Customer Reviews


28 Reviews
5 star:
 (21)
4 star:
 (4)
3 star:
 (3)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


24 of 24 people found the following review helpful
5.0 out of 5 stars Compulsory reading
The previous reviewer suggests that universities ought to base courses around this book. Well we are doing just that. Last year, Secrets and Lies was recommended reading, but now I have broken the cryptography and the security into two separate teaching streams and this book forms compulsory reading for the security stream (his Applied Cryptography is strongly recommended...
Published on 12 July 2001

versus
2 of 2 people found the following review helpful
3.0 out of 5 stars A bit too basic
The book is extensive about security, but it does not get into much detail. It's too basic for a Computer Engineer, it is rather more directed to people with zero knowledge, rendering it a bit useless to professionals.
Published on 24 Aug 2011 by Ioannis


‹ Previous | 1 2 3 | Next ›
Most Helpful First | Newest First

24 of 24 people found the following review helpful
5.0 out of 5 stars Compulsory reading, 12 July 2001
By A Customer
The previous reviewer suggests that universities ought to base courses around this book. Well we are doing just that. Last year, Secrets and Lies was recommended reading, but now I have broken the cryptography and the security into two separate teaching streams and this book forms compulsory reading for the security stream (his Applied Cryptography is strongly recommended for the other stream).
This is an excellent book, very approachable, especially for undergraduates. Not ideally structured to be a text book, but then there's not many text books that you'd want students to read from beginning to end, every word. Our students even get to try out some of the defensive mechanisms on an isolated network, and this book tells them of many of the possible pitfalls to guard against, and gives them some idea of just how big and how important a job it is.
Look forward to a generation of security-aware computer science graduates, with a fair bit of help from Mr Schneier and his books!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


8 of 8 people found the following review helpful
5.0 out of 5 stars Schneier has now linked IT security to business needs, 31 Oct 2000
Bruce Schneier has written a book that is up to date, to the point and links to business needs. His previous book (applied cryptography) is excellent, but can only be used as a reference book for selecting the right crypto, not for understanding business implications of it. I use this book as the reference for a course I give on Data and Transaction Security, and find it most usefull as it provides real live example and also explains that the security must be linked to the needs and possible damage. I think this is a must read for anyone having a need to understand how Information security can become an asset in the digital world, and how "networked" corporations can secure their services while providing the needed functionalities and flexibility. It also explains that security is not only a matter of how much technology you put into it, it mostly depends on the people that manage and control it.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


6 of 6 people found the following review helpful
5.0 out of 5 stars Info a-go-go, 17 Jan 2004
I've actually had to read this book for module on my university course (had the exam last week, think it went pretty well), and it's a shame that many people will likely avoid it for fear of it requiring in-depth technial knowledge of the internet, other networks and computers in general. Whilst a little knowledge of such things is needed, is only along the lines of what they are and what they are used for. The book has been written as a start-to-finish book, i.e. it's not meant for reading the different chapters at leisure - there is definite follow-on. It never reaches too steep a learning curve, but more impressive is the fact that it manages to cover as wide a range of sub-topics that "digital security" covers, as it does, whilst never feeling like it's skimped on any of those sub-topics. It helps that it's not meant to look at any particular sub-topic too closely - you find full details on how to build a firewall, for instance, or how to design a cryptographic algorithm. But it also provides a little background on topics of especial interest, such as the US and UK governments' usage of digital security (in particular cryptography and their citizens' right to privacy versus the need for evidence gathering). Most interesting of all, are the main important points that network administrators and users should really take note of (this includes people who use the internet). Most of them, I must admit, I kind of knew already (however reading them from one of the foremost security experts around helps keep them in my mind), but I still don't follow all of them as I should. I do follow them better than the average internet user, though, otherwise e-mail worms and trojans and those stupid hoax e-mails would not continue being so successful.
In short, if you use the internet regularly, or some kind of computer network at work, this really is a must read.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


19 of 20 people found the following review helpful
5.0 out of 5 stars Comprehensive and entertaining, 26 April 2001
By A Customer
When the news broke that a Russian cracker had successfully broken into the computer systems of global banking giant Citibank and stolen $12 million, the message was clear: inadequate computer security can cost millions. In Citibank's case, it was not just the money that it lost to the hacker, but many millions more that was subsequently withdrawn by people fearful that their life savings might be at risk. And such incidents are just the tip of the iceberg if the anecdotal evidence presented by Bruce Schneier in Secrets & Lies is any guide. But the most dangerous perpetrators are not necessarily skilled Russian crackers, but the intelligence organisations of major industrialised countries, including America, Britain, China, France and Russia.
Although many are engaged in industrial espionage on behalf of indigenous industries - particularly the French and Chinese secret services, according to Schneier - for the most part, their targets are normally other governments. And often, as the book illustrates, private companies collude: "Crypto AG, a Swiss company, sells encryption hardware to a lot of Third World governments. In 1994, one of their senior executives was arrested by the Iranian government for selling 'bad' cryptographic hardware. When he was released from jail a few years later, he went public with the news that his company had been modifying their equipment for years at the request of US intelligence," says Schneier.
In the corporate world, many incidents such as the Citibank theft never see the light of day, but there are few bounds to the ingenuity of the enterprising cyber-criminal. One included a JavaScript trojan horse program in the description field of a 'product for sale' ad on eBay. In this way, he was able to collect login and password information from anyone that viewed his page.
Others routinely use tools such as L0phtcrack to break into password protected systems. Older networking protocols, that require only seven, case-insensitive characters, can be cracked in hours. "On a 400-MHz Quad Pentium II, L0phtcrack can try every alphanumeric password in 5.5 hours, every alphanumeric password with some common symbols in 45 hours and every possible keyboard password in 480 hours," says Schneier.
And although Microsoft Windows NT does boast 128-bit encryption, the encryption keys are protected by a password system. This means that it is considerably less secure than people think. Indeed, Microsoft is learning only very slowly about how to build strong security into its products. The most important lesson for vendors to follow, says Schneier, is that such measures should be developed openly, and the computer community at large encouraged to test them to the limits before widespread adoption.
As a result, thousands of virtual private networks deployed worldwide are based on Microsoft technology that is littered with security holes. That technology is Microsoft's point-to-point tunnelling protocol (PPTP). "[It's] badly flawed," says Schneier. "They invented their own authentication protocol, their own hash functions and their own key generation algorithm. Every one of these items turned out to be badly flawed," he says. "It wasn't until 1998 that a paper describing the flaws was published. Microsoft quickly posted a series of fixes, which have since been evaluated and still found wanting," warns Schneier.
The reader of Secrets & Lies could be forgiven for thinking that security is futile. Schneier certainly knows his subject inside out. He can not only write knowledgably about such complex subjects as cryptography, but can write strong encryption algorithms himself. Schneier co-authored the Twofish Algorithm, one of the five finalists in the competition for the Advanced Encryption Standard (AES). And his first book, Applied Cryptography, sold more than 130,000 copies worldwide.
Secrets & Lies promises to match such sales. It is comprehensive, puts computer security into a wider context and is illustrated with numerous examples. As a result, not only is it entertaining, but is likely to end up on the reference shelf of thousands of CIOs worldwide.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5 of 5 people found the following review helpful
5.0 out of 5 stars This book has a lot to offer !, 18 July 2002
By A Customer
This book isn't what I expected. I thought it would be like a detailed analysis of hacking techniques and vulnerabilities. Instead, Bruce takes an overall look at security and how it affects every aspect of our lives (e.g. smart cars, ATMs, etc.), of course focusing mainly on computer and internet security.

So, I was a little disappointed initially, but as I read on, I was impressed with the depth of knowledge presented with respect to security - as he explains how security is not just prevention (e.g. firewalls), but also about detection and response, which are equally important. Security is a process (not a product) and is a chain only as strong as the weakest link.

It's a great read, and he does discuss cryptography, password cracking - how most passwords are easily crackable (and how it's usually done) - including discussion about l0phtcrack. I really liked the way he included real life security disasters, which made it more interesting.

This book has made me much more aware of security issues and the importance of open source security testing. Highly recommend it.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


6 of 6 people found the following review helpful
4.0 out of 5 stars Good read for an average Internet user, 18 Jan 2004
By 
Alexei Koulikov "Clops" (Vienna, Austria) - See all my reviews
(REAL NAME)   
The book is a nice and easy read for an average user of the Internet or a middle level manager looking for information on data security. However it cannot be used as an academic source, since lots of opinion is very biased and rarely supported by fact or trustworthy sources. Nevertheless it is quite amuzing how the author pinpoints the formet USSR in almost every chapter of the book.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
5.0 out of 5 stars An fantastic read, 6 April 2004
By 
Mr. J. Mason "sports gamer" (Hull, East Yorkshire) - See all my reviews
(REAL NAME)   
This review is from: Secrets and Lies: Digital Security in a Networked World (Computer Science) (Paperback)
This book is without a doubt my favourite IT book. Its an excellent read for both those involved in security and those who are not. The book covers a broad range of topics, starting with some general, non IT security concepts. The book then details among many other things, PKIs, digital signitures, biometrics. The kind of common methods used to attack or eavesdrop on systems, such as buffer overflow vulnerabilities and man-in-the-middle techniques. All in all a great read, highly recommended.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
4.0 out of 5 stars Essential Reading for anyone interested in Security, 11 Oct 2003
By 
Keith Appleyard "kapple999" (Brighton, UK) - See all my reviews
(VINE VOICE)    (REAL NAME)   
I first tried reading the Authors other book, Applied Cryptography, but that was way too technical for my needs.
Then along comes this book, at just the right level. I encourage everyone to read this to get a basic appreciation of the issues and underlying principles. The only disappointment was there is very little material on Chip/Smart Cards; this is a fast-evolving area of study, and I hope there is another edition soon with a chapter on this topic.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
5.0 out of 5 stars Security is a process, not a product., 10 Mar 2001
By A Customer
Do not expect in-depth technical information from this book, expect an overview of the technologies involved and a description of their generic security flaws. This book is far more important than any technical manual. It provides the reader with a lesson on "how to think" in security terms - not "what to think" or do. If you are interested in getting into IT security make sure this is the first book you read.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
4.0 out of 5 stars Make this book part of your library, 8 Jun 2003
By 
Mole "Mole" (UK) - See all my reviews
(TOP 1000 REVIEWER)   
The book is primarily about looking at security as part of an overall plan of action rather than dealing with specifics. It makes a great deal of sense and allows even fairly non technical people to understand the concepts. I would stongly suggest that anyone involved in dealing with a computer network buy this book as a starting point; then use the recommended reading list list to further understand the topic.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 2 3 | Next ›
Most Helpful First | Newest First

This product

Secrets and Lies: Digital Security in a Networked World (Computer Science)
£9.59
In stock
Add to basket Add to wishlist
Only search this product's reviews