Books about e-privacy (found 313 titles)

Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice)

Customes reviews 11

A great coverage on Cloud security (2010-07-24)

For organizations that are planning going to the cloud, security is usually a top concern. This book has a comprehensive coverage on security--infrastructure security, data and storage security, identity and management. What I liked the most in this book is its coverage on Federated Identity and regulatory compliance. This book can a good resource for people who are planning on cloud computing solutions.

Real Bad Beginning - but gets better after chapter 3 (2010-07-09)

I want to be fair here. I bought this book not to read hype on what looks like an emerging technology, albeit massively overhyped but, rather, to read about legal and business issues that might moderate its acceptance. To be fair, I will return to give my appraisal after I have finished but I was forced to share this so as to, perhaps, give pause to others interested in buying this book. I've seen webinars that refer to cloud computing as 2-10 technology, massively hyped for 2 years and will take the next 10 for the industry to sort out where it fits (and maybe more importantly where it does not.

The first two glaring take-aways I've seen in this book is 1) the mashing of social web to cloud computing, vis-a-vis considering MySpace, FaceBook, and other social web sites as examples of cloud computing, they are not; 2) the notion that end users will be writing their own programs in the clouds vs. the, since the dawn of software development, programmer (or more recently developers) writing the programs, tech writers writing the documentation, marketeers hyping the program and end users buying or using, with embedded ads, the software. Both of these are orthogonal to 'cloud computing'. While it may be someday, in a "Battlestar Gallactica" age end users may speak to their computer in whatever language they speak and tell it what they'd like it to do. For now it takes specialized training and while the computer languages used are different syntactically from those used in the '60s and '70s, fundamentally they are not different at all. Of course someday maybe everyone will be flying their cars to work and to play. On your next flight anywhere, tap the pilot and ask him how much specialized training he's had in order to taxi a plane, much less leave the ground and return it in one piece to where ever they said they would land it.

The authors talk about computing being a utility as electricity providers (or cable providers) yet they also talk about global compute clouds. Are there global utility companies? They talk about replacing NetBeans, Eclipse, Microsoft Visual Studio (IDEs) with some Utopian ephemeral global software development environment where the tools and end products exist virtually in some ether. None of that has to do with IT Governance and Security much less Amazon, Terramark, Eucalyptus, RightScale, or CloudSwitch. Where they have another 10-11 chapters I withhold final judgment but I felt I owed it to others innocently looking for a good source of information, not hand-waving on this subject. Just as with any emerging technology or software development language there are plenty of people that emerge from the woodwork to write a book on it, totally independent of their experience with it. Confusing Cloud Computing and Web 2.0 is not going to garner confidence. If unwary readers do not discover this until after they have purchased the book, it will not make any difference.

As a professional software developer I can tell you provisioning an image for execution in the cloud is more intensive than provisioning a bare metal server. End users are not going to be doing anything more than issuing a run command on a pre-existing image.

Here is my take: Running your business at an undisclosed facility managed by Amazon (or others) is no more cost effective than running your business out of a service center was in the 70's or 80's. If you don't physically control the data, you don't physically control access to it either. Nowadays you are under legal obligation to do so. I spent the money on this book hoping there was more substance to the security, privacy, and governance aspects of cloud computing than I just summarized.

Since one of the authors has decided to launch personal attacks on me, I will continue with my review with Chapter 3. I didn't really pick up on this in chapters 1 and 2 but I am now concerned about who edited this book. Even at the high school level children are taught to never ever cite Wikipedia for their references. I noticed the bulk of the footnotes cited are wikipedia. Since the source of information found on Wikipedia is unknown, its validity is also unknown. The professional standard for citations are peer reviewed sources. By using these there is a level of confidence a claim made, by virtue of it's citation is likely of high quality.

An assertion, I believe, made several times, and characterized on pg 52, "The new mantra of 'the browser is your operating system...browsers have become the ubiquitous operating systems for consuming cloud services". I would call to the reader's attention in any legitimate Computer Science source the definition of an operating system. Internet Explorer is not an example of an operating system. Furthermore, services, clouded or not, where the Internet browser is the user interface (UI or GUI in this case), are but one type of solution space, often characterized as LAMP or Linux, Apache, MySQL, and PHP. This is totally independent of cloud anything. I contend whenever one writes a book (or publishes one) there are two axises of importance, the first being is the material relevant to the topic and is the material factually accurate. While one might chose to host multiple web containers in the 'cloud' to take advantage of the elasticity of the cloud for scaling up and down with volume, another pervasive class of problem that takes place in a cloud-like environment is compute scaling, such as can be seen in grid computing. In this space a problem may arise where 100 or 1000 processors are required to solve a compute intensive problem but only for a few hours. This, as opposed to 24x7x365, is an excellent usage of public cloud (burst mode). To the extent the author is, thus far, focusing on web based interaction with the cloud he calls out but never elaborates on why there is any more vulnerability for a web container hosted at an Amazon secure facility, for instance, than there is within one's own perimeter. The threat vector is port 80 or port 8080. Of course, if there really is one, the obvious solution is to use off port, two phase SSL, where both the client side and server side are digitally authenticated and encrypted and host the open (proxy) website(s) within your perimeter. In either case the DoS attack on port 80 or 8080 is independent of the location of the web container. Isn't that correct Tim?

In chapter 3, pg 52, "Using hijacked or exploited cloud accounts, hackers will be able to link together computing resources to achieve massive amounts of computing without any of the capital infrastructure costs". Really? what about the account owner seeing running instances on their accounts they aren't using? How long does it take for a credit card owner or provider to realize an account is being misused? There is an easier vector for this, they are called bots and have been around for years. One need but Google the program Asphyxia. If you, for any decision, had a choice of hard vs. easy...which do you think a hacker would take?
In chapter 3, the author discusses type 1 and type 2 hypervisors. This is something of an arcane distinction but he refers to Xen as type 1, bare metal. This actually is incorrect as Xen is hosted by an operating system meaning it is not bare metal [...]. The authors spend much time on Xen, which is relevant from the perspective of security attacks against it but in that vein not a single mentioned, that I have found, is made of KVM which is part and parcel of all remotely recent versions of Linux from, I believe 2.6.20 and up. Ubuntu Enterprise Cloud is based on KVM, as is RedHat's virtualization and cloud family. But, this is why they make second editions.

Another assertion the authors make in chapter 3 (pg 59), "Security requirements such as an application firewall, SSL accelerator, cryptography, or rights management... are not supported in a public SaaS, PaaS, or IaaS cloud". Huh???? I refer the reader to Amazon's VPC, Intel's Service Gateway, SELinux, UFW. That is simply a patently false statement. Of course you can host your applications on an instance of an image configured with SELinux in enforce mode, fully firewalled, with no open connections on unsecured ports, and be quite secure. However, if this book was written in 2008 only to be published in early 2009 this may have been a more true statement then. However few people knew what cloud was in early 2009 and the entire field has rapidly evolved since the authors wrote this book. This is why it is necessary for authors, and publishers, to maintain an errata site, perhaps in the cloud, where corrections and retractions to, best case dated, worst case patently false, statements can be made. Intel, by the way, is also producing encrypting NICs (network interface cards).

While I still subscribe to my previous comment about if you don't control your data you don't control who has access to it, I do have an addendum to it. Cloud computing is a rapidly evolving field. A book, written by anyone, 2 years or more ago on cloud computing is, almost by definition, wrong or highly questionable. Technology simply moves faster than publishers generally do. If you have data that you don't want to or, legally, can not share it, in all likelihood, does not belong in a public cloud. If you are risk averse, it does not. If you are risk tolerant then the decision should be dependent on talking to vendors, cloud and operating system (no, not web browsers). What are the cloud vendor's SLA, what is the insurance on data breaches, what is the state of the art vis-a-vis SELinux, encrypting NICs, encrypted databases, the cloud vendor's physical security, software security, etc. Who had physical access to software keys?

We are a long way from the George Jettson world. In our lifetime people won't be flying their cars to work. Provisioning of data centers, provisioning of infrastructure still, as in the case of airline pilots, should be left to trained and technically current professionals who's livelihoods depend on their ability to successfully navigate the issues. If you are somewhat risk tolerant talk to the vendors, they have no problems telling you what their competition can't do, and make your decisions based on the, then, current state of the art. Don't single source anything, seek confirmations on everything.

As I hope we are all telling our children and students, whatever they place on the Internet will be there forever.

Chapter 4 starts to get interesting although I disagree with some of the author's contentions, perhaps due to the temporal decay. In other words, in the non-SaaS world storing information as opaque encrypted blobs is certainly do-able and would be the responsibility of the system designer to, perhaps optionally, persist the data as such and, upon authenticated readers, decrypt it. Consistent with what I've said earlier, if you don't control your data, you don't control who has access to it. What the author contents is that SaaS providers, let's use SalesForce as an example, should do the same with 'your data'. If you don't control the encryption keys used, you can't even control your own access to the data. This is actually part of the value proposition of CloudSwitch. Disclaimer, I have no affiliation with CloudSwitch. I do not even know if they were even a gleam in their founder's eyes when this book was written, so their niche would be clearly out of scope for the authors (temporal decay). However, in today's state of the art, protection zones, if you will, provisioned by SELinux and afforded by KVM provide for security when data, stored externally, in read by your program and decrypted within the protected zone of the process you are running in. One merely needs to Google SELinux to see what it provides for today vs. what it provided for 2-3 years ago.

Chapter 5 is good (happy now Tim?). Technically it is very rich and philosophically, unintentionally, provides good food for thought. Something I flagged at the beginning of this review gnawed at me and chapter 5 (Authentication, Authorization, and Auditing) provided closure on this. I mentioned there seem to be an underlying premise that the 'cloud' should or will evolve into a global entity, pg 33, "For cloud computing to continually evolve into a borderless and global tool..." Why should it? I vaguely recall an episode, I believe, from Star Trek, where there was some impending catastrophe in progress when Spock commanded, as a high priority task, the computer system to solve, to the last digit, the value of pi. Spock then reminds the captain pi is an endless number the computer(s) can not solve. Uhura shortly announces to Spock and the captain that, one by one, all computer resources (cloud compute nodes) were being deployed to solve the command Spock gave it. Is that part of the problem space for cloud computing to solve? Frankly we sort of already have that in the academic world, Google condor grid and University of Wisconsin. Oddly, I proposed the same sort of thing to a friend and VP at a large software company wherein corporate data centers would now have the prospect of 'selling' their unused cpu and disk capacity by merely joining a cloud as a resource provider rather than a resource consumer. To that end the authors are now on a solid path to addressing or, at least, articulating a direction CSPs could take or must take in order to realize that goal of a 'borderless and global tool'. Where this chapter is equally valid is the use case of you (the reader now) is on a trip to some other part of the country and are in an accident. You are brought to the local hospital and the attending doctor must gain access to your medical records. In a HIPAA world what needs to happen, architecturally, for that doctor to ensure your medical privacy, maintain auditability, and gain timely access to your medical history, oh, your own doctor is out of town.

Note to authors, I also upped your score. I anxiously await the next 100 pages and your second edition.

Wondering how your business or business unit can benefit from the Cloud and what it will take? This is a must read. (2010-04-23)

The authors of Cloud Security and Privacy recommend this book for technically savvy business persons who are thinking about using cloud computing and are interested in protecting their information and are wondering about any security concerns. This is probably the perfect audience for this book, as well as it can be used by business persons who not as technically astute but who are interested in how cloud computing could be used by their business and what issues there may be with it. They can get an idea of the questions they should be asking (which of course technical people are going to love.....). It also is a book that can be used as a reference, even for technical persons, parts of it include best practices on securing virtual servers. If not familiar with that, this book can be a good reference, won't give the entire how to's but can introduce many of the security areas.

Since the "cloud" is a moving target, probably parts of this book can be considered out of date already since it was published in September of 2009, however, if you want to know what the cloud is, how the "industry" defines the evolution to the cloud and to learn how or if your company could benefit from it in a realistic manner, this is the book for you. If you want to know what the cloud is just out of curiosity, this book is way too much for you.

Cloud computing puts more decisions in to the hands of business people, rather than IT, I am sure we have all heard that before (about earlier forms of Cloud computing - ASP's, etc.), but a good example of where this has been true has been with the use of SaaS (Software as a Service - which is now considered to be a Cloud service). A wide range of companies; large to small, are already using cloud services such as [...]. As well, a large number of small and medium sized businesses are using Intuit's online QuickBooks service, so more companies are already "in the cloud" than probably realize it. From this book these same people can learn more about the other types of cloud services which may be applicable to their business as well.

There are still a lot of definitions floating around about what is "the cloud", and experts still do not agree so the book lays out what may be one of the commonly accepted definitions, or not, but at least it gives a basis for the rest of the book and the range of what will be discussed. What can be mostly agreed upon by experts with regard to cloud computing are the accepted attributes of the cloud which must be:

1. Multi-tenancy enables sharing of resources and costs across a large pool of users thus allowing for:
2. Massive scalability - has to allow for massive scale in both compute power, bandwidth, storage. Meaning the ability to scale to thousands and thousands of machines, the type of size that you need if you are an amazon or google and that you needed to build for yourselves, now making that available to others.
3. Elasticity - Users of the cloud must be able to rapidly increase the amount of resources that they need, and then release those resources for others to use when they no longer need them
4. Pay as you go - Traditionally for getting your app out you paid a set price, and often paid for more than you needed, or usually needed because you were building yourself or buying what you would need for peak times
5. Self-provisioning of resources - users can use what they want to use for storage, cpu power, network resources

Also important to define was the three types of Cloud Service Providers (CSP's); IAAS (Infrastructure as a Service), SAAS (Software as a Service), and PAAS (Platform as a Service).

Chapters 3 and 4 discuss specific areas of security; infrastructure and data security and storage. There is a good breakdown for the different types of CSP delivery methods and the different types of security. The authors make it clear though that many of the security issues are not specifically caused by the cloud and they may or may not be exacerbated by cloud computing.

A great point of the book is that it emphasizes what the CSP is responsible for, and what the customer is responsible for and where it is still questionable who is responsible for what. This is emphasized throughout the book. So depending on the service, for example the SAAS model such as [...] or Google Apps, it explains what [...] is responsible for, and then what the customer is responsible for such as operational security (such as user and access management). It also goes in to detail as to what type of security review the customer should do of the vendor such as: requesting information about the provider's security practices. This information should include their application security testing, release management, authentication and access control, etc. Although to date much has already been written about what type of review an enterprise should do of their SAAS providers practices. But the sections for the IAAS and PAAS providers will be interesting as well.

Good points in the Platform as a Service (PaaS) delivery model includes software vendors such as: bungee, Eucalyptus, CSP's such asL Google App Engine, [...], Microsoft Azure, etc. In the multitenant PAAS service delivery model, the main security issues are containment and isolation of multitenant applications from each other. Since applications are developed by the customer, the customer is responsible for application security.

One of my favorite chapters is Chapter 6 - Security management in the Cloud. After taking the reader through network, host, application, database, storage and web services which include identity services, this chapter steps though understanding the scope of IT system management and monitoring responsibilities that fall on the users shoulders including: access, change, configuration, patch and vulnerability management and those that are the responsibility of the CSP.

The authors have reviewed the disciplines for common security frameworks such as ITIL (Information Technology Infrastructure Library )and ISO frameworks and they have identified the relevant processes and the recommended security management focus areas for securing services in the cloud including availability management (ITIL), access control (ISO/IEC 27002, ITIL), etc. So those that are familiar with these processes will find that they know most of what is in this chapter, but if your organization does not yet use a security management framework they will understand the pros and cons of using one. But it is good that they took standard security frameworks and based on that same terminology pointed out which ones a CSP would have to think about, which ones a user of a CSP has to think about, etc.

The authors also have identified what security management processes which they feel are relevant to the cloud, the full list is available on pg 113. Table 1 is a good chart of the security management functions for each type of cloud deployment/SPI.

A good point that the authors make, that is relevant to cloud computing, is that organizations (people and processes) and information systems are constantly changing. Management frameworks such as ITIL will help with the continuous service improvements that are necessary to align and realign IT services to changing business needs. So for example this could mean that continuous service improvement means identifying and implementing improvements to the IT services that support business processes such as sales force automation using a cloud service provider. Security management is a constant process and will be very relevant to cloud security management.

Chapter 8 on Audit and Compliance also does a good job defining what the CSP is responsible for; good list for the users of CSP's to understand. For example within Asset management, access control - data protection/segregation/encryption. The author's make it clear that audit and compliance is a big issues when working with outsourcing vendors as it will be with cloud service providers. I would have like dot have seen a chart or something which would have shown: what a user needs to think about when using a cloud service provider and what you would not need to think about any more. i.e. is it a new issue that you have to think about because you are working with a CSP, or do you no longer have to think about it, or does the CSP have to think about it now? What would be avoided security issues, what would be the new ones, which ones are the same?
Ongoing this book can be a great reference for operations managers or business owners or managers wanting to know what research how the `cloud" can impact their company. Conclusions in a lot of books can be "weak", this one is definitely not weak. It is an excellent summary of the security concerns that are applicable to cloud computing. One could read chapters 1 & 2, get an overview of cloud computing how it has evolved and then actually read the summary, get an overview of the issues and then read the appropriate chapter for the type of security concerns.

Cloud computing events are still hot and heavily attended. I was just at another on the 13th of April in Palo Alto, California, which included panel members from SAP, Citrix, T-Systems, and AT&T there was a lively discussion of what people are looking for with regard to cloud computing: on demand computing, as needed consumption of compute power. [...]. Models that they are seeing, dominate capacity in-house yet, elasticity is rented out (bursting in to the cloud as needed). If you are trying to use cloud services for disaster recovery, for example, or contingency purposes, there are still some issues such as getting a VERY large database server up immediately, transfer rates not there yet. Web servers can be up immediately, but a database server can be brought up only a day later when the data arrives by disk. Cloud Interoperability has claimed to be a major issue of cloud computing, since there is still no reason for the cloud service providers to work together. However, the guys on the panel claim it is not a problem. In reality I would have to agree with this, depending on what you are running in the cloud, and how it was architected you can technically move clouds. More of the issue, as with most business decisions, is how much effort will it take, as any move requires some effort, and how much will it cost.

Very comprehensive, but a bit dry (2010-02-19)

It goes without saying that I was very excited to pick up the first book on cloud security and privacy. Due to my Cloud Security Alliance (CSA) involvement, I was extremely interested in Tim's take on the subject. The book is indeed a comprehensive treatise on everything cloud, and everything cloud security. The author team covers the topics based on IaaS/PaaS/SaaS (SPI) for infrastructure, platform, and software as a service model. They address stored data confidentiality, cloud provider operations, identity and access management in the cloud, availability management as well as privacy. My favorite chapter was of course the one on audit and compliance - chapter 8. Another fun chapter was chapter 12 on conclusions and the future of the cloud (which is, BTW, all but assured...).

One of the most important things I picked from the book was a very structured view on separation of security responsibilities between the cloud provider and the customer for all of the SPI scenarios. This alone probably justifies getting your own copy.

As far as technical contents, the book stays fairly high-level even though it touches on the details of SAML and other authentication protocols.

The only downside of the book is its extremely dry writing style. There are only a few examples and case studies. Following "just the facts" model sometimes might lead the reader towards losing interest, no matter how important the subject is - and this subject is pretty darn important. To put this in the context, I do read security books for fun, not only for work.

For programmers trying to adopt cloud computing methods and offers an assessment of the latest options in data security (2010-01-11)

Tim Mather, et.al.'s CLOUD SECURITY AND PRIVACY: AN ENTERPRISE PERSPECTIVE ON RISKS AND COMPLIANCE blends theory and applications in a powerful survey of Cloud computing and on demand computing. It is for programmers trying to adopt cloud computing methods and offers an assessment of the latest options in data security and storage.

Web Security, Privacy and Commerce, 2nd Edition

Since the first edition of Web Security, Privacy, & Commerce, web use has exploded, and so have the threats to our security and privacy--from credit card fraud to marketing spam to web site defacements to attacks that shut down popular web sites. Nearly double the amount of information, this completely updated volume explains the techniques you can use to protect your privacy, organization, system, and network. Topics include:

Web technology--Cryptography, the Secure Sockets Layer (SSL), the Public Key Infrastructure (PKI), passwords, digital signatures, and biometrics.User privacy and security--Cookies, log files, identity theft, spam, web logs, and web bugs, as well as hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs. Web server security for administrators and content providers--CGI, PHP, and SSL certificates, intellectual property, P3P and privacy policies, digital payments, client-side signatures, code signing, pornography filtering, and PICS.

Customes reviews 7

Just a big discussion. (2005-02-27)

I think this is another one of those big books that tries to cover too many topics. It's really just a general discussion about web security, rather than a handbook of any kind. There is a lot of boring history, storytelling, etc.

I do think there were a handful of solid rules-of-thumb and practical wisdom, and I'm glad that I read this book, but it could have been condensed dramatically.

I believe most people who are going to actually deploy some kind of web service would probably get all the same info, plus much more practical detail, by reading books on the particular software they plan to use (e.g. Apache, Sendmail, Unix, etc).

How Much Do You Really Know About Web Security? (2004-08-19)

Ever since the birth of the World Wide Web, we have been inundated with books purporting to have all things "Internet", buying into the hype surrounding the explosion of the web. What these books failed to do was educate people about the lack security and privacy inherent on the Internet, That is why I was wanted to read "Web Security, Privacy and Commerce: 2nd Edition" (734 pages (I do not count an index in the page count), O'Reilly Media, 2002, ISBN 0-596-00045-6). Written by Simon Garfinkel, with Gene Spafford, I read more and more with pleasure and anticipation. This was confirmed with a simple line that has often been lost on the masses: the Internet was built for communication and sharing, not for business and the protection of data at each end of the connection. Unfortunately, the explosive growth of the Web did not allow for this issue to be fully addressed or for reliable tools to be built quickly enough.

Now other reviews I have read on here blast the book for being too generic and not what they expected from O'Reilly. But that is what I find to be a breath of fresh air: a wide-ranging important topic that does not get bogged-down in techno-speak, something which might normally turn readers away from technical books.

From the outset, Garfinkel and Spafford tell you that their goal is to cover the fundamentals of web security and not to be a primer for "computer security, operating systems, or the World Wide Web". Do they succeed in their goal? Absolutely! Starting with web technology, they address security, web architecture, cryptography (what it is and what it isn't), SSL and digital identification. They then move onto privacy and security for users in very simple, direct, tell it like it is style. How many people know what "Joes" are and the fact that anyone could look at their users and find at least one? How often have you read that using a 16 character password is counterproductive and that if chosen correctly, an 8 character password should be more than adequate? When is the last time you had an author break down cookies line by line for you to truly understand them? Have you ever tried to find out what the code inside a worm is and does?

As they weave their story, they then cover Web Server Security and offer a very compelling argument for using a Mac with OS 7, 8 or 9 for a server (I won't give away the reason why here or tell you that Rosebud is a sled). For the programmer, this section offers a street-smart view of coding vulnerabilities and ways to minimize them. In addition, they cover physical security, as well as host security, for servers. Want to really understand SSL and certificates and want to know why Netscape 4 was a bad example of certificate planning? I had never thought about it until reading their discussion of the topic.

They finish up with coverage of security for content providers. What is very, very good here is that they cover privacy policies, filtering, censorship and intellectual property. They help you truly understand what fair use is and what it really means.

The only negative I had was too short a discussion on Social Engineering. However, given the fact that this was published in 2002 and phishing scams had not really taken off raising awareness of the issue, I am giving them a mulligan for this.

The ideal audience for this book is people who need to have a broad understanding without nitty-gritty detail that they will get lost in. How good a reference do I find this book to be? Well for starters, I wished I had it at my side when preparing for the Certified Information Systems Auditor (CISA) Exam offered by the Information Systems Audit and Control Association (ISACA). It puts their review materials to shame (have to be honest about that). This book will be part of my permanent library and will be required reading for any information systems auditors doing work for my company. I will also be using this book as a source text for training provided to companies, developers, and administrators.

The Business Control Caddy Scorecard: Double-Eagle on a Par 5.

Christopher Byrne, IBM CAAD/CASA
The Business Controls Caddy (tm)
http://www.controlscaddy.com/
http://www.thecayugagroup.com/

Good book (2002-11-10)

Good read, but primarily as an introductory primer. General info and comprehensive, with good discussion and resources. But to really get into the nuts and bolts of this subject, you will need to find other books. Somewhat esoteric at times and frustrating.

Great Material (2002-11-01)

Web Security, Privacy and Commerce
by Simson Garfinkel, Gene Spafford was a gift to me for my birthday when getting ready to pass my "Master Site Designer," test it turned out to be great pre test material which helped me pass my test.

Thanks for a great book I look forward to more by the authors.

In a word, disappointing. (2002-05-15)

Apart from paid reviewers I can't see anyone with any actual knowledge of security rating this book 5 stars. It is not as clear and concise as it should be, and the technical knowledge is freely available at securityfocus.com and other sites. A better job could have been done with security and privacy policies.

More effort should have been put forth in providing common sense (implementable) solutions or best practices instead of re-hashing material that other books have already done a better job presenting.

I normally enjoy O'reilly books but like the first edition, this book is a disappointment.

Islands of Privacy

Everyone worries about privacy these days. As corporations and governments devise increasingly sophisticated data gathering tools and joining Facebook verges on obligatory, concerns over the use and abuse of personal information are undeniable. But the way privacy functions on the virtual frontier of the Internet is only a subset of the fascinating ways we work to achieve it throughout our everyday lives. In Islands of Privacy, Christena Nippert-Eng pries open the blinds, giving us an intimate view into the full range of ordinary people’s sometimes extraordinary efforts to preserve the border between themselves and the rest of the world.

Packed with stories that are funny and sad, familiar and strange, Islands of Privacy tours the myriad arenas where privacy battles are fought, lost, and won. Nippert-Eng explores how we manage our secrets, our phone calls and e-mail, the perimeters of our homes, and our interactions with neighbors. She discovers that everybody practices the art of selectively concealing and disclosing information on a daily basis. This important balancing act governs a wide range of behaviors, from deciding whether to give our bosses our cell phone numbers to choosing what we carry in our wallets or purses. Violations of privacy and anxiety about how we grant it to each other also come under Nippert-Eng’s microscope as she crafts a compelling argument that successfully managing privacy is critical for successfully maintaining our relationships with each other and our selves.

Roaming from the beach to the bank and from the bathroom to the bus, Nippert-Eng’s keenly observed and vividly told book gives us the skinny on how we defend our shrinking islands of privacy in the vast ocean of accessibility that surrounds us.

PGP: Pretty Good Privacy

PGP is a free and widely available encryption program that lets you protect files and electronic mail. Written by Phil Zimmermann and released in 1991, PGP works on virtually every platform and has become very popular both in the U.S. and abroad. Because it uses state-of-the-art public key cryptography, PGP can be used to authenticate messages, as well as keep them secret. The ability to protect the secrecy and authenticity of messages is a vital part of being able to conduct business on the Internet. PGP: Pretty Good Privacy by Simson Garfinkel is both a readable technical user's guide and a fascinating behind-the-scenes look at cryptography and privacy. Part I, "PGP Overview," introduces PGP and cryptography. Part II, "Cryptography History and Policy," describes the history of PGP -- its personalities, legal battles, and other intrigues; it also provides background on the battles over public key cryptography patents and U.S. government export restrictions, and other aspects of the ongoing public debates about privacy and free speech. Part III, "Using PGP," describes how to use PGP: protecting files and email, creating and using keys, signing messages, certifying and distributing keys, and using key servers. Part IV, "Appendices," describes how to obtain PGP from Internet sites, how to install it on PCs, UNIX systems, and the Macintosh, and other background information. The book also contains a glossary, a bibliography, and a handy reference card that summarizes all of the PGP commands, environment variables, and configuration variables.

Customes reviews 10

Very good historical perspective of PGP (2006-09-18)

PGP: Pretty Good Privacy
Simson Garfinkel
ISBN: 1-56592-098-8

Although out-of-print and out-of-date by technology standards,
I decided to read this book to get a perspective of security from the point of view of the 1990's. I found the book to be an excellent historical reference. Obviously, the author did not originally write the book as a history lesson, but because PGP and encryption in general have advanced the book now appears this way.

For those interested in the history of computer technology, this book is fun and although out-of-print, fairly easy to acquire.

The book is well-written and easy to read.

I recommend O'Reilly's "PGP and GPG" for those looking for a modern reference on using PGP in a practical setting.

Depends on What You're Looking For (2004-03-26)

If you want to learn how to use PGP from a UNIX command line, this is the book for you. If you want to know the history of encryption and the development of PGP as a tool. This, too, may be the book for you.

If you want to use the Windows version of PGP, this is not the book for you.

Simon Garfinkel's PGP is certainly informative and is written in light, breezy language that makes it easy reading for even the least technical. But, sadly, this book is so out of date as to be entirely useless with regard to actually using PGP today.

A good PGP and cryptography primer (2003-06-28)

PGP is a fascinating tool. Most see PGP as a way of sharing files, but the creator of PGP, Phil Zimmerman, really want to make a *privacy* tool. I did not realize this and other things until reading this book.

O'Reilly's PGP book can be divided into two sections. The first section is really a history of cryptography and how PGP fits in this context. I found this section surprisingly enjoyable as you learn about the long and tortuous struggle between the NSA and people who want to promote freedom and privacy. On a more concrete level though, you do learn quite a bit about different encryption algorithms and key algorithms, such as the RSA and Diffie-Hellman as well as other concepts important to cryptography. Admittedly, the history itself makes for pretty interesting reading.

The second section is about PGP usage, and it is very thorough in its coverage. You will learn just about every possible feature in PGP, and how to apply them to a number of possible situations. I like reading this book over the PGP manuals just for the time and care put into it, if not the amusing examples.

One thing other reviewers have rightly touched on is the age of the book. TIme has passed. The RSA algorithm is now free and open, and PGP clone called GPG is now in wide use. I am definitely excited to see a 2nd edition of this book in hopes that it will cover such things.

However, regardless of the age, this book is an excellent primer into PGP and cryptography culture, and newbies like me will certain enjoy reading it.

Dated but useful nonetheless (2000-09-07)

This book gives an excellent account of how encryption came into the hands of non-spooks (and I don't mean Clipper). But what really matters is the legacy information on how encryption works. This information hasn't changed since. It also gives the reader a solid base of understanding of what PGP is doing when you use it.

The book is also quite simple to read, so much so that I felt guilty for "studying" a book that was so easy that I could blow through a chapter in twenty minutes. One final note of importance is that because the book is old (94), it is UNIX-centric, which is quite refreshing in today's environment of applications written exclusively for Windoze.

A Pretty Good history of PGP (2000-08-14)

The first half of "PGP: Pretty Good Privacy" is devoted to cryptography basics and the history behind PGP. It's certainly interesting reading, especially seeing how the relationships among the players developed. If you're interested in this background, then this book is for you.

The second half explains PGP usage and where you can find it online. Unfortunately, a lot of this seems dated -- however, to be fair, the book is over five years old. You'll probably be better off with another resource such as the included documentation.

Cyberethics: Social & Moral Issues in the Computer Age (Contemporary Issues (Prometheus))

The amazing transformation of society brought about by the wide dispersion of computers has given rise to new moral dilemmas. With the rapid development of this technology, the impact of computers on privacy, personal identity, intellectual property, and the form and practice of democracy is becoming more apparent every day. Inevitably, this penetration of computer technology into our private and social lives has a moral dimension, which raises questions about our conduct and requires moral reflection and decision-making. The twenty-six groundbreaking essays collected in this insightful anthology define the nature of this new moral landscape and offer thoughtful answers to the ethical questions raised by the interaction of people and computers.Divided into five sections, the volume begins with a definition of cyberethics. There is general agreement with James H. Moor's basic definition of the field as "the formulation and justification of policies for the ethical use of computers." Next the issues of anonymity and personal identity are considered. Computers provide individuals with a unique opportunity to create personae for the virtual world that are quite distinct from their normal identities. What are the moral dimensions of creating virtual personalities? Perhaps the most pressing ethical issue is addressed in the next section on privacy. The ability of computers to store vast amounts of information on any individual raises the harrowing specter of a Big Brother society in the not-too-distant future. How should information be used and how might it be abused?What safeguards are needed to protect privacy as information technology becomes ever more sophisticated? In the fourth section, questions concerning ownership of intellectual property and copyright law are considered. How can the rights of authorship be protected in the context of the Internet? Finally, the fifth section explores the debate now taking place regarding the impact of computers on democracy. Do computers offer new possibilities for enhancing democracy or will this prospect turn out to be a myth? This is a much needed anthology of thought-provoking articles on the critical moral issues facing our "brave new world".

Customes reviews 3

An interesting sampler of essays on information technology ethics (2009-03-07)

I read this book as the main text in a third year undergrad class in Information Technology Ethics, and found it to be a useful introductory sampler on the subject. Never having studied ethics before, this collection of essays gave a reasonably well-rounded account of the subject. The book is broken down into four areas of investigation: anonymity and personal identity in cyberspace; personal privacy in the light of the increased storage and dissemination of personal data; ownership of intellectual property and copyright law; and the impact of computers on democracy and community.

Bear in mind that this is a primer, not an in-depth study into any one of the areas mentioned above. The essays are written from varying view points, often contradicting each other, or at least offering different sides of the same issue, which you would expect given the subject matter. The writing styles are not always easy. Some of the contributing authors are more journalistic in their approach, while others are more scientific. Don't expect to read this cover-to-cover in a day or so. The 350+ pages of small type can be hard going, especially if you are a slower reader like myself.

Over all, I felt the book did what it set out to do, offering the reader a basic overview of the differing ethical viewpoint within the four main areas of scope. A fairly good undergraduate text, but not exactly a page-turner.

Nick

Nearly completely worthless (2004-12-21)

This text must be one of the worst books on ethics I've ever seen. The authors start with a basic assumption that information technology changes ethical issues and never examine this fundamentally flawed belief. The essays are extreme and manage to make their own points sound rediculous even when they are reasonable.
There are errors in their references and their interpretation and use of other texts.
This book is painful to read.

Examines new moral issues (2001-02-22)

The transformation of society brought about by computers has brought with it new moral dilemmas, from the impact of computers on privacy and copyright issues to the involvement of computers in personal lives. Cyberethics offers the reader 26 essays examining these new moral issues and provide thoughtfully reasoned answers to ethical questions.

Offshore Money Book, The : How to Move Assets Offshore for Privacy, Protection, and Tax Advantage

Here is a timely, comprehensive, and invaluable guide to using offshore investing as a method of asset protection. From evaluating places in which to invest to avoiding offshore scams, this easy-to-understand book provides you with all there is to know about keeping the money you earn.

Customes reviews 21

A Good Start to Looking Offshore (2007-03-21)

This book covers most of your questions and describes the basics for banking and corporations established outside the US. It tries to give you the pros and cons of each type of company and a list of places to look into. While it may not be the only book you'll ever need, it does a nice job of detailing what you'll need and how to go about the process of offshore management of finances and protecting your assets. It would have gotten 5 stars if it had been more recent. Still, its' quite worthwhile compared to what else is out there.

An O.K. book (2007-01-21)

This book lets you understand the fundamentals of offshore investing to protect yourself from lawsuits and avoid unnecessary tax liability. It focuses on the legal way to avoid exposure. This book is worth the money, but nothing outstanding.

Dangerous Advice that could get you in trouble... (2005-03-23)

Famous authors of several other books like this one, for example Jerome Schneider, have already been * convicted * of tax fraud and have handed over their entire client lists to the US Government.

There is no legal way of avoiding US Taxes through offshore banks, offshore trusts, or numbered accounts. These things are only good for:

1.) Asset protection
2.) Diversifying investments/access to greater variety of investments

and that's it. Be wary of advice in books like this one if you are using them to avoid taxes.

If you don't like paying high taxes, give up your residency, hand in your passport and get citizenship in a country with lower taxes.

Don't read at your peril (2004-12-24)

If you are looking for a "feel good" book that only gives you the sugar frosting about offshore without warning you about the many pitfalls, then this book isn't for you.

On the one hand, if your interest is learning about the realities of offshore banking and tax reporting for U.S. citizens, etc., the you will find this a good starter guide. It's also chock full of interesting stories based on Mr. Cornez's personal experiences in the offshore havens.

Pretty good book for newbies (2004-11-25)

This is a good book for teaching newbies the basics of how to go offshore, open bank accounts, and (perhaps most importantly) avoid offshore scams.

The book needs to be read in light of recent revisions to the Patriot Act and new currency transfer reporting requirements. Don't even think of going offshore if your goal is to try to hide money from Uncle Sam, since if your particular plan fails it will probably end up being felony tax evasion.

The Right to Privacy (Bioethics & Culture)

Foreword by Robert Bork

Janet Smith, well-known philosophy professor and writer, presents a critical look at the meaning of the "right to privacy" that has been so often employed by the Supreme Court in recent times to justify the creation of rights not found in the Constitution by any traditional method of interpreting a legal document. Smith shows how these inventions have led to the legal protection of abortion, assisted suicide, homosexual acts, and more. As Judge Bork says it shows that "morals legislation now seems constitutionally impermissible", and that the counterfeit right to privacy belongs to the genre of the indecipherable and incoherent that no one who wrote the Constitution and the Bill of Rights would have contemplated.

Customes reviews 3

Fantastic! (2009-09-24)

Smith does a fabulous job of detailing the evolution of the "right to privacy" and its implications. A susinct explanation of how the right to privacy began and continues to be employed in court cases and everday vernacular, this is a must read for anyone who wants to be able to speak more fluidly on the subject. It is also a great resource to keep on hand.

An excellent explanation (2008-12-15)

People who are looking for a book that discusses why contraception, abortion, euthanasia, and homosexuality are wrong will be disappointed with this book. Janet Smith is very clear that this is not in the scope of the book. Her sole purpose, which is executed perfectly, is to explain HOW we as a culture have come so far in our Culture of Death... how the wording in various court cases have set the precedent. The book does not give tactics pro-lifers can use and it doesn't (unfortunately) discuss in depth the future implications of how the phrase "the right to privacy" can be employed... though she does briefly touch on how incest, bestiality, bigamy etc. seem to be set to fall like dominoes using the logic justices have used for other evils of our time.

I think the most important point I got out of this book was an explanation of WHY there has to be some foundation of absolute truth in a society in order to have an effective government. This is discussed in the first chapter. If we as a culture accept relativism and the idea that individuals can define their own meaning of existence... anything goes. And this concept of individualism (even at the cost of the greater good of society) sets a precendent for the total perversion and manipulation of the concept "the right to privacy." This is a short and relatively scholarly read... I highly recommend it to anyone seeking a greater understanding of the history of our Culture of Death.

Book order (2008-11-02)

I was very pleased with timely arrival of my order- ahead of my expectations in fact. I would purchase from this seller again.

"Trivial Complaints": The Role of Privacy in Domestic Violence Law and Activism in the U.S. (Gutenberg-e)

"Trivial Complaints" explores the historical relationship between privacy and domestic violence through an analysis of litigation and activism. The state has traditionally hesitated in responding to domestic violence, characterizing it as a "private" family matter. The discourse of privacy incorporates presumptions about race, class, and sexuality, and this volume examines the ramifications of such assumptions for victims and activists.

Kirsten S. Rambo begins with an analysis of courts' and activists' responses to domestic violence during the late nineteenth century and continues through to the late twentieth century, when the modern battered women's movement emerged on the heels of the battle to secure abortion rights. Rambo explores the seemingly contradictory yet often complementary ways in which the discourse of privacy has been shaped by both movements seeking justice for women. She further examines concepts of privacy as applied to same-sex relationships and domestic violence, and ultimately considers alternative models of privacy that are egalitarian and rooted in empowerment.

Protecting Your Company's Intellectual Property: A Practical Guide to Trademarks, Copyrights, Patents & Trade Secrets

You can't touch it or feel it. Sometimes you can't even see it. Yet, intellectual property continues to soar in value, comprising an increasingly greater portion of a typical company's assets. In the age of instant global communication, understanding what intellectual property is, how to protect it, and how to enhance its value are prerequisites for corporate survival.

Enter attorney Deborah E. Bouchoux and her informative book, Protecting Your Company's Intellectual Property. Packed with fascinating and illuminating examples, this book is a succinct, yet comprehensive discussion of the four key areas of intellectual property: trademarks * copyrights * patents * trade secrets.

In addition to defining these areas (for instance, did you know that customer lists and marketing plans are protectable trade secrets?), the book offers practical tools for protecting intellectual property, including:

* Trademark and copyright application forms
* Sample employment agreements
* An Internet usage policy
* Tips on preventing unauthorized dissemination of information via the Web
* A guide for conducting an IP audit, and much more.

Customes reviews 4

good stuff! (2010-03-06)

item shipped on time. Arrived in good condition - thanks for the smooth transaction!

Excellent IP overview for managers and investors (2003-06-25)

This book offers a comprehensive overview of intellectual property issues, suitable for (among others) high-tech executives, entrepreneurs, and investors in early stage companies (all of which describe me). Its coverage includes trademarks (6 chapters, 70 pages), copyrights (5 chapters, 68 pages), patents (4 chapters, 40 pages), and trade secrets (1 chapter, 18 pages), plus chapters on unfair competition, owning IP created by employees and independent contractors, and conducting internal IP audits. I have experience with software copyrights and biotechnology patents; this book is fairly strong on the former, but only briefly mentions the latter. The material on internal IP audits is rather brief (12 pages) but includes a fairly good audit checklist, and an action plan for protecting a company's IP; also, the first chapter should be required reading for managers, since it points out the many places in a business where valuable IP may be found, department by department.

The writing is very clear -- certainly not "obtuse" as one reviewer claimed -- and the book is quite current, with good coverage of the Internet's impact on copyright and other IP issues, and coverage of recent changes in the law such as the Digital Millenium Copyright Act. The book is a high-level overview for managers rather than a lawyer's or practitioner's guide, but it does describe the application process for trademarks, copyrights, and patents, all in reasonable detail. Yet this book is just 250 pages of highly readable text -- not a huge tome -- which I think makes it suitable for managers, early stage investors, or board members, especially in high-tech companies.

Save the money (2002-04-20)

I found this book very obtuse and thought the author tried to make this subject much more difficult than it really is. Save your money.

Highly Recommended! (2001-09-28)

In the interests of safety, we'll refrain from quoting this fine book by Deborah E. Bouchoux, a specialist in intellectual property who teamed with AMACOM to create that rarest of volumes: a straightforward book about law that is simple to read (it's a formula she should patent). This comprehensive volume covers the nuts and bolts of U.S. patent and trademark law. It also gives advice on how to protect your intellectual property and avoid infringement, and reports on the latest patent trends in high tech. Of most concern for general business managers, Bouchoux reviews how (and why) to conduct intellectual property audits within your organization. With intellectual property emerging as the new corporate treasure of the knowledge economy, we [...] suggest that research and development managers and executives of every stripe study this volume carefully. Why should your attorney be the only one who understands what you really own?

Implementing Electronic Card Payment Systems (Artech House Computer Security Series)

As magnetic stripe cards are being replaced by chip cards that offer consumers and businesses greater protection against fraud, a new standard for this technology is being introduced by Europay, MasterCard, and Visa (EMV). This cutting-edge, new book provides you with a comprehensive overview of the EMV chip solution and explains how this technology provides a chip migration path, where interoperability plays a central role in the business model.

The book offers you a better understanding of the security problems associated with magnetic stripe cards, and presents the business case for chip migration. Moreover, it explains the implementation of multi-application selection mechanisms in EMV chip cards and terminals, and shows you how to design a multi-application EMV chip card layout. This first-of-its-kind resource also discusses the organizational and management issues in connection with the EMV chip migration and the use of EMV chip cards in e-commerce and m-commerce transactions. An excellent reference for today’s IT/e-commerce professionals and post-graduate student alike, the book helps you fully understand this emerging, complex payment card technology.

Customes reviews 2

Best EMV Book on the Market Hand Down!!! (2009-10-03)

By far the best EMV book on the market hands down. If you are working on EMV, stop and buy this book. EMV is a technical subject and this is a technical book. I have no idea why S. Gold even bothered to review the book. Of course it is a technical book. Of course the contents will be difficult to follow for those who do not have mathematical and programming background. EMV is technical subject that requires a significant mathematical and programming background. That is like buyin a book about math and then complaining because the book is about math. And card schemes??? Please, please do not write reviews if you have absolutely no idea about the subject matter. This book is part of Artech House Computer Security Series, that is a clue! This book is the only place where someone has put together most of the information about EMV. My thanks go out to the author Cristian Radu. By the way I bought four copies.

Not for Me. (2006-02-27)

This book is written for technical people. The overall tone is dull and pedantic. The contents will be difficult to follow for those who do not have mathematical or programming background.

Anyone who has an overall understanding of the EMV specifications will have very little use for the material in this book. There is nothing of note with respect to specific card schemes.

Business people can get much of the non-technical information in the book for free from other sources.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32