Forwarded From: Peter Tonoli <anarchie@brimstone.suburbia.net>
To: lacc@suburbia.net
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
BKCBRCRM.RVW 980425
"Cyber Crime", Laura E. Quarantiello, 1997, 0-936653-74-4, U$16.95
%A Laura E. Quarantiello 73733.1653@compuserve.com
%C P.O. Box 493, Lake Geneva, WI 53147
%D 1997
%G 0-936653-74-4
%I Limelight Books/Tiare Publications
%O U$16.95 +1-414-248-4845
%P 144 p.
%T "Cyber Crime: How to Protect Yourself from Computer Criminals"
Running through the text of "About This Book," the preface, and the
introduction, is a statement that this work is for the protection of
the average computer user. Unfortunately, the "average" computer user
is a fairly ill-defined concept, and it is difficult to know
specifically what type fo user and what type of risks the book is
about. As the author notes, generic computer security books are of
daunting size, but that is because data security is a large field of
study.
Chapter one opens with a general look at computer crime. Most of the
chapter discusses the computer criminal, however. While Quarantiello
at least acknowledges the multiple users of the term "hacker" the
origins of unauthorized computer exploration lie at least two decades
further back than the book states, and the division between ethical
and non-ethical uses of computers is hardly the amicable separation
implied by the text. The more serious error, however, is that
computer crime somehow involves some extra level of skill or
knowledge. Not even system security breakers are the evil genii
suggested by the book, and, in fact, the bulk of computer crime is
committed by insiders with little knowledge of computers beyond menial
use. A very similar review of phone phreaks and system crackers
constitutes chapter two, which also includes a brief and jumbled
collection of the common types of telephone and computer scams and
myths, including the amazingly resilient legend of the "salami scam."
Except for the mention of shoulder surfing and social engineering,
though, little is of help to the common user. The coverage of viruses
in chapter three is abysmal. Although I am well used to
misinformation in general security texts, there is not a paragraph
that does not contain at least one error of fact, and most are not
minimal mistakes. (This is the more disappointing when the book twice
quotes from Fred Cohen.) Chapter four looks at the various dangers of
fraud, harassment, and invasion of privacy online. Unfortunately,
details are few, confusing criminal invasion with legitimate,
commercial databases of information, and weakening the warnings about
stalking by failing to explain the situations realistically.
Part two of the book discusses protective and defensive measures users
can take to safeguard themselves. Chapter five recommends a number of
steps to take. Unfortunately, few of the suggestions are practical.
Make a policy never to discuss company computers with anyone aside
from the sysop? This is a simple rule? It'll last until the first
coffee break. "Take a minute or two to back up your hard disk" each
time you look at a new diskette or CD-ROM? I suppose it'll work if
your backup device is /dev/null. Get a copy of all public records
about you? You probably have no idea what they are, or how to access
them, and even if you have records of them all (updated how often?),
the records will still be public. Use encryption for all email?
*Which* encryption? The proposals for password choice are acceptable,
although nothing special. The advice for protecting children online
is basic but reasonably good.
Chapter six seems to be a collection of stories about the times that
authorities have been able to deal with computer crime. The final
chapter is a brief and rather naive personal view of the security
field.
This book is yet another attempt by a complete novice to inform the
world about data security. There are, regrettably, a great many
similar tomes, long on frantic warnings and short on both facts and
useful counsel. I have no doubt that many of the cautions are based
on true stories, taken from court cases and possibly personal
correspondence. However, I also know that a number of the tales are
mythic, and even the true anecdotes are presented in a spectacular
fashion. Statistics given are questionable, or not presented in
sufficient detail to give a true picture.
Overall, this is unlikely to be of value to the average computer user,
however defined.
copyright Robert M. Slade, 1998 BKCBRCRM.RVW 980425
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 6 08:16:20 1998