Book Reviews

REVIEW: “Cloud Crash”, Phil Edwards

BKCLDCRS.RVW   20101009

“Cloud Crash”, Phil Edwards, 2011, 978-1466408425, U$9.99
%A   Phil Edwards PhilEdwardsInc.com philipjedwards@gmail.com
%C   Seattle, WA
%D   2011
%G   978-1466408425 1466408421
%I   CreateSpace Independent Publishing Platform/Amazon
%O   U$9.99
%O  http://www.amazon.com/exec/obidos/ASIN/1466408421/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1466408421/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1466408421/robsladesin03-20
%O   Audience n Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   386 p.
%T   “Cloud Crash”

To a background of the Internet crashing, and opposed by a conspiracy that has penetrated the highest levels of government, two (no, make that three … err … four … better say five …) groups of individuals race to save the world from … a stock market fraud?  hostile takeover? aliens?  (No, I’m pretty sure the aliens were a red
herring.)

The story and inconsistent characterizations could use some work, and the plot twists don’t make it very easy to follow what is going on.  It’s fairly easy to tell who the good and bad guys are: the politics and philosophy of the book are fairly simple, and one is reminded of the scifi and comics of the 30s and 40s, with heavily anti-fascist and (ironically) right-wing rhetoric.

It would be tempting to dismiss the work as a simple “jump on the latest buzzword” potboiler, were it not for the fact that the technology is fairly realistic.  Yes, right now everyone is jumping on the cloud bandwagon without much regard for real security.  Yes, if you wanted to make a big (and public) splash on the Internet, without doing too much permanent damage, taking down power supplies would still leave the data intact.  (Of course, an axe would do just as good a job as bombs …)

So, while the story isn’t great, at least the technology is less annoying than is normally the case …

copyright, Robert M. Slade   2012     BKCLDCRS.RVW   20101009

REVIEW: “Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch

BKSCPRO2.RVW   20121122

“Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch,
2012, 0735668833, U$9.99
%A   Mitch Tulloch info@mtit.com www.mtit.com
%C   1 Microsoft Way, Redmond, WA   98052-6399
%D   2012
%G   0735668833
%I   Microsoft Press
%O   U$9.99 800-MSPRESS fax: 206-936-7329 mspinput@microsoft.com
%O  http://www.amazon.com/exec/obidos/ASIN/0735668833/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0735668833/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0735668833/robsladesin03-20
%O   Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   100 p.
%T   “Security and Privacy for Microsoft Office 2010 Users”

Reducing the complex jargon in the introduction to its simplest terms, this book is intended to allow anyone who uses the Microsoft Office 2010 suite, or the online Office 365, to effectively employ the security functions built into the software.  Chapter one purports to present the “why” of security, but does a very poor job of it.  Company policy is presented as a kind of threat to the employee, and this does nothing to ameliorate the all-too-common perception that security is there simply to make life easier for the IT department, while it makes work harder for everyone else.

Chapter two examines the first security function, called “Protected View.”  The text addresses issues of whether or not you can trust a document created by someone else, and mentions trusted locations.  (Trusted locations seem simply to be defined as a specified directory on your hard drive, and the text does not discuss whether merely moving an unknown document into this directory will magically render it trustworthy.  Also, the reader is told how to set a trusted location, but not an area for designating untrusted files.)  Supposedly “Protected View” will automatically restrict access to, and danger from, documents you receive from unknown sources.  Unfortunately, having used Microsoft Office 2010 for a couple of years, and having received, in that time, hundreds of documents via email and from Web sources, I’ve never yet seen “Protected View,” so I’m not sure how far I can trust what the author is telling me.  (In addition, Tulloch’s discussion of viruses had numerous errors: Concept came along five years before Melissa, and some of the functions he attributes to Melissa are, in fact, from the CHRISTMA exec over a decade earlier.)

Preparation of policy is promised in chapter three, but this isn’t what most managers or security professionals would think of as policy: it is just the provision of a function for change detection or digital signatures.  It also becomes obvious, at this point, that Microsoft Office 2010 and Office 365 can have significantly different operations.  The material is quite confusing with references to a great many programs which are not part of the two (2010 and 365) MS Office suites.

Chapter four notes the possibility of encryption with a password, but the discussion of rights is unclear, and a number of steps are missing.

An appendix lists pointers to a number of references at Microsoft’s Website.

The utility of this work is compromised by the fact that it provides instructions for functions, but doesn’t really explain how, and in what situations, the functions can assist and protect the user.  Any employee using Microsoft Office will be able to access the operations, but without understanding the concepts they won’t be able to take advantage of what protection they offer.

copyright, Robert M. Slade   2012     BKSCPRO2.RVW   20121122

REVIEW: “World War Hack”, Ethan Bull/Tsubasa Yozora

BKWWHACK.RVW   20121009

“World War Hack”, Ethan Bull/Tsubasa Yozora, 2012, 978-0-9833670-8-6
%A   Ethan Bull
%A   Tsubasa Yozora
%C   9400 N. MacArthur Blvd., Suite 124-215, Irving, TX   75063
%D   2012
%E   Gwendolyn Borgen
%G   978-0-9833670-8-6 0-9833670-8-6
%I   Viper Entertainment Inc./Viper Comics
%O   U$7.95 wyatt@worldwarhack.com www.worldwarhack.com
%O  http://www.amazon.com/exec/obidos/ASIN/0983367086/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0983367086/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0983367086/robsladesin03-20
%O   Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   72 p.
%T   “World War Hack”

Someone (eventually we find out they are backed by the Chinese) has hacked into the United States military and government control systems.  Fortunately, despite being in complete control and untraceable, all they seem to want to do is make one military drone act up.

The US government immediately swings into action, and sponsors a hacking contest, to try and identify suitably talented young geniuses (genii?) to find out what is going on.

It’s hard to follow what is going on, since the artwork makes it difficult to differentiate between characters.  There are young people with bad haircuts, and there are other people with suits.  Some people are female.  After that, it gets hard to tell who’s who.  One of the hackers is a government agent, another one has a criminal record but seems to be a son of a suited government agent.

Some of the technical and hacking activity is somewhat realistic, but other aspects are bizarre, and betray a complete lack of understanding of basic technology.  For example, at different times a programming language gets “hacked” (in the sense of breaking into it), and at another time a government administrator can’t tell what computer language has been used to write a specific program.  In the real world of programming and hacking neither of these scenarios makes any sense.  Absent Ken Thompson’s famous speech nobody “hacks” a language, and generally nobody cares what language has been used to write a utility once it is operating.  (By the way, no programmer ever said LISP was a concise language, and there is no way that even a “skin” on top of LISP would look like C.)  At another point two devices “piggyback” on the same IP address, which simply does not work in networking terms.

There are aspects of this story that are realistic.  One is that, if you are not careful with your systems, someone can penetrate them and mess with you.  If there are any other useful factors in this story, I can’t think of them offhand.

(As usual, the draft of this review was submitted to the author/publisher for comment prior to publication.  I often get rude email in response, sometimes threats of physical harm, and once even a death threat.  [Yes, really.]  In this case the publisher has threatened unspecified legal action “to protect the copyright on our work.”  I would be interested to see the publisher’s reaction to counsel explaining the “commentary” aspect of the concept of “fair use.”)

copyright, Robert M. Slade   2012     BKWWHACK.RVW   20121009

Read this book. If you have anything to do with security, read this book.

I have been reviewing security books for over twenty years now.  When I think of how few are really worthwhile that gets depressing.

However, Ross Anderson is always worth reading.  And when Ross Anderson first published “Security Engineering” I was delighted to be able to tell everyone that it was a worthwhile read.  If you are, in any way, interested in, or working in, the field of security, there is something there for you.  Probably an awful lot.

When Ross Anderson made the first edition available online, for free, and then published the second edition, I was delighted to be able to tell everyone that they should buy the second edition, but, if they didn’t trust me, they should read the first edition free, and then buy the second edition because it was even better.

Now Ross has made the second edition available, online, for free.

Everyone should read it, if they haven’t already done so.

(I am eagerly awaiting the third edition  :-)