- Taschenbuch: 441 Seiten
- Verlag: Trine Day (17. April 2014)
- Sprache: Englisch
- ISBN-10: 1937584801
- ISBN-13: 978-1937584801
- Größe und/oder Gewicht: 15,4 x 2,4 x 21,5 cm
- Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
- Amazon Bestseller-Rang: Nr. 427.433 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
Behold a Pale Farce: Cyberwar, Threat Inflation, & the Malware Industrial Complex (Englisch) Taschenbuch – 17. April 2014
|Neu ab||Gebraucht ab|
Kunden, die diesen Artikel gekauft haben, kauften auch
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
"Bill Blunden and Violet Cheung have produced something of a first on the subject, a comprehensive book on it that isn't like all previous works on the matter. The genre of cyberwar books can be explained in less than half a dozen words [...] Blunden and Cheung's is the one to read. Unlike the rest of our so-called 'books' on cyberwar (take this best-selling example), Behold a Pale Farce [...], won't badly date if another Edward Snowden comes along. It is a true chronicle, a slice, of our technological history." —George Smith, Sitrep, globalsecurity.org"
Über den Autor und weitere Mitwirkende
Bill Blunden is an independent investigator whose current areas of inquiry include information security, antiforensics, and institutional analysis. He is the author of several books, including Offshoring IT: The Good, the Bad, and the Ugly and The Rootkit Arsenal. Violet Cheung is a professor of psychology at the University of San Francisco. Her research addresses self-control, aggression, and war. They both live in San Francisco.
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Cyberwarfare is a term which we have been repeatedly exposed to in the MSM, if not bludgeoned with, over the past six years. Both from politicians, and various actors who have an economic or political incentive to participate actively in "threat inflation". The net effect of these voices has been to foment a crisis mentality, and as Bill aptly documents and describes, to drive spending and budgets beyond the bounds of what otherwise could be achieved through rational fact based public discourse. As anyone within the Information Security industry will tell you, an attack vector normally has to have an actor(s) with a motive constituting a threat, a vulnerability or in this context a whole series of vulnerabilities within a set of systems, a number of exploits to take advantage of the aforementioned vulnerabilities, then impacts or outcomes that happen from exercising the exploits, and finally and most importantly meaningful consequences. This last point cannot be overstated. We hear all the time about thousands of attacks being launched against this or that, but they amount to little more than stones thrown against a massive iron gate...they are nuisances and nothing more.
When it comes to critical infrastructure you can trot out a whole list of vulnerabilities that have been documented within various ICS/SCADA components. Theoretically this represents potential exploits. But it is a lot harder to turn a potential exploit into a meaningful consequence than the number of documented vulnerabilities suggests. And this explains in large part (leaving aside actor motives for the moment) why there is nearly a complete absence of publicized attacks which have had meaningful consequences (other than being a nuisance to information security officials responsible for protecting said infrastructure). Bill points just this fact out, again and again. The hype over the threat has not translated into consequences that we can see and measure. And even some previously listed "cyber attacks" have been found to be not be cyber attacks at all, but failures of equipment due to environmental or operating conditions unrelated to information security breaches.
So in the absence of documented events constituting validation of all the fear and threat inflation we have had over the past six years what is one to make of it? Bill points out that we have seen this show before. We have seen various actors, both private and governmental inflate the threat in order to drive spending or public policy in excess of what could be critically justified if one adhered to a proper risk analysis framework which measured the actual threats and vulnerabilities against various outcomes. Threat inflation within information security and the economic incentives to engage in it, goes back at least to the dreaded Y2K bug where we were told that planes would drop from the sky as soon as computer clocks rolled over to the year 2000. The media sells fear, and various actors line up to provide the cure.
Bill does not say that there are no real threats. He goes on to point out that there are plenty of economic and espionage threats within cyberspace; they are real, growing, and cause significant (documented with $$) consequences. What he does do is separate the actual as well as reasonably probable threats from the hype of cyber doom.
If you are interested in the merging of economics, politics, propaganda, and information security you will find this book valuable if for no other reason than the extensive citations which will allow you to walk back the author's arguments as to why we are here, how we got here, and as the old latin phrase denotes "cui bono?"...or "who benefits?" from this existing state of affairs.
Well written, accessible, and fact filled.
If you can get past it's unfortunate political bent, it does do a good job of retelling the history of cyber events. At a technical level, Blunden knows his stuff. The book does an excellent job of citing where it's information comes from, as each chapter concludes with pages of references. The book does accomplish the goal of exposing how we are not in a "cyberwar", and we have not had any cyber events that were on scale with any sort of natural disasters or other crime.
Conclusion: You'll get a good technical cyber history lesson (or refresher) from this book, but unfortunately it's too strongly biased.
-bias does show through
-poor proofreading and editing (hard to believe this was at multiple publishers)
-low quality printing, especially given the relatively high price for a paperback.
Second the good points:
- documented by extensive footnotes at end of each section.
- dry but not pain(t)fully so
- demonstrates clearly the problems with attribution
- demonstrates clearly that there are many players (including US govt) in this game
- explains many of the recently used techniques related to malware insertion/usage
On the whole, a whorthwhile read. Eventhough the author's bias shows through on a number of occasions, their points are backed up with facts unlike other books which also have a clear bias. Given the less than great production value, recommend picking up a used copy.