Archive

Archive for the ‘Books’ Category

Approaches to enterprise information protection changing – as Axelrod, Bayuk, Hunt and others show

March 18, 2009 1 comment

A book I contributed to is available on Amazon.  Warren Axelrod and Jennifer Bayuk edited this collection of essays on security and privacy. Axelrod Book
I think it is a special, unique view of how physical and logical threats, plus dynamic business and compliance trends are changing how security needs to be done.  My chapter was on security as it relates to the Transportation industry.  I took a logical and physical view of the problem.

Book Review: Stealing Your Life

I used to be disgusted

I hear so much about Identity theft that I was almost bored
by the subject. Until recently, that
is. I was bored because I was
uniformed. I’m not anymore. I’m like an Anti- Identity Theft Crusader
thanks to an energetic and eye-popping new book. Stealing Your Life (2007, Broadway
Books/Random House, 242 pp) Abagnaleby Frank Abagnale tells stories, demystifies laws,
and offers remedies around the fastest growing, most pervasive crime in the
world.

Just the experiences of my friends and family who have
suffered various forms of identity theft have sent chills down my spine as I shared
their pain and imagined the sense of violation they must have felt. One cousin discovered too late that her
credit card had unauthorized charges. An
aunt found thousands of dollars of checks and debits on her bank account that
were fraudulent.

Now I try to be amused

Frank Abagnale’s stories are more colorful and more alarming
than mine. What struck me most was the breadth of cons resulting in identity
theft of one type or another. Stealing credit card numbers, commandeering bank
accounts, abusing social security numbers are just the beginning. Identity
thieves work in rings, or alone, they are precocious kids and unscrupulous
grandmothers. They are Methamphetimine addicts and college professors. They are computer illiterate and software developers. They live in the next hemisphere and in the next apartment. They have criminal records and they are clean as a whistle.

We brought it on ourselves

The cons look so easy, and the bad guys get caught so
rarely, it’s a wonder every isn’t doing it. And its clear that it is just a matter of time before it hits me and
you. So what weapons do we have to
combat the threat? To fight, we must
understand the enemy, Abagnale says. And
that enemy is the system and the society we’ve created and grown accustomed
to. For example, our constant complaints
that the process of checks clearing banks was taking to long led to legislation
that made identity theft easier. We had
debit cards to complete strangers. We
freely surrender our privacy and our identities if it means completing the
service application at the cell phone store a few minutes quicker. By the way, do you ever wonder what happens
to that piece of paper the kid in the mall filled out with your entire life
spelled out on it? Hint: stand there
while he faxes it to headquarters and then ask him to shred it or give it back
to you.

Slow ‘em down, or make them go next door

Abagnale has 20 steps to proactively protect your
identity. None of them cramped my style
or made it seem like I had to disrupt the way I lived or did business. Some were common sense, like shredding financial statements before pitching them, others were
subtle, like opting out of information sharing programs of banks and credit card companies. I instituted a couple
of the practices immediately.

He also explains the PrivacyGuard service and identity theft
insurance offered by financial institutions. (The former is effective if you purchase the right options, the latter
is a scam.)

Credit reporting gestapos, er, bureaus

Abagnale’s guided tour of the dark corridors of credit
reporting bureaus was fascinating. You
get the clear impression these cockroaches of the financial services community
couldn’t care less about you or your financial health. They simply traffic information making no effort
to ensure that the information is correct. I learned that the hard way a few years ago when I had to dispute charges
on a credit card that also showed up on the credit bureau records. The burden was on me to prove that the
charges were false. Abagnale helps you
understand how the system works, and how to fix problems.

What if its too late?

If you’ve already been a victim, or are suffering today, then
Abagnale’s tips on restoring your good name will help. Alas, today, neither the banks, the
government, nor law enforcement is organized to prevent identity theft, so most
of the time you will have to do the leg work yourself. But eventually you can beat it.

Stealing Your Life is an easy book to read. The author’s storytelling style, combined
with his lifelong expertise studying cons and detecting fraud, make this book
the best tutorial on identity theft and best practices to fight it.

Book Review: Richard Clarke’s Breakpoint

December 22, 2006 Leave a comment

I got my advanced copy of Richard A. Clarke’s newest novel, Breakpoint, and devoured it. Here’s my review.

Breakpoint captured my imagination in the first pages, and completely possessed me for the next 300. The story, set in the year 2012, describes a terror attack on the United States’ critical infrastructure with unexpected twists. An odd-couple of two unconventional investigators from the U.S. Intelligence Analysis Center are tasked to find the people responsible in just a few days, before the President launches a full-scale military campaign against an unconfirmed enemy.

As the story unfolds, the investigators race to centers of high-tech around the country, finding clues at MIT, NASA and the new million square foot Googleplex building.  Techies and geeks will be very turned on by this book, but the story is gripping even to the non-technophile.

Breakpoint
The book is especially fun and frightening as Clarke weaves a convincing story from technology announcements that have already been made, like the proposed massive Google building announced in 2005, using nerves to connect artificial limbs to the brain, exoskeleton fighting suits that give a man superman-like abilities, and intelligent video systems that can interpret human behavior. All of these technology advances are already here, and they play a role in the book. The reader will learn loads of interesting tidbits, like how many bombs it takes to cut transatlantic telecom lines, the dependence of our utilities on unprotected SCADA systems, and how many people drink Balvenie in Washington.

Read more…

Categories: Books Tags: , , , ,

Book Review: Eve Ensler’s Surprising Security Book

December 14, 2006 1 comment

Eve Ensler wrote a surprisingly relevant book about security. Ms. Ensler is the playwright and performer respected around the world and known for her barrier-breaking work The Vagina Monologues.  Her newest book Insecure At Last: losing it in our security obsessed world is surprising because while its author is not associated with the security industry at all, the book tackles some of the most important questions in security.

Insecure_at_last
How is it that the more we spend on security, the less secure we feel?  I know dozens of philosophers, political scientists, and security professionals who struggle with that dilemma.  Economist Robert A. Book of National Defense University described security as falling along a spectrum. One end of his security spectrum indicates no security and total accessibility, like a box of money on the street corner.  The other extreme describes total security and no accessibility, like a box of money encased in concrete.  The middle of Professor Book’s Spectrum is Reasonable Security, like a properly functioning ATM with a locked money box and accurate audits.

The answer is probably that we spend more on security because the threats causing us to feel insecure grow.  But her point is still valid.  Maybe we, as a culture, are treading too close to "security for security’s sake" forgetting that security is not the point.  A peaceful life is the point.  Or a productive business.  Or a vibrant growing society is the point.

Read more…

Categories: Books Tags: , , ,

Book Review: RFID Security

December 6, 2006 Leave a comment

RFID Security by Frank
Thornton
, Brad
Haines
, Anand
M Das
, Hersh
Bhargava
, et
al

Published by Syngress,
2006.

The authors have done a good job illustrating technical
concepts with straightforward explanations and everyday examples. By the end of
the first chapter, I felt like an expert in the inner workings of RFID, even
though I started with only the foggiest notions of how it all worked.

Rfid_security_1

The reader will quickly understand the differences in RFID
technologies used for various purposes like access cards for entering
buildings, The SpeedPass keys at Shell stations, automated toll systems on the
highways, or the electronic merchandise tags at Wal-Mart.

Just differentiating those technologies makes the book
worthwhile. Then the second half takes the reader on the adventure of breaking
and enhancing the security of RFID systems. RFID is fundamentally susceptible
to min-in-the-middle attacks and cloning. In the information security world,
those threats gave rise to technologies like firewalls, virtual private
networks (VPNs), and intrusion detection systems (IDS). However in most of
today’s RFID deployments security is downright ignored. Even systems like door
access controls – themselves designed for security purposes – suffer basic
security flaws.

The last section of the book explores ways to secure RFID
systems. This section gets a bit technical and may only be interesting to the
most devoted security professional, but if you make it through to the end
you’ll have a solid understanding of when to use RFID, when to avoid it, and
how to ensure the greatest value.

Categories: Books
Follow

Get every new post delivered to your Inbox.