Secrets and Lies: Digital Security in a Networked World at Dominant Systems Book Store

Whom can you trust? Try Bruce Schneier, whose rare gift for common sense makes his book Secrets and Lies: Digital Security in a Networked World both enlightening and practical. He's worked in cryptography and electronic security for years, and has reached the depressing conclusion that even the loveliest code and toughest hardware still will yield to attackers who exploit human weaknesses in the users. The book is neatly divided into three parts, covering the turn-of-the-century landscape of systems and threats, the technologies used to protect and intercept data, and strategies for proper implementation of security systems. Moving away from blind faith in prevention, Schneier advocates swift detection and response to an attack, while maintaining firewalls and other gateways to keep out the amateurs.

Newcomers to the world of Schneier will be surprised at how funny he can be, especially given a subject commonly perceived as quiet and dull. Whether he's analyzing the security issues of the rebels and the Death Star in Star Wars or poking fun at the giant software and e-commerce companies that consistently sacrifice security for sexier features, he's one of the few tech writers who can provoke laughter consistently. While moderately pessimistic on the future of systems vulnerability, he goes on to relieve the reader's tension by comparing our electronic world to the equally insecure paper world we've endured for centuries--a little smart-card fraud doesn't seem so bad after all. Despite his unfortunate (but brief) shill for his consulting company in the book's afterword, you can trust Schneier to dish the dirt in Secrets and Lies. --Rob Lightner --This text refers to an out of print or unavailable edition of this title.

Customer Reviews & Comments
I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I've seen Bruce speak twice and he never fails to impress. "Secrets and Lies" is no different. This book is not designed to teach readers about the latest security technologies. It was not written to promote specific products, although Bruce explains how the book's themes caused him to revamp his Counterpane firm. What the book does is teach security professionals how to think about their craft. I would recommend it to everyone in the field from day one, but its deeper meanings would probably not be evident until a year's work on the front lines. Some of the ideas aren't new. For example, I've heard members of the L0pht petition for a software Underwriter's Lab for years, and others have encouraged liability laws for software vendors. Bruce builds on these ideas and weaves them into his own prescription for dealing with complex and inherently insecure systems. This is the type of book that gives a professional the vocabulary and framework to organize his understanding of the security process. "Secrets and Lies" creates the "little voice" that warns against a vendor's promises to solve all your problems with a $30,000 box-of-wonders. Of particular interest to me, after training in economics, is Bruce's insistence that "the buying public has no way to differentiate real security from bad security." It logicially follows that the market cannot address this problem, since "perfect information" does not exist. Therefore, outside organizations (perhaps an FDA for software?) should get involved, but not by outlawing reverse engineering and security tools. I give five stars to books that make the complex simple, that reveal and enhance technical details, or that change the way I look at the world. This book fits two, and possibly three of those categories. Bravo, Bruce.

Back To Top