of common urban legends and jokes without seeming to have identified them as such. Despite his credentials as a reporter for a computer trade magazine Verton's technical knowledge is questionable--he doesn't know a denial of service attack from a reformat nor that the Macintosh doesn't have a Windows Registry.)

Despite tidbits of trivia, ultimately the book is boring. One can only read so many times that Amanda (or Betty or Cathy) accidentally touched a computer on her seventh birthday and thereafter became obsessed with re-writing the CP/M kernel before one loses interest. [...] [Rob Slade via risks-digest Volume 22, Issue 16]
15:59 | #

Monday, 15. April 2002

REVIEW: "Handbook of Computer Crime Investigation", Eoghan Casey

BKCMCRIN.RVW 20020315

"Handbook of Computer Crime Investigation", Eoghan Casey, 2002, 0-12-163103-6
%E Eoghan Casey
%C 525 B Street, Suite 1900, San Diego, CA 92101-4495
%D 2002
%G 0-12-163103-6
%I Academic Press/Academic Press Professional/Harcourt Brace
%O U$39.95 800-321-5068 fax: 619-699-6380 dtrujillo@acad.com
%P 448 p.
%T "Handbook of Computer Crime Investigation"

This book is hard to read. Not because of excessive technical rigour or depth: quite the opposite. The work lacks focus and direction, and appears to be a compilation of components without an assembly diagram. It's the type of material that might result from the "war stories" told around a security seminar, after the core curriculum had been taken away.

Chapter one is entitled "Introduction," but, other than a statement that the book is supposed to be a resource for forensic examiners who may have to deal with computerized systems, there is almost no declaration of what the volume is about. The remaining material in the chapter, while it does have an obvious relation to the act of obtaining evidence from computers, does not have any clear structure. The points asserted are good advice, but appear to be relatively random thoughts. The text is neither readable nor lucid: in places it seems more like a parody of obfuscated academic papers. Chapter two is somewhat more understandable, offering an outline on how to prepare documentation for discovery. Unfortunately, while it does deal with some technical issues (original media is better than a bit-wise copy, which is better than a copy of a file), the material concentrates on lawyerly debates about what might be needed, and, after a great deal of verbiage, boils down to the recommendation to produce all possible documentation, but not too much. (Where the material does get technical it frequently goes too far, starting to deal with specific pieces of software, rather than concepts.)

Part one looks at tools in forensic computing. Unfortunately, to a greater or lesser extent, the four chapters each deal only with a single tool or vendor; EnCase, Cisco's NetFlow logs, Network Flight Recorder, and NTI.

Part two is entitled technology: it looks at operating systems, networks, and other system types. Chapter seven provides some details of the FAT (File Allocation Table) and NTFS (NT File System) structures, as well as print spool files. A miscellaneous collection of information about UNIX files is given in chapter eight. A similarly unstructured compilation is listed in chapter nine, which reviews network data. Wireless network analysis, in chapter ten, concentrates on cellular telephone systems, and really only throws out generic information about such setups. Chapter eleven's overview of embedded systems varies between a similar generality and unhelpful photographs of breadboarded circuits.

Part three provides three case studies. While interesting (parts of the third are especially amusing), they really don't provide much in the way of assistance to anyone having to perform investigations.

The authors and contributors seem to be much more involved in the law, and law enforcement, than in the technology of computer forensics. The book has no framework or structure within which to place the many details. Therefore, the material simply blends into a haze of trivia, rather than providing the promised handbook. For those seriously working in the field there are many helpful points of information, but organizing them is left as an exercise to the reader.

copyright Robert M. Slade, 2002 BKCMCRIN.RVW 20020315 rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade [Rob Slade via risks-digest Volume 22, Issue 04]
15:35 | #

Tuesday, 26. March 2002

REVIEW: "Computer Forensics", Warren G. Kruse II/Jay G. Heiser

BKCMPFRN.RVW 20020221

"Computer Forensics", Warren G. Kruse II/Jay G. Heiser, 2001,
0-201-70719-5, U$39.99/C$59.95
%A Warren G. Kruse II wkruse@monmouth.com
%A Jay G. Heiser
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2002
%G 0-201-70719-5
%I Addison-Wesley Publishing Co.
%O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@aw.com
%P 392 p.
%T "Computer Forensics: Incident Response Essentials"

I'm still disappointed that authors seem to think computer forensics is limited to data recovery, but this work at least has utility value going for it.

Chapter one is a rough outline of data recovery, with an emphasis on documentation and the chain of evidence. Basic information about IP addressing, for the purpose of tracing intruders, is given in chapter two: it is useful and does not drown the reader in inconsequential details. (There is an oddly vitriolic dismissal of the story of the origin of the term for Packet INternet Groper.) A valuable discussion of e-mail headers, and a very terse outline of intrusion detection systems (IDS) are also included. Hard drive basics and concepts are given in chapter three. The material is generally good, but some points on imaging and connecting are passed over rather quickly. Chapter four has a reasonable high-level overview of encryption abstractions, but it is difficult to see the immediate relevance of the material to forensics. "Data Hiding," chapter five, contains some meandering topics that range from password cracking to NTFS (NT File System) streams to steganography. A few tools for dealing with these problems are listed. The description of hostile code, in chapter six, matches that of weeds in gardening: anything you don't want. It is, therefore, unsurprising to find that the content, while basically sound, is not particularly structured or helpful.

A list of software (and some hardware) tools are described in chapter seven. Chapter eight explains a number of points about the Windows operating system that might affect data recovery and forensics. (The material discussed is not, unfortunately, exhaustive, although it is very useful as far as it goes.) The introduction to UNIX, in chapter nine, is more structured and detailed, although it examines fewer specific tools. Chapter ten's general overview of an attack on a UNIX system is fairly standard, although there is a useful table of commonly compromised system utilities. A wide variety of tools and commands for collecting information from and about UNIX systems is given briefly in chapter eleven.

Chapter twelve is a short introduction to general concepts in the (US) law enforcement system. The last chapter is a rather abrupt finish to the book. There are seven appendices, the most useful of which is a handy point form overview of incident response activities.

Computer forensics books are starting to come out of the woodwork, and most offer such sage advice as "gather evidence" and "don't mess up the chain of custody." This book does tend to follow the same style and tone, but also has very valuable tips for practical work. It won't help you much in analysis, but it will help you become better at collecting data that will stand up in court.

copyright Robert M. Slade, 2002 BKCMPFRN.RVW 20020221
rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade [Rob Slade via risks-digest Volume 22, Issue 02]
15:45 | #

Monday, 25. March 2002

Pearl Harbor Dot Com, by Winn Schwartau

Pearl Harbor Dot Com A novel by Winn Schwartau Interpact Press Seminole, Florida, 1-727-393-6600 2002 ISBN 0-9628700-6-4 512 pages

We do not normally review or analyze RISKS-relevant fiction, but this book seems to make a rather compelling novel out of a surprisingly large number of security and reliability risk threats that we have discussed here over the years. The story echoes one of the fundamental problems confronting Cassandra-like risks-avoidance protagonists and agonists alike, namely, that, because we have not yet had the electronic Pearl Harbor, people in power perceive that there is little need to fix the infrastructural problems, so why bother to listen to the doom-sayers who hype up the risks? Well, in this novel, one man's massive craving for vengeance reaches major proportions, and significant effects result on critical infrastructures. In the end, the good hackers contribute notably to the outcome.

The book is somewhere within the genre of technothrillers, with a typical mix of murder, mayhem, intrigue, computer-communication surveillance, and non-explicit s*x. I enjoyed it. It is entertaining, and the convoluted plot is quite consistent, fairly tight, and to RISKS readers, each incident is technologically quite plausible -- because many of the attacks seem almost reminiscent of past RISKS cases, sometimes just scaled up a little.

If you read the book, try not to let the sloppy proof-reading bother you; there are too-frequent typos and grammar glitches, and lots of mispelingz -- for example, Naugahyde is subjected to two different versions, each with at least two letters wrong, and Walter Reade is mispelt twice, differently, on the same page! Incidentally, the author and his previous writings make several self-referential appearances throughout the story, which might seem rather self-serving, but does draw attention to the author's long-standing role in trying to combat what has now become known as cyberterrorism. ["Peter G. Neumann" via risks-digest Volume 21, Issue 98]
00:36 | #

disLEXia, a research project by Maximillian Dornseif