BKMZNAGN.RVW 20041009
"The Mezonic Agenda", Herbert H. Thompson/Spyros Nomikos, 2004,
1-931836-83-3, U$34.95/C$50.95
%A Herbert H. Thompson
%A Spyros Nomikos
%C 800 Hingham Street, Rockland, MA 02370
%D 2004
%G 1-931836-83-3
%I Syngress Media, Inc.
%O U$34.95/C$50.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O http://www.amazon.com/exec/obidos/ASIN/1931836833/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1931836833/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/1931836833/robsladesin03-20
%P 368 p. + CD-ROM
%T "The Mezonic Agenda: Hacking the Presidency"
Using a fictional story and premise to examine serious security
concerns seems to be getting more popular. This one purports to
discuss the issues surrounding electronic voting.
As a piece of fiction, the book isn't very good. The dialogue is
stilted, the writing and sentence construction is often jarringly
awkward, and the plotting, description, and story subtext are
simplistic and formulaic, making the occasional intrusions of
"reality" (which would otherwise give depth to the narrative and
characters) odd and unwelcome. Characterization is telegraphed in
strange ways: the e-voting analyst's name is Chad, someone driven
insane by personal tragedy is called Payne, and a turncoat politician
is Shift. (The copy editing is reasonable, at least as far as
spelling is concerned, but there is a very strange, and repeated,
typographical error of "Davis'ss".) There are a number of mistakes
that would have thriller aficionados rolling in the aisles: Amsterdam
isn't a member country of Interpol because it isn't a country,
Interpol is not an investigative agency (they do communications and
liaison), and subliminal advertising has proven to be extremely
undependable.
The technical content is uneven. There are good bits: the description
of buffer-overflows doesn't handle all cases but is clear. The
example of SQL injection is missing pieces, but isn't bad. A lot of
it is realistic, but there are frequent over-simplifications. Reverse
engineering is not just the finding of buffer overflow exploits.
Various types of blackhats are grouped in one undifferentiated lump.
Silly errors are made, such as a conflict in IP addressing between
pages 39 and 44. The importance of a paper trail is mentioned, but
somewhat peripherally. The book itself does not mention the bulk of
the problems with, and reservations about, electronic voting systems,
although an appendix touches on many of them briefly. Probably the
biggest problem relates to why the analyst is proceeding in the way he
does: without being able to review source code, any problems that you
do find will be largely by accident. And, of course, in any kind of
software review you can prove the presence of bugs, but never their
absence.
As fiction the book doesn't work very well. As a review of the
problems involved with electronic voting there is a lot of verbiage to
get through in order to find the few points of interest.
copyright Robert M. Slade, 2004 BKMZNAGN.RVW 20041009
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
Life was simple before World War II. After that, we had systems.
- Admiral Grace Murray Hopper
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
------------------------ Yahoo! Groups Sponsor --------------------~-->
$4.98 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/Q7_YsB/neXJAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
