Learn more Download now Shop now Learn more Shop now Shop now Shop now Shop now Shop now Shop now Shop now Shop now Learn More Shop now Shop now Shop now Learn more Shop Fire Shop Kindle Exclusive track - Ed Sheeran Shop now Shop Women's Shop Men's



on 12 July 2001
The previous reviewer suggests that universities ought to base courses around this book. Well we are doing just that. Last year, Secrets and Lies was recommended reading, but now I have broken the cryptography and the security into two separate teaching streams and this book forms compulsory reading for the security stream (his Applied Cryptography is strongly recommended for the other stream).
This is an excellent book, very approachable, especially for undergraduates. Not ideally structured to be a text book, but then there's not many text books that you'd want students to read from beginning to end, every word. Our students even get to try out some of the defensive mechanisms on an isolated network, and this book tells them of many of the possible pitfalls to guard against, and gives them some idea of just how big and how important a job it is.
Look forward to a generation of security-aware computer science graduates, with a fair bit of help from Mr Schneier and his books!
0Comment| 25 people found this helpful. Was this review helpful to you? Report abuse
on 16 March 2017
A novel as such reasonable informative but enjoyed it. Learned a few things.but not much.
0Comment|Was this review helpful to you? Report abuse
on 24 June 2017
Arrived as described. BTW basically covers 85% of the CISSP exam - just misses out of few developments that occured after 1999. A must have book for anyone remotely interested in info.sec.
0Comment|Was this review helpful to you? Report abuse
on 24 July 2016
This was on our reading list by a lecturer at University.
This book should be read like a novel rather than a textbook. Just like the Lecturer that recommended this to us, this book is full of information about computing and security. A little dry at times for me but is well worth a read!
0Comment|Was this review helpful to you? Report abuse
on 7 December 2017
Excellent thankyou very much :)
0Comment|Was this review helpful to you? Report abuse
on 17 January 2004
I've actually had to read this book for module on my university course (had the exam last week, think it went pretty well), and it's a shame that many people will likely avoid it for fear of it requiring in-depth technial knowledge of the internet, other networks and computers in general. Whilst a little knowledge of such things is needed, is only along the lines of what they are and what they are used for. The book has been written as a start-to-finish book, i.e. it's not meant for reading the different chapters at leisure - there is definite follow-on. It never reaches too steep a learning curve, but more impressive is the fact that it manages to cover as wide a range of sub-topics that "digital security" covers, as it does, whilst never feeling like it's skimped on any of those sub-topics. It helps that it's not meant to look at any particular sub-topic too closely - you find full details on how to build a firewall, for instance, or how to design a cryptographic algorithm. But it also provides a little background on topics of especial interest, such as the US and UK governments' usage of digital security (in particular cryptography and their citizens' right to privacy versus the need for evidence gathering). Most interesting of all, are the main important points that network administrators and users should really take note of (this includes people who use the internet). Most of them, I must admit, I kind of knew already (however reading them from one of the foremost security experts around helps keep them in my mind), but I still don't follow all of them as I should. I do follow them better than the average internet user, though, otherwise e-mail worms and trojans and those stupid hoax e-mails would not continue being so successful.
In short, if you use the internet regularly, or some kind of computer network at work, this really is a must read.
0Comment| 7 people found this helpful. Was this review helpful to you? Report abuse
on 31 October 2000
Bruce Schneier has written a book that is up to date, to the point and links to business needs. His previous book (applied cryptography) is excellent, but can only be used as a reference book for selecting the right crypto, not for understanding business implications of it. I use this book as the reference for a course I give on Data and Transaction Security, and find it most usefull as it provides real live example and also explains that the security must be linked to the needs and possible damage. I think this is a must read for anyone having a need to understand how Information security can become an asset in the digital world, and how "networked" corporations can secure their services while providing the needed functionalities and flexibility. It also explains that security is not only a matter of how much technology you put into it, it mostly depends on the people that manage and control it.
0Comment| 8 people found this helpful. Was this review helpful to you? Report abuse
on 21 August 2015
Very disappointed to find that this is a revised edition of a book written in 2000. I have no doubt that it has good material, but I would have bought something more recent if I had noticed.
0Comment|Was this review helpful to you? Report abuse
on 26 April 2001
When the news broke that a Russian cracker had successfully broken into the computer systems of global banking giant Citibank and stolen $12 million, the message was clear: inadequate computer security can cost millions. In Citibank's case, it was not just the money that it lost to the hacker, but many millions more that was subsequently withdrawn by people fearful that their life savings might be at risk. And such incidents are just the tip of the iceberg if the anecdotal evidence presented by Bruce Schneier in Secrets & Lies is any guide. But the most dangerous perpetrators are not necessarily skilled Russian crackers, but the intelligence organisations of major industrialised countries, including America, Britain, China, France and Russia.
Although many are engaged in industrial espionage on behalf of indigenous industries - particularly the French and Chinese secret services, according to Schneier - for the most part, their targets are normally other governments. And often, as the book illustrates, private companies collude: "Crypto AG, a Swiss company, sells encryption hardware to a lot of Third World governments. In 1994, one of their senior executives was arrested by the Iranian government for selling 'bad' cryptographic hardware. When he was released from jail a few years later, he went public with the news that his company had been modifying their equipment for years at the request of US intelligence," says Schneier.
In the corporate world, many incidents such as the Citibank theft never see the light of day, but there are few bounds to the ingenuity of the enterprising cyber-criminal. One included a JavaScript trojan horse program in the description field of a 'product for sale' ad on eBay. In this way, he was able to collect login and password information from anyone that viewed his page.
Others routinely use tools such as L0phtcrack to break into password protected systems. Older networking protocols, that require only seven, case-insensitive characters, can be cracked in hours. "On a 400-MHz Quad Pentium II, L0phtcrack can try every alphanumeric password in 5.5 hours, every alphanumeric password with some common symbols in 45 hours and every possible keyboard password in 480 hours," says Schneier.
And although Microsoft Windows NT does boast 128-bit encryption, the encryption keys are protected by a password system. This means that it is considerably less secure than people think. Indeed, Microsoft is learning only very slowly about how to build strong security into its products. The most important lesson for vendors to follow, says Schneier, is that such measures should be developed openly, and the computer community at large encouraged to test them to the limits before widespread adoption.
As a result, thousands of virtual private networks deployed worldwide are based on Microsoft technology that is littered with security holes. That technology is Microsoft's point-to-point tunnelling protocol (PPTP). "[It's] badly flawed," says Schneier. "They invented their own authentication protocol, their own hash functions and their own key generation algorithm. Every one of these items turned out to be badly flawed," he says. "It wasn't until 1998 that a paper describing the flaws was published. Microsoft quickly posted a series of fixes, which have since been evaluated and still found wanting," warns Schneier.
The reader of Secrets & Lies could be forgiven for thinking that security is futile. Schneier certainly knows his subject inside out. He can not only write knowledgably about such complex subjects as cryptography, but can write strong encryption algorithms himself. Schneier co-authored the Twofish Algorithm, one of the five finalists in the competition for the Advanced Encryption Standard (AES). And his first book, Applied Cryptography, sold more than 130,000 copies worldwide.
Secrets & Lies promises to match such sales. It is comprehensive, puts computer security into a wider context and is illustrated with numerous examples. As a result, not only is it entertaining, but is likely to end up on the reference shelf of thousands of CIOs worldwide.
0Comment| 20 people found this helpful. Was this review helpful to you? Report abuse
on 18 July 2002
This book isn't what I expected. I thought it would be like a detailed analysis of hacking techniques and vulnerabilities. Instead, Bruce takes an overall look at security and how it affects every aspect of our lives (e.g. smart cars, ATMs, etc.), of course focusing mainly on computer and internet security.

So, I was a little disappointed initially, but as I read on, I was impressed with the depth of knowledge presented with respect to security - as he explains how security is not just prevention (e.g. firewalls), but also about detection and response, which are equally important. Security is a process (not a product) and is a chain only as strong as the weakest link.

It's a great read, and he does discuss cryptography, password cracking - how most passwords are easily crackable (and how it's usually done) - including discussion about l0phtcrack. I really liked the way he included real life security disasters, which made it more interesting.

This book has made me much more aware of security issues and the importance of open source security testing. Highly recommend it.
0Comment| 5 people found this helpful. Was this review helpful to you? Report abuse

Sponsored Links

  (What is this?)