Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Frauds, Spies, and Lies", Fred Cohen

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Frauds, Spies, and Lies", Fred Cohen
Date: Thu, 10 Aug 2006 09:30:41 -0800 
BKFRSPLI.RVW   20060710

"Frauds, Spies, and Lies", Fred Cohen, 2005, 1-878109-36-7,
U$29.95/C$33.45
%A   Fred Cohen Fred dot Cohen at all dot net
%C   572 Leona Dr, Livermore, CA   94550
%D   2005
%G   1-878109-36-7
%I   Fred Cohen and Associates
%O   U$29.95/C$33.45 925-454-0171
%O  http://www.amazon.com/exec/obidos/ASIN/1878109367/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1878109367/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1878109367/robsladesin03-20
%O   Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   234 p.
%T   "Frauds, Spies, and Lies: and How to Defeat Them"

Over the years, lots of books have promised to teach us how to deal
with social enginering, fraudulent practices, con jobs, deceit, and
just plain old lies.  There are the pedestrian warnings that it is
dangerous out there, such as Barrett's "Bandits on the Information
Superhighway" (cf. BKBOTISH.RVW).  Or Mintz' listing of nasty Websites
in "Web of Deception" (cf. BKWBDCPT.RVW).  Or the repetitive
recounting of confidence games in Mitnick and Simon's "The Art of
Deception" (cf. BKARTDCP.RVW).  Generally these works retail similar
stories, with little variation and even less analysis.

Cohen's slim volume is a bit different.

Chapter one is a brief introduction to the structure of the book. 
Chapter two defines frauds, and then lists a huge series of variations
on the theme.  Many books that deal with the topic provide examples,
but this exhausting (and nearly exhaustive) catalogue, even with
minimal analysis, allows the reader to begin to see patterns and thus
furnishes a useful alert for awareness of the issues, regardless of
the student's background.  (Fred, I wonder if you are entirely correct
about 419 frauds.)  The topic of deception, in chapter three, deals
first with how we think, and what analytical mistakes we are likely to
make.  This preparation is augmented by examples of how fraudsters and
confidence tricksters can use these errors.  (An interesting addition
is a section dealing with self-deception, in regard to the
justifications scammers use.)  Cohen's wit and humour are used to good
effect in pointing out the absurdities of some of our thinking
patterns.  Most "spying" is not James Bond derring-do, and chapter
four outlines the means that "HUMINT" (human intelligence) specialists
use to obtain information, mostly in normal conversation.  This
material would be very useful in creating security awareness courses
dealing with social engineering.  Defence and counterintelligence is
covered in chapter five.  Chapter six leans more towards the
countering of various types of frauds.

This is not your normal security book, but then typical security works
have had remarkably little success in addressing this particular
topic.  Security professionals will find little new in these pages,
but the aggregation of the variant frauds is, itself, useful. 
Certainly no specialized background is needed to approach the text:
anyone can pick it up and get a good deal of useful security awareness
from a perusal of chapter two alone.  The size of the work should not
be daunting for anyone, and the content is quite readable.  (I must
note that the typography and formatting creates a bit of a problem:
the lack of "white space" can sometimes make section changes a bit
hard to follow, despite the careful and clear numbering of sections
and subsections.)

I'd recommend this book, particularly as bedtime reading for any
security professional, and for those involved with security awareness
programs.  However, it should have a broader readership: any
reasonably intelligent person will find something useful and helpful
for building a safer and enlightened attitude to the dangers of this
complex world.

copyright Robert M. Slade, 2006   BKFRSPLI.RVW   20060710
infosecbc@yahoogroups.com


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
         If it's     there and you can   see it, it's real
         If it's     there and you can't see it, it's transparent
         If it's not there and you can   see it, it's virtual
         If it's not there and you can't see it, it's *gone*
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Frauds, Spies, and Lies", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Re: Some Questions About the CISSP Examination, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] CCC Notice 198/2006 - Idea Workouts; Antifraud; IT Audit; Security Metrics; i.e. a little of everything today, Dan Swanson
Previous by Thread:  [CISSP-D] Some Questions About the CISSP Examination, Adnan Ali
Next by Thread:  [CISSP-D] CCC Notice 198/2006 - Idea Workouts; Antifraud; IT Audit; Security Metrics; i.e. a little of everything today, Dan Swanson
Indexes:  [Date] [Thread] [Top] [All Lists]