BKSCSUHK.RVW 940609 Loompanics Unlimited P.O. Box 1197 Port Townsend, WA 98368 206/385-5087 fax 206/385-7785 loompanx@pt.olympus.net "Secrets of a Super Hacker", Fiery, 1994, 1-55950-106-5, U$19.95 Despite Loompanics' reputation as a "dark side" publisher, this may be a very good book. It deals primarily with social engineering, despite the purported coverage of other topics. It would therefore be valuable reading material around corporate lunchrooms, since forewarned is just a little bit more paranoid and, therefore, forearmed. As those involved with data security in the real world well know, cracking is basically a con job. Thus, The Knightmare, if he really is "super", is a con artist par excellence--and is pulling off a really great con here! Revealing the secrets of social engineering poses very little threat to security. Con men already exist and will continue to exist. Cracker wannabes are unlikely to be able to carry off a successful con if they need to rely on canned advice like this. On the other hand, it is much more likely to shock naive and non-technical users into an awareness of the need for suspicion and proper procedures--albeit possibly only temporarily. Thus, this information is almost inherently of more use in data protection than in data penetration. As for technical help for the cracker; well, are you really expecting great technical revelations from someone who knows there is a difference between baud and bits per second--and gets it backwards? Or, who thinks 140 and 19,900 baud are standard modem speeds? Who thinks Robert Morris' worm found "original" bugs? (And who doesn't know the difference between "downgrade" and "denigrate"?) All the successful hacks in the book rely on social engineering rather than technology. Lots of jargon is thrown in along the lines of, "You need X," but without saying what X really is, where to get it, or how to use it. The official definition of a hacker in the book is of the "good side" seeker after knowledge. As it is stated early on, a hacker *could* do lots of mischief--but doesn't. In the course of the text, though, the image is much more convoluted. The book almost seems to be written by two people; one who is within the culture and has the standard confused cracker viewpoint, and another, sardonically aware of pulling the wool over all the wannabes' eyes. The chapter on contacting the *true* hacker community is EST-like in its refusal to define when you might have made it, or how. Like I said, buy it for the corporate or institutional lunchroom. Make sure that the non-techies get first crack at it. If you'll pardon the expression. copyright Robert M. Slade, 1994 BKSCSUHK.RVW 940609 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '95, Toronto, ON, February 13-17, 1995, contact: rulag@decus.ca