News in the Category "Book Reviews"
Page 23 of 28
Fears—Real and Illusory
In 1996, a man named Willis Robinson reprogrammed a computerized cash register at a Taco Bell in Maryland. The compromised machine would ring a $2.99 item internally as a one-cent sale, even as it showed the proper amount on its screen. Robinson skimmed $3,600 from his employer. He was caught only because he bragged about his exploits.
Bruce Schneier has much to say about technology in his new book Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, $25). The book uses anecdotes and examples to show how security changes. In the Robinson case, technology created a new kind of threat, and that is what technology tends to do. Sure, you could play fast and loose with a store’s account from a manual or electric cash register, but you would have to do it repeatedly, and the theft would be visible. Robinson’s hack allowed him to pocket all the money that any cashier unwittingly rang up day or night…
Review of Beyond Fear
“That’s just it, Peter. We have to appear to know what’s happening, and what it means. Even if we don’t really know very much about either.”
Unnamed police informant to the reviewer. Source report graded B 2 (NATO system).
Bruce Schneier’s eminently well-informed and sensible text should be essential reading for any police official charged with making a “risk assessment,” or in any other way taking part in the risk management industry which as a result of 9/11 is likely to engulf—if you will forgive the pun—us all.
Mr Schneier is a real expert on security systems and their consequences, and therefore does not pretend to know everything. Nor is he prepared to accept responsibility for decisions that others need to make, on the basis of that combination of necessarily incomplete knowledge and arguable value-judgement that any real security decision involves. His book is the best kind of knowledge, for it enables us to decide things for ourselves, more effectively than if we had not read it beforehand. It contains what in one sense we knew, but did not dare say: and there is a wealth of detail to back it up…
Management Week Security Book Review: Book Lowers Fear of Threats
Bruce Schneier’s latest book on data security offers a logical and realistic approach to creating policies and educating staff.
Security guru Bruce Schneier has written several books but is best known for his first: Applied Cryptography. One problem with this earlier work is that it demands a high level of mathematical understanding.
His latest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, is designed to help ordinary IT staff, business managers and end-users get to grips with current security issues.
The guide could prove useful for IT managers wanting to convey the importance of information security for the wider business, for example when negotiating budgets or attempting to get projects signed off…
Review: Beyond Fear
Having been a long time reader of the Crypto-Gram column, and well aware of Schneier’s knowledge and expertise in the information security field, it was with some eagerness that I received a copy of his latest book, Beyond Fear. Needless to say, I was not let down by this entertaining and insightful tome.
Schneier provides an interesting view of the notion of security, outlining a simple five-step process that can be applied to deliver effective and sensible security decisions. These steps are addressed in detail throughout the book, and applied to various scenarios to show how simple, yet effective they can be…
REVIEW: Practical Cryptography, Bruce Schneier/Niels Ferguson
The preface points out that cryptography has done more harm than good in terms of securing information systems, not because cryptography fails in and of itself, but, rather, due to the improper use or implementation of the technology. This book is intended to provide concrete advice to those designing and implementing cryptographic systems. As such, it is not the usual introduction to cryptography, and is aimed at a fairly limited group.
Chapter one asserts that we should be engineering for security, rather than speed or bells and whistles. Security is only as strong as the weakest link, we are told in chapter two, and (following from the idea of defence in depth) we need to have engineering in depth (and probably breadth, as well). The issues are important, but there is some lack of clarity to the organization and flow of the text and arguments: the reader may start to wonder what the essence of the message is. (I see that I should have trademarked “professional paranoia” when I started using it years ago, but it is nice to note that the point is being taken.) Chapter three is a rather unusual “Introduction to Cryptography” (and the mathematical format of the text doesn’t make it easier for the math-phobic to concentrate on the meaning), but focussing on the applications and problems, the cryptanalytic attacks, and repeating the injunctions against complexity and the sacrifice of security for performance is a reasonable position…
A Tax on the Honest
HOW useful are ID checks in large office buildings? Is it safe to use a credit card online? Can face-scanning systems make airports safer? Not very, yes, and no, says Bruce Schneier in “Beyond Fear”, the latest of several books on security to have appeared since September 11th 2001.
Mr. Schneier, however, comes at these questions from an unusual and informative perspective. He is one of the world’s leading experts on computer security, and arguably the most articulate. For years, he has explained the ins and outs of his field by drawing analogies with real-world security. In his new book, he turns this approach on its head, using his analytical skills, honed in the field of computer security, to evaluate the other security measures that are now so common…
Risky Business?—Examining the Difference Between Safety and Security
In Beyond Fear, security consultant Bruce Schneier undertakes to teach the reader “to think about security.” That focus is the book’s strength and its limitation.
First, the limitation. The book refers to crimes, accidents and attacks, many of which would be fascinating to know about. But this book is not about any of those prospective events. It has a more practical purpose.
Thinking about security will be particularly valuable for anyone who has to make a decision about that—a business owner, perhaps, or a policymaker. Schneier lays out a set of questions to ask about any system: What is it trying to protect? From what? What good will it do? What problems will it create?…
Beyond Fear: Thinking Sensibly About Security in an Uncertain World
A “professional thinker about security” and author of Applied Cryptography (1994), said to have sold >200,000 copies, applies the methods developed for computer security to broader security issues, especially security against terrorism. “Security issues affect us more and more in our daily lives, and we should all make an effort to understand them better. We need to stop accepting uncritically what politicians and pundits are telling us. We need to move beyond fear and start making sensible security trade-offs.” Everyone makes security trade-offs, every day. We live our lives making judgments, assessments, assumptions, and choices about security (e.g., when we lock the door to our home, we make a security trade-off: the inconvenience of using a key in exchange for some security against burglary). Making security trade-offs isn’t some mystical art: “the goal of this book is to demystify security, to help you move beyond fear.” To get beyond fear, you have to start thinking intelligently about trade-offs, the risks you face, and the options for dealing with those risks. A lot of lousy security is available for purchase, and a lot of lousy security is imposed on us by government. Once we move beyond fear, we can recognize bad or overpriced security…
Security Bookshelf
Beyond Fear, by Bruce Schneier, Copernicus Books, 2003.
Schneier is a world-renowned cryptography expert who literally wrote the book on the subject when he penned Applied Cryptography. In these pages, he tackles broader security issues in the wake of the 9/11 attacks.
Beyond Fear is intriguing and thought-provoking. Taking examples from the headlines and from his experiences studying homeland security issues, Schneier teaches us to avoid fear and use good sense when making security choices. He cites interesting facts to help readers keep things in perspective. For example, he reports that while many people may worry about shark attacks, more people die each year in pig attacks than shark attacks…
Security through Simplicity
Bruce Schneier is one of the world’s best known and most pragmatic security experts. He is also a man of considerable breadth of knowledge, if one were to judge from his latest book, Beyond Fear.
What Schneier could have chosen to do in this book—or for that matter any book he writes—was to create a treatise for experts. He has the expertise to do it, is eminently qualified to do so and would be taken seriously if he did. Instead, he has chosen to cater to the masses and written what is, in my opinion, the best primer on security, one that can be understood by the man in the street…
Sidebar photo of Bruce Schneier by Joe MacInnis.