Secrets and Lies : Digital Security in a Networked World

While it may be light on technical detail, the author does a wonderful job at taking what most people consider "magical" (and foreign) topics concerning computer security, and gives them life and meaning that's relevant in our increasingly computerized lives.

A good book for anyone interested in exactly why, for example, Windows NT's security really is quite laughable. Don't look for a breakdown of protocols tho.

Rating:
Summary: A great book for your paranoia
Review: A great, readable book on computer security, which attempts to teach with parables, the philosophy of computer security. While the today's best security is tomorrow's easy hack, the philosophy is not going to change for securing communications.

It shows through examples that being reasonably paranoid and careful, can make your communications reasonably secure, and that spending a lot of money and being unreasonably paranoid, can also make your communications reasonably secure unless someone who needs the communication keeps the key in the top drawer of their desk where the cleaning lady can find it.

Because you can read the book, this book will do more for computer security than all the books you drag to the office that remain on the shelf. Buy it, read it, and enjoy it.

Rating:
Summary: Disappointing
Review: This is a sales book! The book outlines many of the security problems today, but offers only one solution: to hire the author's company.

Rating:
Summary: Excellent and interesting book
Review: Secrets and Lies is, as other reviewers have said, a great read, and it is also the rare technical book written so that it has a lot to offer to the generalist as well as the computer specialist.

I was entertained, educated, scared at times but not terrified. It did change the way I choose passwords ;-).

I read a fair number of these kinds of books being in a computer oriented profession (AI developement) but this was the only one I have read in years that kept me turning pages at night later than I wanted to sleep.

It's on my christmas list this year for many friends and relatives in the computer industry.

Rating:
Summary: A must-read for true computer security professionals
Review: I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I've seen Bruce speak twice and he never fails to impress. "Secrets and Lies" is no different. This book is not designed to teach readers about the latest security technologies. It was not written to promote specific products, although Bruce explains how the book's themes caused him to revamp his Counterpane firm. What the book does is teach security professionals how to think about their craft. I would recommend it to everyone in the field from day one, but its deeper meanings would probably not be evident until a year's work on the front lines.

Some of the ideas aren't new. For example, I've heard members of the L0pht petition for a software Underwriter's Lab for years, and others have encouraged liability laws for software vendors. Bruce builds on these ideas and weaves them into his own prescription for dealing with complex and inherently insecure systems. This is the type of book that gives a professional the vocabulary and framework to organize his understanding of the security process. "Secrets and Lies" creates the "little voice" that warns against a vendor's promises to solve all your problems with a $30,000 box-of-wonders.

Of particular interest to me, after training in economics, is Bruce's insistence that "the buying public has no way to differentiate real security from bad security." It logicially follows that the market cannot address this problem, since "perfect information" does not exist. Therefore, outside organizations (perhaps an FDA for software?) should get involved, but not by outlawing reverse engineering and security tools.

I give five stars to books that make the complex simple, that reveal and enhance technical details, or that change the way I look at the world. This book fits two, and possibly three of those categories. Bravo, Bruce.

Rating:
Summary: A Great Read
Review: Interesting, engaging, entertaining, informative. The best book on the topic I've ever read.

Rating:
Summary: a disappointment
Review: I read about two-thirds of this book. I was expecting more based on the author's reputation. I didn't come away with much that was memorable, other than don't drop a hand granade on your PC. There's not much technical meat here. I think that this book is for non-technical types.

Rating:
Summary: Entertainingly poignant
Review: Bruce Schneier has said what everyone has feared all along, if someone wants to hack your server you can't stop them. Bruce explains that we might be able to discourage the weekend hacks, but the true professional will eventually succeed.

Similar to the Lojack car alarm system. Instead of preventing the thief from stealing your car, just track them down and apprehend them. Create a deterrent system, so that hackers know they could steal the data, but will probably be caught shortly after.

For such a dry subject, this book was very enjoyable to read.

Rating:
Summary: Schneier shines
Review: Schneier again demonstrates his mastry of the computer security world with this fascinating read. Odd for most computer books, this title provides an easy to read, well-written complement to his highly technical 'applied crypto'. As a security professional, my bookshelf would be lacking w/o this book. Thanks, Bruce!

Rating:
Summary: I'm awake now!!
Review: Bruce's book has certainly opened my eyes to issues in network security to consider for the future. That is, not 10 years from now but today and tomorrow. His books are well-written and very easy to understand. I am about 3/4 of the way through the book and I may just start from the beginning and do what one reviewer said 'keep a notepad by for ideas that my come to you'.

This book helps us to look at computer and network security from a global view, from hardware and software to issues not directly working on a computer such as policies and procedures. That is the way we should approach security and he has enlightened it for us. He shows the path really well in this book; now it is up to us to experiment and see if it works.

This book like Bruce's other books and articles are written with a "This is how it is" approach. That is why this book has waken me up. I knew it but I didn't want to see it. Working in an educational atmosphere with a few thousand users, I have to wake up now. Despite the problems that plague computer and security personnel Bruce reminds us that we can still operate a network safely and securely but we have to be vigilant and aware.

Great book!