REVIEW: "", R. J. Pineiro

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jul 10, 2003.

  1. BKCNSPRC.RVW 20030603

    "", R. J. Pineiro, 2001, 0-812-57505-9
    %A R. J. Pineiro
    %C 175 Fifth Avenue, New York, NY 10010
    %D 2001
    %G 0-812-57505-9
    %I Tor Books/Tom Doherty Assoc.
    %P 405 p.
    %T ""

    The author's bio, printed inside the back cover, indicates that he has
    almost two decades of experience in the computer industry. The
    material on his Web page (which, unfortunately, doesn't seem to have
    been updated in the past two years) points to work as a chip engineer.
    Which may explain the myriad errors in everything from network
    operations to authentication to screen resolution.

    From a technical perspective, the book presents a bit of a dichotomy.
    On the one hand, there is a rough awareness of much of the detail of
    the computer world. On the other hand, many of the particulars are
    wrong: the whole point of the Internet was that you wouldn't need to
    dial up each computer individually, high end workstation prices in the
    book are ridiculously inflated, and there is the standard mistake of
    assuming that a cellular phone actually has to be making a call in
    order to be tracked.

    The same rift occurs in regard to computer security. For once the
    good guys seem to do all the system penetration. There is a lovely
    piece of social engineering employed in order to install a kind of
    rootkit. One character takes advantage of a "beaming" (infrared data
    transfer equipped) personal digital assistant, and the inevitable fact
    that people write down lists of their passwords, in order to obtain
    access information. (The beauty of this scam is somewhat reduced
    because PDAs have extremely weak security at the best of times, making
    this plot device somewhat redundant.) But the attempt to make the
    action "visual" (one can almost hear the movie deal making going on)
    definitely comes at the expense of technical realism. The virtual
    reality "interface" makes little sense in terms of either networking
    or database management. The agents seem to simply operate by magic.
    The security systems are ludicrously vulnerable, with operations and
    controls completely exposed. There is a vague hint of "sniffing" for
    passwords as they are used, but security and intrusion detection
    systems would be operating in a resident mode (and generally internal
    to a system) so that they would have no need to submit passwords.
    Certainly the idea that major banks, corporations, and government
    institutions are all using static, reusable passwords, with no
    challenge/response systems, is sadly behind the times.

    A mixed bag, this. More than a passing familiarity with the computer
    world, but a ton of annoying mistakes.

    copyright Robert M. Slade, 2003 BKCNSPRC.RVW 20030603


    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Security Educ.:
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Jul 10, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.