Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [ISN] REVIEW: "Stealing the Network: How to Own a Continent"
From: InfoSec News (isnc4i.org)
Date: Thu Aug 12 2004 - 02:12:43 CDT
Forwarded from: Thor <thorhammerofgod.com>
-----BEGIN PGP SIGNED MESSAGE-----
As an author of this book, I request that the mods accept this post,
particularly since Mr. Slade has made the decision to put words in
our mouths (or pens in our hands as the case may be ;) regarding our
publication. I ask that you respect my opinions as you have those of
> "Stealing the Network: How to Own a Continent", Ryan Russell, 2004,
> 1-931836-05-1, U$49.95/C$69.95
> %E Ryan Russell BlueBoarthievco.com
> %C 800 Hingham Street, Rockland, MA 02370
> %D 2004
> %G 1-931836-05-1
> %I Syngress Media, Inc.
> %O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585
> www.syngress.com %O
> %P 402 p.
> %T "Stealing the Network: How to Own a Continent"
> This book is fiction (more a series of short stories or scenarios
> than a novel), but, like Winn Schwartau's "Pearl Harbor Dot Com"
> BKPRHRDC.RVW, and "Terminal Compromise" before it, BKTRMCMP.RVW),
> the authors intend the book to be taken as a serious addition to
> security literature.
Regarding this statement, the reviewer either made grand assumptions
as to our "intent," or he was sorely mislead. There is no one on the
team that I know of who considered this work more than "technology
fiction." I can't think of a single author who, for a moment,
considered this "a serious addition to security literature." To that
degree, I ask that those interested accept my apology on behalf of
the errant reviewer. In my opinion, anyone else who reads the book
will easily understand this, though it is clear that not all can
grasp that concept. Just so that we are all on the same page, we (the
authors) don't really intend for you to consider this book a training
manual on how to take over a continent.
> Chapter one is basically about hiding and paranoia. The central
> character seems to be using a considerable amount of money to hide
> while setting up some kind of crime, and then abandons everything.
> The points in regard to ensuring computers and data are
> unrecoverable are interesting, and probably workable. The more
> important aspects of the plot which involve creating a team,
> employing cutouts, and
> disappearing are left almost completely undetailed. If, therefore,
> we are supposed to learn anything either about crime, or how to
> detect or prevent it, the content and information simply aren't
> there. The
> claim that the "technology" is real, and would work, is
> unverifiable because we haven't had any technology yet. (The
> writing is edgy,
> interesting, and mostly readable. However, it's also difficult and
> confused in places.)
<remaining amorphous text snipped>
Again, I apologize to the list. As an author, I strive to make plot,
intent, and storyline continuity so naturally obvious that one need
not think too much to accept the experience; however, at the same
time, I try to create content that is unique, interesting, and
thought provoking. It is apparent that in the case of the reviewer,
I failed in attaining that goal. I accept responsibility for that.
But just so that my opinions won't be considered biased, let's assume
that my chapter was complete blithering prose. After all, I would
not want the list to think I would ever consider being crass enough
to review my own work in a public forum.
That being said, I want the list to know how much fun we had writing
this book. The talent and ability of the other authors stands on its
own, and it was an honor to work with them.
If you want an engaging storyline with a technical basis, all wrapped
around fictional stories of what these amazing people (other than me)
could do if they wanted to, then I suggest you pick the book up. For
chapter 3 is *not* just about the penetration of yet another wireless
network... It is about how easy it is for attackers to compromise the
infrastructure of healthcare (and other) facilities given the
limitations placed on them by software vendors, and how our private
information can be easily compromised or changed. And the methods
are real-- in this case, deadly. *ALL* the chapters are like that,
and attempting to summarize them (other than mine, of course) in one
or two words is an act of futility-- indeed, an act I consider
misleading to those who might otherwise enjoy the content.
> This book is certainly interesting enough (albeit rather
> disjointed) as fiction, and technical enough for everyone tired of
> the usual
> Hollywood view of computers. The security risks noted are real,
> and therefore a read through the book could be used to alert non-
> specialists to a number of security issues and vulnerabilities
> (although you'd hardly want to use it for training). I enjoyed it
> and I think it's got a place, although I'm having difficulty in
> defining where that place is.
Not withstanding the apparent praise in this paragraph, I remain
perplexed by it: The review previously noted our claim of "the
technical content being real" as unverifiable, yet here, the
"security risks" are noted by the reviewer as real. I'll let you
come to your own decision.
The reason the reviewer can't define the box in which our book should
be card-catalogued is, well, because it is *different.* I think so,
anyway. The people I have talked to about the book have really
enjoyed it, and have observed that the fictional accounts are a
metaphor to the issues we face today, delivered within a setting that
offers an interesting plot beyond the mundane.
This is not meant to take away from right of the reviewer to offer
opinion. I mean for it to represent the right I have to offer mine.
Thanks for your time.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/