Secrets and Lies: Digital Security in a Networked World and over one million other books are available for Amazon Kindle . Learn more

Buy Used
Used - Very Good See details
Price: £2.60
Fulfilled by Amazon

or
Sign in to turn on 1-Click ordering.
 
   
Have one to sell? Sell yours here
Secrets and Lies: Digital Security in a Networked World
 
 
Share your own customer images
Search inside this book
Start reading Secrets and Lies: Digital Security in a Networked World on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Secrets and Lies: Digital Security in a Networked World [Hardcover]

Bruce Schneier (Author)
4.6 out of 5 stars  See all reviews (27 customer reviews)

Available from these sellers.


Formats

 Amazon Price New from Used from
Kindle Edition £7.19   -- --
Hardcover --   -- --
Paperback £8.39   -- --
Books Trade-In
Amazon.co.uk Trade-In Store
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Plus, get an extra £5 Gift Certificate when you trade in books worth £10 or more before June 30, 2012. Visit the Books Trade-In Store for more details.

Product details

  • Hardcover: 432 pages
  • Publisher: John Wiley & Sons (5 Sep 2000)
  • Language English
  • ISBN-10: 0471253111
  • ISBN-13: 978-0471253112
  • Product Dimensions: 22.9 x 15.5 x 3.8 cm
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (27 customer reviews)
  • Amazon Bestsellers Rank: 305,341 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

More About the Author

Bruce Schneier
Discover books, learn about writers, and more.

Visit Amazon's Bruce Schneier Page

Product Description

Amazon.co.uk Review

At the moment, it seems that hardly a day passes without fresh news of some glaring Internet security breach; online banks, of all things, seem to be particularly vulnerable at the moment. All of which will come as no great surprise to network security cum cryptography guru, Bruce Schnier. His latest book, Secrets and Lies, paints a very gloomy overview of the true state of network security. Schnier, founder of Counterpane Internet Security, has some harsh words to say about the state of network security, though, to be fair, his criticisms are directed far and wide; not one scapegoat, (not even Microsoft) is singled out for special attention. Depressingly, the words "fundamentally flawed" crop up time and time again in this absorbing book.

Secrets and Lies is a thorough backgrounder in all aspects of network security, an extremely wide remit that stretches from passwords to encryption, passing through authentication and attack trees along the way. The book is divided in to three broad categories, The Landscape, which covers attacks, adversaries and the need for security; Technologies, which discusses cryptography, authentication, network security, secure hardware and security tricks; and concludes with Strategies, which looks at vulnerabilities, risk assessment, security policies and the future of security. Mercifully there's a dim light at the end of this tunnel and Schnier ultimately remains upbeat about maintaining computer security and details a way forward in his conclusion.

Although working in a necessarily techie environment, Schnier's book is surprisingly jargon-free and easy to understand, even if you're not au fait with the inner workings of TCP/IP--it's common-sense, practical style makes a potentially dense and arcane subject accessible by just about anybody. It's also bang up to date, which makes for a pleasant change. Secrets and Lies is never less than thought-provoking and should be essential reading for every network administrator in the land. Be afraid, be very afraid! --Roger Gann

The Economist, September 2000

"Instead of talking algorithms to geeky programmers, he offers a primer in practical computer security aimed at those shopping, communicating or doing business online - almost everyone in other words."
See all Product Description
Inside This Book (Learn More)
First Sentence
The world is a dangerous place. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(1)
See all 3 tags...

Your tags: Add your first tag
 
See most popular tags

Customer Reviews

Most Helpful Customer Reviews
24 of 24 people found the following review helpful
Compulsory reading 12 July 2001
By A Customer
Format:Hardcover
The previous reviewer suggests that universities ought to base courses around this book. Well we are doing just that. Last year, Secrets and Lies was recommended reading, but now I have broken the cryptography and the security into two separate teaching streams and this book forms compulsory reading for the security stream (his Applied Cryptography is strongly recommended for the other stream).

This is an excellent book, very approachable, especially for undergraduates. Not ideally structured to be a text book, but then there's not many text books that you'd want students to read from beginning to end, every word. Our students even get to try out some of the defensive mechanisms on an isolated network, and this book tells them of many of the possible pitfalls to guard against, and gives them some idea of just how big and how important a job it is.

Look forward to a generation of security-aware computer science graduates, with a fair bit of help from Mr Schneier and his books!

Comment | 
Was this review helpful to you?
8 of 8 people found the following review helpful
Format:Hardcover
Bruce Schneier has written a book that is up to date, to the point and links to business needs. His previous book (applied cryptography) is excellent, but can only be used as a reference book for selecting the right crypto, not for understanding business implications of it. I use this book as the reference for a course I give on Data and Transaction Security, and find it most usefull as it provides real live example and also explains that the security must be linked to the needs and possible damage. I think this is a must read for anyone having a need to understand how Information security can become an asset in the digital world, and how "networked" corporations can secure their services while providing the needed functionalities and flexibility. It also explains that security is not only a matter of how much technology you put into it, it mostly depends on the people that manage and control it.
Comment | 
Was this review helpful to you?
19 of 20 people found the following review helpful
By A Customer
Format:Hardcover
When the news broke that a Russian cracker had successfully broken into the computer systems of global banking giant Citibank and stolen $12 million, the message was clear: inadequate computer security can cost millions. In Citibank's case, it was not just the money that it lost to the hacker, but many millions more that was subsequently withdrawn by people fearful that their life savings might be at risk. And such incidents are just the tip of the iceberg if the anecdotal evidence presented by Bruce Schneier in Secrets & Lies is any guide. But the most dangerous perpetrators are not necessarily skilled Russian crackers, but the intelligence organisations of major industrialised countries, including America, Britain, China, France and Russia.

Although many are engaged in industrial espionage on behalf of indigenous industries - particularly the French and Chinese secret services, according to Schneier - for the most part, their targets are normally other governments. And often, as the book illustrates, private companies collude: "Crypto AG, a Swiss company, sells encryption hardware to a lot of Third World governments. In 1994, one of their senior executives was arrested by the Iranian government for selling 'bad' cryptographic hardware. When he was released from jail a few years later, he went public with the news that his company had been modifying their equipment for years at the request of US intelligence," says Schneier.

In the corporate world, many incidents such as the Citibank theft never see the light of day, but there are few bounds to the ingenuity of the enterprising cyber-criminal. One included a JavaScript trojan horse program in the description field of a 'product for sale' ad on eBay. In this way, he was able to collect login and password information from anyone that viewed his page.

Others routinely use tools such as L0phtcrack to break into password protected systems. Older networking protocols, that require only seven, case-insensitive characters, can be cracked in hours. "On a 400-MHz Quad Pentium II, L0phtcrack can try every alphanumeric password in 5.5 hours, every alphanumeric password with some common symbols in 45 hours and every possible keyboard password in 480 hours," says Schneier.

And although Microsoft Windows NT does boast 128-bit encryption, the encryption keys are protected by a password system. This means that it is considerably less secure than people think. Indeed, Microsoft is learning only very slowly about how to build strong security into its products. The most important lesson for vendors to follow, says Schneier, is that such measures should be developed openly, and the computer community at large encouraged to test them to the limits before widespread adoption.

As a result, thousands of virtual private networks deployed worldwide are based on Microsoft technology that is littered with security holes. That technology is Microsoft's point-to-point tunnelling protocol (PPTP). "[It's] badly flawed," says Schneier. "They invented their own authentication protocol, their own hash functions and their own key generation algorithm. Every one of these items turned out to be badly flawed," he says. "It wasn't until 1998 that a paper describing the flaws was published. Microsoft quickly posted a series of fixes, which have since been evaluated and still found wanting," warns Schneier.

The reader of Secrets & Lies could be forgiven for thinking that security is futile. Schneier certainly knows his subject inside out. He can not only write knowledgably about such complex subjects as cryptography, but can write strong encryption algorithms himself. Schneier co-authored the Twofish Algorithm, one of the five finalists in the competition for the Advanced Encryption Standard (AES). And his first book, Applied Cryptography, sold more than 130,000 copies worldwide.

Secrets & Lies promises to match such sales. It is comprehensive, puts computer security into a wider context and is illustrated with numerous examples. As a result, not only is it entertaining, but is likely to end up on the reference shelf of thousands of CIOs worldwide.

Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
A bit too basic
The book is extensive about security, but it does not get into much detail. It's too basic for a Computer Engineer, it is rather more directed to people with zero knowledge,... Read more
Published 9 months ago by Ioannis
Essential Reading
Put simply, everyone who owns (or uses) a computer that is attached to a network should read Secrets & Lies. Read more
Published 10 months ago by John Dexter
Excellent Security Literature
Being in the field of information security as a professional, I would totally recommend this book to amateurs and professionals alike. Read more
Published 15 months ago by Admin Andy
Very nice book
Very interesting and enlightening book for anyone thinking about applying cryptography in the real world. It give a good background and introduction to the digital security area. Read more
Published on 26 Feb 2010 by R. Kruk
Solid, basic introduction
This is a good basic overview of digital security in the broadest sense. For me the author's habit of slipping really esoteric words into the text spoilt the read as I was always... Read more
Published on 24 July 2009 by R K Elleson
good book good service by Amazon
Nothing to add, good book and good service by Amazon, I'm very happy

Best Regards
--
Davide Sacca'
Published on 21 April 2009 by Giovanni Davide Sacca'
An fantastic read
This book is without a doubt my favourite IT book. Its an excellent read for both those involved in security and those who are not. Read more
Published on 6 April 2004 by Mr. J. Mason
Good read for an average Internet user
The book is a nice and easy read for an average user of the Internet or a middle level manager looking for information on data security. Read more
Published on 18 Jan 2004 by Alexei Koulikov
Info a-go-go
I've actually had to read this book for module on my university course (had the exam last week, think it went pretty well), and it's a shame that many people will likely avoid it... Read more
Published on 17 Jan 2004 by Mr. Jonathan Downs
And I thought I was paranoid!
This book is amazing. 'Cryptography' huh? That just sounds way to complicated for me. This book is brilliantly written and there's a laugh on nearly every page. Read more
Published on 30 Oct 2003 by Samuel J Chapman
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each product must be in subject 1 AND subject 2 AND ...

Feedback