REVIEW: "Conspiracy.com", R. J. Pineiro

BKCNSPRC.RVW 20030603

"Conspiracy.com", R. J. Pineiro, 2001, 0-812-57505-9
%A R. J. Pineiro
%C 175 Fifth Avenue, New York, NY 10010
%D 2001
%G 0-812-57505-9
%I Tor Books/Tom Doherty Assoc.
%O www.tor.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 405 p.
%T "Conspiracy.com"

The author's bio, printed inside the back cover, indicates that he has
almost two decades of experience in the computer industry. The
material on his Web page (which, unfortunately, doesn't seem to have
been updated in the past two years) points to work as a chip engineer.
Which may explain the myriad errors in everything from network
operations to authentication to screen resolution.

From a technical perspective, the book presents a bit of a dichotomy.
On the one hand, there is a rough awareness of much of the detail of
the computer world. On the other hand, many of the particulars are
wrong: the whole point of the Internet was that you wouldn't need to
dial up each computer individually, high end workstation prices in the
book are ridiculously inflated, and there is the standard mistake of
assuming that a cellular phone actually has to be making a call in
order to be tracked.

The same rift occurs in regard to computer security. For once the
good guys seem to do all the system penetration. There is a lovely
piece of social engineering employed in order to install a kind of
rootkit. One character takes advantage of a "beaming" (infrared data
transfer equipped) personal digital assistant, and the inevitable fact
that people write down lists of their passwords, in order to obtain
access information. (The beauty of this scam is somewhat reduced
because PDAs have extremely weak security at the best of times, making
this plot device somewhat redundant.) But the attempt to make the
action "visual" (one can almost hear the movie deal making going on)
definitely comes at the expense of technical realism. The virtual
reality "interface" makes little sense in terms of either networking
or database management. The agents seem to simply operate by magic.
The security systems are ludicrously vulnerable, with operations and
controls completely exposed. There is a vague hint of "sniffing" for
passwords as they are used, but security and intrusion detection
systems would be operating in a resident mode (and generally internal
to a system) so that they would have no need to submit passwords.
Certainly the idea that major banks, corporations, and government
institutions are all using static, reusable passwords, with no
challenge/response systems, is sadly behind the times.

A mixed bag, this. More than a passing familiarity with the computer
world, but a ton of annoying mistakes.

copyright Robert M. Slade, 2003 BKCNSPRC.RVW 20030603

--
======================

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-

Rob Slade, doting grandpa of Ryan and Trevor