December 2020 Reviews

[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.]


The Queen’s Gambit (2020)
Rating: 5/5 check it out mate
Reference(s): IMDB Listing || Netflix
This miniseries, based on a 1983 book with the same name, is a fictional story about a chess prodigy turned master. It has the feeling of a real story and the producing, sets, and acting strongly lend to this. The main character, played by Anya Taylor-Joy, does an epic job playing a character who has personality quirks and addiction issues. The story is set many decades ago and gives a good reminder of the expectations about women in society. While chess may not seem to be a good basis for a fast-pace drama, the series does a wonderful job maintaining a good pace. I highly recommend this series for everyone.


Tenet (2020)
Rating: 5/5 – Action-packed mind-fuck
Reference(s): IMDB Listing
OK, you have to see Tenet. I think i liked it a lot? But I won’t be sure until I see it a second time. At least. Maybe a third time? It is a very cerebral movie and it makes Inception look like a cartoon in some ways. There are several layers and I think on a second watch I will probably notice a lot of things that would have helped keep up / understand along the way the first time through. Things that are better revealed toward the end as the movie progresses and evolves that will potentially make it more enjoyable the second time around. Very neat movie; great casting, great acting, and it really draws you in.


Ted Lasso (2020) [Apple TV]
Rating: 5/5 better than a biscuit, which is a cookie
Reference(s): IMDB Listing || Apple
This comedy from Apple TV stars Jason Sudeikis as “Ted Lasso”, an American football coach recruited to coach a British football (soccer) team. It’s basically Gomer Pyle (Lasso) meets Major League (plot) to start and it delivers. Sudeikis does a wonderful job playing the always upbeat transplant assisted by coach Beard (Brendan Hunt) as they are immersed in a new culture and new sport at the same time. It’s not a sports show at all, it’s just about the people and interactions with goofy analogies and quick wit. Very light and well-done comedy, worth the watch.


Devs (2020) [Hulu]
Rating: 4.9/5 I have seen what perfection has wrought
Reference(s): IMDB Listing || Amazon
You think you have seen interesting or compelling tech company drama? You haven’t until you watch this, and you will. You will understand the concept of quantum computing before you start the show and you will embrace the many-worlds theory. You find this review confusing now but it will become clear, until it doesn’t again. And then you will find yourself the god in the machine while you ponder the implications of when computing power goes too far. You will then enjoy your new state of enlightenment and make better choices.

Described as a drama/thriller when mindfuck is more apt. This show does a great job of making you think about serious implications that quantum computing could bring. While it is certainly sci-fi in the level of computing power suggested, it creates a nice vehicle to let us have a glimpse into what “quantum supremacy” might mean.


Marauders (2016)
Rating: 4.5/5 But i’m a sucker for heist flicks
Reference(s): IMDB Listing || Amazon
Bruce Willis, Christopher Meloni, and Dave Bautista in a cops and robbers movie and somehow I completely missed this movie existed until I saw it on a Netflix scroll?! As a fan of the genre and generally not too critical of such movies, this one was surprisingly good. None of the acting stood out particularly but none of it was bad. A couple extra decent actors and the movie came together pretty well. Until halfway through I was wondering which way it would go as far as the “who done it” goes. The ending? Not how I would have played it out. If you like the genre, it’s worth a watch.


Fatman (2020)
Rating: 4/5 who let him make movies again?
This movie is a light-hearted take on Christmas and the failures of Santa, at least through the eyes of Walter Goggins’ character. This is kind of a comeback movie for Mel Gibson after his numerous personal failures, some that make it ironic with him playing a very Christian character while personally being a drunk and hating Jews / black people. Gibson’s last bit makes it all the more surprising that the amazing Marianne Jean-Baptiste would sign on to play his wife giving a modern interracial Claus family. Really surprising that despite his history that his career freeze has “thawed” as they say in the industry and that he is being given a second chance. While he can be a great actor, essentially bringing the same character “Porter” from Payback (1999) to play Santa, I have to wonder is Hollywood so hurting for actors that they would accept him back after his sordid history?

Oh sorry, enough of that shitbag that can act well. Fun movie, two great actors as main characters, fun and simple story, it really brings the true spirit of Christmas in my eyes. Think [generic assassin movie] + Toys + [cynical Christmas movie] and you know what are you in for. Worth a watch, but don’t pay for it which shows support for Gibson. Find another way to watch it for free and then find a way to support Baptiste and Goggins directly instead. Did I mention fuck Gibson?


The Midnight Sky (2020)
Rating: 2.5/5 The movie belongs on a fiery earth
Reference(s): IMDB Listing || Netflix
Based on a book I didn’t read, this movie adaptation brings some star power with Felicity Jones and George Clooney. Without spoiling, the movie screamed “this is not what it seems” from the beginning so the ending was not as impactful as it could have been. Earth on fire and nearly uninhabitable? Sure! A two (?!) year voyage to the nearest habitable planet outside the solar system? OK! Man losing supplies then falling into arctic water and surviving? Prepare to suspend disbelief in the worst way. Overall, I suspect this is a case where the movie just didn’t do the book justice and fell short.

[Update: @_pronto_ pointed out they traveled to a moon of Jupiter, not outside the solar system. But still, a new moon of Jupiter that we didn’t know about is a viable alternative to Earth and Mars apparently isn’t?]


2067 (2020)
Rating: 2.5 / 5 – Science friction is more like it
Reference(s): IMDB Listing
For fans of the sci-fi genre, I don’t know if I should recommend 2067 or not. On one hand I like near-term sci-fi and I like dystopian films, which this offers both of. On the other, there are quite a few annoying bits about this, primarily the cast. I didn’t give two shits about anyone and most were annoying enough that I wanted them to die. Throw in a couple completely illogical things to advance the plot, a sign of bad writing in my opinion, and it just didn’t mesh well. It was good enough that, a ways in, I was willing to stick with it just to see how it ended. Recommend for watching while working, doing a puzzle, or falling asleep to.


The Jesus Rolls (2019)
Rating: 2/5 between 7-10p split, don’t watch
Reference(s): IMDB Listing || Amazon
Did you know there was a spin-off to The Big Lebowski? Neither did I until recently. It follows a brief part of Jesus’ life, but not really his life bowling unfortunately. This is basically the story of two hapless and idiot guys on the lowest-end crime spree you can imagine. The humor is also some of the lowest-end too; there wasn’t that much to laugh about as the bit comedy was lacking overall. I’d pass on this and re-watch the dude. On the upside, we do learn the story behind the sex offender registry.


War Inc (2008)
Rating: 1/5 Disown the “spiritual cousin”
Reference(s): IMDB Listing || Amazon
John Cusack plays an assassin in this movie co-starring Joan Cusack and Dan Aykroyd … no, he does in this movie too. According to Wikipedia, Joan Cusack said, “.. in a way, it was a Grosse Pointe Blank 2” while John Cusack said it was a “spiritual cousin to Grosse Pointe Blank”. Sure, I can see that but it isn’t nearly as amusing. Intended to be political comedy & commentary (comedary?) it comes across as a cliché to other cliché films while borrowing from characters from the prior film. Rather than go with more subdued humor around a military presence in a fictional Middle Eastern country, they opted to go over-the-top and it really detracted from the potential. Skip this, (re)watch GPB instead.

Review Player Two

TL;DR

Ready Player Two is an enjoyable read that keeps the spirit and overall feel of the first book, with a few chapters in the middle that are a bit difficult to slog through. Worth a read though.

Summary

Ready Player Two is the aptly named sequel to Ready Player One. It picks up shortly after the end of the first book with four heroes ‘enjoying’ their lives to varying degrees, now as owners of the corporation that controls the OASIS. Similar to the first book, the sequel takes us on a new journey through an epic quest with even higher stakes. Instead of three gates now we’re faced with finding seven shards, each tied to a planet within the OASIS.

The main character and hero of the first book, Wade Watts, can’t find the first of seven shards and ends up paying someone a billion dollars for instructions to find it. The second comes after playing the ‘Sega Ninja’ arcade game in a specific place and completing the entire game. That takes us to the planet Shermer, a tribute to all things John Hughes. For this shard, rather than feeling like I was reading a well-written book, it felt more like reading a Wikipedia page with a vague plot instead. Factoid after factoid about John Hughes, his movies, characters in the movies, alternate scripts to the movies, and a lot of other pedantic details was poorly conceived.

The third shard takes us to Halcydonia, a planet designed to provide free education to any child in the world. After a lot of words for perhaps the easiest quest, the fourth shard bears the symbol of Prince and leads us to a planet ‘named’ in the same fashion. This becomes yet another Wikipedia page thinly disguised as a book chapter and bogs down the flow of the book. Even worse, the Prince quest drags on for several chapters. After an interesting battle with seven iterations of Prince, the next quest takes us into the world of Tolkien but not the more mainstream literature like the Hobbit or Lord of the Rings. With six shards in hand, Wade uses them to create the seventh shard and the actual plot continues. From here the rest of the story unfolds rapidly and is considerably more enjoyable.

Criticism

The books are set in the year 2045 and focused heavily on ‘retro’ culture, meaning us readers are well versed on many of the cultural aspects of the story like John Hughes, arcade games, Prince, and Tolkein. Since the story is set more than 20 years in the future, we’re given a good description of the technology that makes it possible and the state of the world. What is completely missing is any notion of anything cultural between the death of Prince and the time of the story. While I wouldn’t necessarily want to get distracted with a shard quest centered on a fictional piece of culture, I think the author has the writing chops to do exactly that and make it interesting, but does not.

Cline has been praised for his depiction of gender and sexuality in the book, and he deserves some credit for sure. During that bit, Wade tells us that with the new technology he had experienced sex as and with different genders and orientations. Cline should have made Wade decide to realize he is pansexual after his admitted experiences having sex with and as different genders. But that little bit about the technology’s ability to let one experience sex differently is mostly relegated to one page of one chapter and ultimately, the book falls on some common stereotypes in my eyes. The white girls knows all about John Hughes movies. The black girl knows all about Prince. The white boy and white girl know all about Tolkien. The Japanese boy knows the Japanese video game. Every main character has a hetero orientation except Aech, a lesbian. The only other character that suggests a different orientation, L0hengrin, is quickly glossed over. Even worse, she is potentially the most interesting new character of the entire book but is quickly put out of mind and used as a plot advancement point later with little fanfare.

Finally, while I really enjoy most of Cline’s writing style, there are small parts of the book that seem to break from the style of the first book and instead, are written as if they are lines from a movie script. In the board room when the four heroes meet the Low Five, they “run over to” greet them. In a board room with 10 people in it, there isn’t room to ‘run’. The main characters are treated as gods in the OASIS essentially, yet act like starry-eyed fans of someone that has already been written as a starry-eyed fan of them. This single scene had so many disconnects in my mind it stood out and made me wonder if Cline got distracted with notions of what the movie will look like.

Reference: Ready Player Two on Wikipedia.

Review: Kusters Yakuza

I don’t review books that often, especially not recently. While I read my share, they usually end up as side discussions with friends or a quick comment on Facebook. One topic that has always fascinated me is the Yakuza. I’ve read a variety of books on the subject over the years, including Confessions of a Yakuza: A Life in Japan’s Underworld, Tokyo Underworld: The Fast Times and Hard Life of an American Gangster in Japan, Yakuza Diary: Doing Time in the Japanese Underworld, and Tokyo Vice: An American Reporter on the Police Beat in Japan among others. One thing these books don’t come with is pictures. No surprise there, while the Yakuza is hardly a secret, their circles are of course closed.

A couple years ago I saw a post about a new coffee table photography book coming out, depicting the Yakuza. Reading the photographer/author description made it sound incredible:

YAKUZA is a personal visual account of the life inside an inaccessible subculture: a traditional Japanese crime family that controls the streets of Kabukicho, in the heart of Tokyo, Japan.

Through 10 months of negotiations with the Shinseikai, my brother Malik and I became one of the only westerners ever to be granted this kind of access to the closed world of Japanese organized crime.

With a mix of photography, film, writing and graphic design, I try to share not only their complex relationship to Japanese society, but also to show the personal struggle of being forced to live in two different worlds at the same time; worlds that often have conflicting morals and values. It turns out not to be a simple ‘black’ versus ‘white’ relationship, but most definitely one with many, many, many shades of grey.

A visual account” – “10 months of negotiations to be able to take the pictures” – “One of the only westerners to be granted this access” .. How could that be bad?! Of course I purchased the book, for something close to $50. I figure a unique look into Yakuza life was well worth that price. Disclaimer: I appreciate artistic photographs. That includes questionable focus, perspective shots, and more. I get that each picture has more meaning to the photographer, and that it doesn’t always translate. Five minutes leading up to the picture may carry a world of context lost to the subsequent viewer, but captured entirely in the eyes of the shooter.

However, when I finally received the book and flipped through it, I was disappointed. 197 pages of pictures (several being one picture across two pages), but almost no feeling that Kusters had more than casual access to the family he was with. Below is a list of my description of the pictures in the first half of the book. To emphasize the lack of content, I will italicize where a picture is blurry, and underline where there is any hint that the Yakuza are involved.

16: Blank (small text describing next page)
17: Full page picture of calligraphy “jump”
18-19: Distant shot of city/neighborhood
20-21: Random Tokyo block
22-23: Blurry shot of rain on window
24-25: Slightly blurry picture of 3 men in suits
26-27: Paper lantern
28-29: Cabinet in abandoned? building
30-31: Close-up through window of man driving car
32: Blank (small text describing next page)
33: Full page picture of calligraphy “learn”
34: Leather jacket clad shoulder/back of a man
35: Back of man in suit at security-laden door
36: Picture of security monitor, with leather jacket clad man on it
37: Japanese writing on wood wall
38-39: Intricate sealed letter in offered hand
40-41: Three men in restaurant, looking serious
42-43: Drinks and cigarette pack on restaurant table
44-45: Three men in suits waiting outside building (click for actual picture)
46-47: Slightly blurry picture of ~ 8 men walking down street, odd angle doesn’t show much of them
48: Blank (small text describing next page)
49: Full page picture of calligraphy “boss”
50-51: Slightly blurry picture of random highway (click for actual picture)
52-53: Close-up of chest and face of man in suit, sitting in car (click for actual picture)
54-55: Picture of highway signs
56-57: Nice park, tiny silhouette of man
58-59: Outdoor shot, slightly blurry man in lower corner on phone
60-61: Paper with Japanese writing and picture of a Federal Bureau of Prisons Inmate ID of Yoshimura Mitsuo
62-63: Random city block, group of men walking away
64: Blank (small text describing next page)
65: Full page picture of calligraphy “belong”
66-67: One blurry man, one more clear man, waiting by car
68-69: Close-up of heavily tattooed hands, one pinkie missing
70-71: Several paper lanterns
72-73: Blurry shot of three figures in a car
74-75: Blurry shot of landscape, perhaps out of moving car
76-77: Three cars outside of a residence?
78-79: Eight men seated around table
80: Blank (small text describing next page)
81: Full page picture of calligraphy “training”
82-83: Two men sparring in Karate, several sitting on floor around them
84-85: Four silhouettes sitting under beach umbrellas
86-87: Two men on beach swinging baseball bats
88-89: Man sitting on floor of residence (no ink on arms or visible chest)
90-91: Close-up of man practicing knife fighting
92-93: Four men drinking
94-95: Blurry shot of man walking into building at night
96: Blank (small text describing next page)
97: Full page picture of calligraphy “the way of the cherry blossom”
98-99: Lace window coverings
100-101: Blurry shot of building in distance
102-103: Close-up of two men, possibly in gym locker room
104-105: Very blurry shot of 3 men bathing, post gym?
106-107: Picture of dozens of men sitting on beach facing water (click for actual picture)
108-109: Blurry shot outside back of train window
110-111: Man with raised shirt, showing 1 tattoo on chest

In the first half of the book, there are only 44 total pictures. Of those, 12 are blurry and only 14 (some of them blurry) could be argued to be Yakuza-related pictures. That is not what was advertised by any means, and the rest of the book does not take a sudden turn for the better. In short, steer clear of this book.

Concert Review: Citizen Cope

Tonight I saw Citizen Cope for his first of two shows at the Ogden Theatre here in Denver. I’ve become a fan of theirs over the last two or so years. Something about the songs appeal to me on several levels, leading me to believe that the singer (Clarence Greenwood) was passionate about his music.

In person, it certainly seems as if he is as into his music as the crowd is. Most of the songs are performed with his eyes closed (or mostly so), hand gestures and dancing around that show his passion. At times, he is almost awkward with his movements, giving me the impression that he is desperate to share his music while also keeping pieces close to him. Incredibly thankful, he clearly appreciates his audience and performs for them. Watching Greenwood compared to more mainstream acts and you really see the distinction between a musician and an industry generated puppet singing as a business.

The show started a bit late, but ran a full two hours and then some. With one encore, Citizen Cope played more than 15 songs with some extended versions of the songs that you’d only hear in concert. For about $30, this was exactly the kind of concert I love; great music, small venue, long set and a crowd that was as into it as the band. Even the older lady behind me who had never heard one of their songs until this concert couldn’t help but dance to the music.

No opening band, so people were inside early and not waiting in a line outside. The music playing before Citizen Cope took the stage was good. A lot of songs I don’t think I’ve heard, including a few that had half the audience singing along. Heard one really good song with a female vocalist. While I heard some of the lyrics, it is extremely difficult to remember them through a two hour concert of a different band. Doh!

The Ogden is a pretty small venue. I try to get a railing spot on the first level above the pit, as you are eye level with the performer’s knees, but only 25 feet away at most. It gives the feeling of a very personal and up-close concert.

While waiting, a few drunk girls in front of me in the pit were amusing. One made me and the two guys next to me all promise not to ‘roofie her’. Apparently she had a bad experience with being slipped a roofie at a Wu-tang concert ten years ago. I promised, and kept my word.

The amount of pot being smoked at the concert was humorous. The three or four girls waving their bras all concert was silly.

Dancing for almost two hours was great, but my feet will regret it tomorrow no doubt.

Book Review: Photomosaics

Many years ago I grabbed books on various alternative art styles. One of the books, new and exciting at the time (think 10 years ago) was on photomosaics. In short, art made by computer that creates a montage of other images. One thousand images of donkeys can be used to make a picture of George Bush for example. One key point here is that they are computer generated. Some fancy algorithm determines the color of the image and makes it fit into a larger picture.

So I finally ended up reading “Photomosaics” by Robert Silvers and Michael Hawley (Silvers invented the concept/art style). Interesting enough read but very shallow, not really diving into the technical aspects of how it’s done. I was ready to pass the book on and mostly forget about it until the last page which included a small plastic magnifying glass so you could examine each small picture that makes up the larger image.

Uh, why? Looking at half centimeter images of stock photography is going to somehow give me insight into the artist or the picture? Please, don’t flatter yourself. Call me petty, call me weird, but that is the silliest thing I have seen in a while.

Review: High-Tech Crimes Revealed

High-Tech Crimes Revealed
Cyberwar Stories from the Digital Front
Steven Branigan
ISBN: 0-321-21873-6
Addison-Wesley, Copyright 2005

I found this book just after Christmas (Dec 2005) and grabbed it hoping for a decent read about computer crimes and sociology, backed by real world experience and first hand tales from the ‘digital front’. Instead, I got the worst collection of naïve and inexperienced crap I have read in a long time. After paying money for this book, I feel as if I have fallen victim to a lame phishing scam. It is important to note that this book is copyright 2005, and says the first printing was in August 2004. It puts the entire book into perspective and quickly makes you question the author’s credentials. In fact, if this book wasn’t written in the mid to late 90’s, shelved for almost ten years, and eventually printed, then Branigan should never claim any affiliation with the computer security industry/community.

Chapter 1 starts out covering “An Attack on the Telephone Network” by giving us the oldest, most sanitized and high level story you can imagine. The information presented, the wording and the terminology suggests the incident happened in 1995. Hoping for a slow start and a sharp curve for subsequent chapters, I keep reading. Chapter 2 covers “An Attack on an ISP” with another story from the author, supposedly based on ‘first hand’ experience in the case. Following the attacker between machines and trying to use this story as a way to teach us about high tech crimes is weak. The story makes it sound as if Branigan is completely new to the net and related technology. The writing is that of a rookie journalist given his first story not about a pig manure farm. The story is dumbed down and sanitized beyond belief, passing for sample crimes used in computer security classes ten years ago.

Chapter 3 brings on a new story called “If He Had Just Paid the Rent”. After the first two chapters, I was completely discouraged and this chapter didn’t help one bit. Yet another story from around 1995, and one that I think is more fiction than fact. According to Branigan, in 1996 police officers couldn’t tell the difference between a TV and a computer monitor, and actually thought they were “evidence of a crime”. If they didn’t know that a Sun monitor was, how would they know the computers were “potentially evidence of a crime”? Why were a couple networked computers “out of place” to the cops in this story? In fact, how would these cops even know that two computers with wires between them was or was not suspect? At the beginning of the story, the computers were described as “state of the art sun SPARC stations”. By the end of the story (five years later), Branigan tries to tell us that “none of the agents remembered how to operate such an ancient computer”. The holes in his story are as numerous as his reference to Sendmail being the favorite attack of hackers. If you think I am exaggerating this, you can read the entire chapter online for yourself.

Chapter 4 continues the misery with “Inside a Hacker Sting Operation…” The best quote of this chapter is when he mentions NetStumbler and adds a footnote: “NetStumbler is freeware. Why people write these things, nobody knows…” Nobody?! Branigan has supposedly been around for ten years, professes to have a clue about hackers and how they operate, consults for law enforcement, and says something so ridiculous? The core of this chapter revolves around the story of the Celco51 BBS, set up by federal agents to monitor cellular hacking at the time. Yes, another story from 1995 that is heavily sanitized and written from someone that doesn’t appear to have been involved in the operation. Branigan specifically says “[Susan] did not want to put the government in a potentially embarrassing position of knowingly facilitating the transmission of hacking tools” and “Fortunately, none of the hackers noticed that the tools were broken before the sting operation ended.” Branigan either wasn’t involved, is covering for some of the activity that really occurred, or not competent enough to factually say this. Celco51 offered working hacking tools and working ESN/MIN pairs.

Chapter 5 covers the hot topic of “Identity Theft”, and is the first chapter that didn’t make my stomach turn. A high level look at identity theft, some basic statistics on crime related to it, general observations and solutions for the end user.

Chapter 6 moves to the sociology of hackers, “Let’s Ask the Hackers…” Most of the chapter revolves around Branigan’s chat with a hacker he calls ‘Bob’ and seems to have the utmost respect for (technically). Bob used his own session hijacking software (“a very difficult piece of software to write correctly)”, and “had some of the earliest working copies of a buffer overflow attack that I had encountered”. This immediately calls the entire story into question since we’ve all seen a working overflow (ab)used in the Morris Worm (1988). Between 1988 and 1996, dozens more overflows had been discovered, exploit code written and eventually distributed. For Branigan’s hacker in this story to have some of the earliest working copies of overflow code, the events would have taken place well before 1995, or Branigan wasn’t reading anything from the security community at the time.

Chapter 7 promised to be disgusting given Branigan’s previous comments showing disbelief that someone would actually write a program like NetStumbler. “Why Do Hackers Hack?” quickly starts out claiming “We do not know much about what makes a hacker do what he does.” The only good sign in this chapter is the author finally moves out of the 90’s, and references a few cases of computer crime in the early 00’s. Chapter 8 is titled “Setting the Stage” and tries to give us a concise history of computing and how it lead up to where we are now. The chapter is essentially worthless when it comes to explaining high-tech crimes. This is the type of material that many authors have given up on explaining, expecting their readers to know it or read it elsewhere.

Chapter 9 (“High-Tech Crime”), 10 (“What Not to Do”), 11 (“How to Run a High-Tech Case”) and 12 (“What We Have Learned”) stay off the path started in Chapter 8. While each section is related to High-Tech crimes, they give no information to help “reveal” how it is carried out, or what is involved. It appears as if Branigan ran out of stories from the mid 90’s and couldn’t make up any new ones to hold our interest. The timeline on page 380 that lists some major computer crime incidents doesn’t go past 2002, further proving this book was outdated years before it was published.

Overall, this book does a horrible job ‘revealing’ high-tech crimes. The stories don’t come from the ‘digital front’, rather they come from fifth generation retellings originally based on a news article summing up a five year case. Branigan’s grasp of who hackers are and why they do what they do is non-existent. Everything he writes suggests he was involved in computer security and/or law enforcement for a very brief time, and brought in as a consultant because of an old boy’s network, not his technical expertise. His stories are devoid of any detail, even when they are clearly ten years old. Despite that, he still withholds details that would lend credibility and meaning, even when those same details have already been published in extensive detail. If you want a book that really goes into details and ‘revealing’ high-tech crime, check out The Art of Intrusion by Mitnick & Simon.


Other amusing quotes:

“The main set of backdoor programs for UNIX systems are collectively known as rootkit, and those for Windows-based systems are BackOrifice and Netbus.” – page 118

“Not ceasing to amaze me, Bob had some of the earlier working copies of a buffer overflow attack that I had encountered. This type of method had been discussed for a while, but many people thought that it was too complicated to be functional.” – page 175 (relating his conversation/investigation into a hacker he calls ‘Bob’)

“Why people write keygen software is not fully known, but it appears that the same things that motivate virus writers drive them.” – page 215

“We cannot yet predict who will hack and how they will do it, but we can use the position of a potential hacker relative to his or her target to determine the most likely intent of any attack.” – page 223

“This problem has improved over time, and sendmail is less insecure every day. (One day, sendmail might even become reasonably secure.)” – page 243

“The basic problem is a matter of trust, as sendmail believes the user will accurately reveal his identity in the message. The receiever of an email message has no way of ensuring that the sender is authentic, so we cannot and should not rely on the truthfulness of the sender of an email message.” – page 243

“I was working with a financial institution on a network security project recently. Having reviewed their network security, I was very impressed, because they clearly took it very seriously. [..] During the discussion, one of the network security technicians was lamenting the issues involved in cleaning up from the Melissa Virus. I was surprised; having no idea how the virus could have gotten into their network unless the virus writer was on staff, I had to ask. It turns out that the network got infected, because onf of their employees had decided to use a non-standard email service that was against corporate policy.” (Melissa appeared in March, 1999, yet Branigan says he ‘recently’ worked on a project where this came up?) – page 250

“Firewalls are not capable of looking at the contents of email messages and thus cannot screen out email viruses. A pity! Therefore, the most effective method today for screening email messages for viruses is at the email gateway, the point where email enters and leaves a company. A virus scanner is simply a pattern-matching program, looking for signs of a virus in the contents of each mail message.” – page 253

“If you estimate that a criminal breaks into 100 computers on average, then there might be 54,000 hackers out there. Of course, let’s hope that the actual number is much less than that! (Of course, we would need to not count a virus attack as a break-in for this number to be at all meaningful….)” – page 264

“Computer hacking is a direct attack on a specific computer or group of computers. For these attacks, the script-kiddie is the most common hacker. A “script-kiddie” is a hacker with very little skill that uses commonly-available hacking tools to disrupt publicly-available computers and networks. The script-kiddie will attempt to hack as many computer systems as possible — without caring who the owner of the system is. For example, common script-kiddie tools such as probe and nmap quickly search for vulnerable computers on a network in a target area. Using these tools to search for vulnerable systems is similar to taking a water hose and randomly spraying — whatever you hit gets wet, whatever you miss stays dry, and a ton of people notice.” – page 273

Review: Computer Security for the Home and Small Office

[The date of publication is not known.]

Computer Security for the Home and Small Office
Thomas C. Greene
Paperback – 405 pages (2004)
$39.99 – Apress ISBN: 1-59059-316-2
[Full Disclosure: I have been quoted by Greene for past articles in a friendly/professional capacity. He has also written articles that were accusatory to me and attrition.org in the past. Translated: I owe him nothing.]

The first and most obvious question that will come to some people is where an alleged hack from The Register gets off writing a book on computer security. After reading the entire book, you’ll understand that his last five years covering computer security and playing Windows solitaire has paid off. Just as he writes his news material in an “irreverent editorial style”, so shall I in this quippy review.

Computer security isn’t just for hackers or professionals, it’s something every computer owner and operator should be aware of. When we read about the worm-of-the-week, it is infecting and compromising tens of thousands of machines, often owned by you, the end user. How are the average computer users expected to protect their home systems when security is a discipline and career? In the past, they were expected to read web sites, trust Microsoft and possibly struggle through an overly technical book detailing the ins and outs of firewalls or other security technology. Some books came out to address this issue but ended up being dull, covering the absolute basics while ignoring serious issues, or contained more errors than facts. After all this time, one book seems to be ideal for the everyday user, and read to educate them on more than configuring a Windows machine or personal router.

Overall, the book favors the end Windows user in time spent explaining the gritty details of basic security. However, neophyte Linux users will be able to learn some of the basics as applies to them, as Greene considers both platforms when dealing out information. Using plain wording unencumbered by superfluous jargon, the lessons you need are easy to understand, well organized and well written. Fortunately for you, the book was technically reviewed by Robert Slade before hitting the shelves, and it shows. It’s a pleasant change of pace reading a book without sighing in disgust every few pages when the author typically proves they are better off working at McDonalds. The Greene/Slade combination is definitely worthy of Subway.

The last third of the book moves beyond configuring your computer and delves into the single most aspect of computer security: Common Sense and Awareness. Rather than continue on with tech tips, Greene opts to educate the end user about the security industry, which is a blessing in disguise. Later chapters warn you on FUD (Fear, Uncertainty and Doubt), how to avoid industry charlatans, and how to apply common sense toward keeping unwanted people out of your system.

Greene also delves into some of the great debates of our time, like open vs closed operating systems (Windows vs Linux). His journalistic experience shines through here and Greene delivers perhaps the single best summary of why Linux may be a better option for you than Windows. He dispels the myth that it is too complex, that it doesn’t run the programs you want, and the shortcomings of Windows.

The last section covers a wide variety of topics that move beyond the personal computer and into daily life, as computers may affect you. This is a nice touch as a large part of the population doesn’t follow technology news despite the drastic effects it can have on your life. By understanding what is looming around the corner, you can better prepare for changes that affect the Internet, your computer, and your security.

No review is complete without a little criticism! The biggest complaint I can direct at this book is the practice of lengthy and largely worthless Appendix. Starting on page 297 (Appendix B) and ending on page 392 (Appendix C), about half of the material would have been better left on Greene’s new website. Giving us long lists of trojan port numbers for example, isn’t the most helpful thing you could have filled those pages with.

All in all, if you are an average Joe when it comes to computers and security, grab a copy of this book. It will help you learn what you need to know, and it will make you realize that security is more than tweaking options on a computer configuration screen. That lesson is still hard to teach to some so-called security professionals, but one you will learn rapidly with this book.

Review: Cyber Crime

[The date of publication is not known.]

Cyber Crime
How to Protect Yourself from Computer Criminals
Laura E. Quarantiello
0-936653-74-4, Tiare Publications/Limelight Books

Part One:

Chapter One – ‘Terrorism On Line: Inside Comptuer Crime’: Chapter one opens with defining computer crime, and does a decent (and fair) job of defining why hackers hack. “In the end, it all comes down to one of those six reasons.”

Chapter Two – ‘Computer Criminals and their Crimes: Digital Outlaws’: Starting out with ‘phreaking’, the author gives a brief history of hackers and the phone systems. Unfortunately, a serious lack of research shines through in this chapter, where a list of “phreaker boxes” is quoted. It has been well established that a majority of these boxes never worked, and were little more than wishful thinking by hackers with little knowledge of the phone system. The rest of the chapter delves into different aspects of hacking and how hackers evolved.

Chapter Three – ‘Cyber-Sneezes: Viruses’: As with most computer security books, this is the token chapter on computer Viruses.

Chapter Four – ‘The Darkest Side to Computer Crime: Threats to Your Personal Safety and Property’: Chapter four begins by giving contrast between crime and virtual crime. One admirable feature is the clarification that not all online pedestrians will be mugged by cybercriminals. Unfortunately, a good portion of the chapter deals with ‘stalking’, pornography, and child pornography, which seems out of place in contrast with other sections.

Part Two:

Chapter Five – ‘Cyber Security: Foiling Computer Criminals and Staying Safe’: This chapter suffers the problem of trying to squeeze too much information into a small place. Writing about how to secure your systems should take books. Starting out with the idea of ‘weak links’, they abruptly end after two and move into other non-numbered categories. While a decent effort, it brings its failure upon itself by trying.

Chapter Six – ‘Cyber-Cops: Walking the Digital Beat’: Much to the dismay of law enforcement, this chapter paints a relatively accurate picture of the state of computer crime and law enforcement’s ability to deal with it. (Considering when the book was written). Toward the end of the section, contact info for CERT and the advice to call the FBI is given. The exact organizations the author found lacking.

Overview: For a 100 page, 1 hour read, this book does a better than average job of portraying computer crime. Despite the handful of errors, the author gives a fair overview of computer crime, hackers, and law enforcement.

Review: Ethical and Social Issues in the Information Age

[The date of publication is not known.]

Ethical and Social Issues in the Information Age
Undergraduate Texts in Computer Science
Joseph Migga Kizza
0-387-98275-2, 172 Pages, Springer-Verlag

Overview: “Ethical and Social Issues in the Information Age” is an excellent foundation and resource for defining ethics and morals in a technological world. For any reader interested in exploring this often shady area of life, I highly recommend this be your introduction. Along with the clear and concise definitions, each chapter references real world examples to help illustrate each point and make the reader aware of the real and imaged concerns associated with each.

Chapter 1 – “Morality and the Law”: If you can judge a book by the first chapter, this book is a great read. The introduction to morality and the law starts out with clear explanation of what morality is, moral theories, moral decision making, as well as listing well established and general moral codes (such as ‘the golden rule’). By defining such concepts as ‘guilt’ and ‘judgment’, the reader is well equipped to move on and explore the different facets of ethics, morals, and how they apply to technology.

Chapter 2 – “Ethics, Technology, and Values”: The various definitions of ethics and the theories of ethics is explained very well. Providing short descriptions of major ethical theories, you begin to realize there are many more concerns than may meet the eye. Continuing on, Kizza creates an equation to explore the relation between ethics and the human mind. This chapter also goes in depth on Codes of Ethics, defines Computer Ethics, and explains why you should study Computer Ethics.

Chapter 3 – “Ethics and the Professions”: Chapter three delves into defining professional requirements and the codes that may apply to them. Kizza describes four codes: professional, personal, institutional, and community. From here, the four ‘pillars’ of professionalism are outlined and described: Commitment, integrity, responsibility, and accountability. The rest of this chapter deals with the making of an ethical profession, and the attributes that go with it.

Chapter 4 – “Anonymity, Security, and Privacy”: After defining each of these concepts, real world examples are provided to illustrate each, and help show the reason each is valuable and noteworthy. Perhaps the strongest point is the definition and breakout of ‘privacy’, and what it truly entails.

Chapter 5 – “Intellectual Property Rights and Computer Technology”: Before you can define intellectual property rights, you must qualify what property is in the technical and digital world. Once defined, there are several factors that affect the value and right of use including ‘public domain’, copyright, patents, ‘trade secret’ status, trademarks, and more. Last, you must define ownership as well as define what infringement really is. This chapter also goes into how you can better protect what is valuable to you or your company.

Chapter 6 – “Computer-Augmented Environments: The Workplace”: A few years ago, the ‘workplace’ was easily defined by four walls in a set location. In today’s world, travelling, home and virtual offices have replaced that idea. Chapter six defines this changing world and considers the effects and benefits of each. Section 6.4 goes into explicit detail about the implications and considerations of workplace privacy and surveillance. How do you monitor virtual workers? What rights do you have to monitor home activity?

Chapter 7 – “Software Issues”: Since software in one form or another controls every computer or computer component, it becomes a more important and fundamental part of our life. Even though we may not understand the languages that make up the software, we must be aware of the elements of software that affect its use. Verification and Validation, reliability, security, safety, and quality are some of the major points examined and brought to light. Section 7.2 delves into the various reasons of why software fails and who is responsible. More importantly, it covers what consumer protection exists, the rights of software buyer’s, and more.

Chapter 8 – “New Frontiers for Ethical Considerations: Artificial Intelligence, Cyberspace, and Virtual Reality”: Most literature on future concepts in computing typically lack material justifying one stance or another. This book differs as it provides solid definitions of areas of computers barely defined, and more importantly, provides reference to existing work in the fields of AI and VR.

Chapter 9 – “Ethical and Social Issues in Cyberspace”: Perhaps one of the most obscured and widely (mis?)used words to describe computer culture is ‘cyberspace’. Rather than try to force an unwieldy definition on the word, Kizza gives the reader a foundation and quick background for the word. That in mind, he moves on to cover the role of copyright, patents, identity, censorship, privacy, and security and how they are affected, as well as how they affect cyberspace.

Review: Time Based Security

[The date of publication is not known.]

Time Based Security
Practical and Provable Methods to Protect Enterprise and Infrastructure, Networks and Nation
Winn Schwartau
0-672-31341-3, 174 pages, Interpact Press

What is TBS (Time Based Security)? TBS is defined by the author as “a non-technical examination of the very foundation of the technical realities of the networked society. It is designed for a wide audience with varying skill sets, backgrounds and business needs.” Unfortunately, the title’s use of “practical and provable methods to protect enterprise and infrastructure, networks and nation” implies (to me) that the book will cover practical and applicable solutions to the problems pointed out. Rather than presenting solutions, the author gives a high level diagnosis of the problem, as well as simple-to-use equations for determining how it affects your organization.

The first fourteen chapters (each chapter averages 4.5 pages) go into the description and foundation of TBS. Schwartau calls on well grounded and practical examples to convey the importance of utilizing a security plan that utilizes TBS. From the foundation, simple equations are designed to contrast the importance of Protection, Detection, and Reaction (the key elements of TBS).

The next few chapters go into various security concepts and how they apply to a TBS model. Starting with ‘Defense in Depth’ (Chapter 17), Schwartau applies practical examples to his TBS equations and shows how to factor in elements such as multi layered security. Unfortunately, these chapters (especially ‘SequentialTime-Based Security’ [Chapter 18]), are extremely short and lack the description needed to adequately convey their importance.

The remaining chapters cover a wider variety of topics and expand past the TBS model a bit more. Some of these topics are Reaction Channels, TBS Reaction Matrices & Empowerment, and Using TBS in Protection.

Overview: While TBS presents a great overview of the concepts and effects of Time based Security, it does not present a grounded practical method for implementing these ideas into a working network. Technical people reading this book will no doubt question the book’s claims of it being “your handbook for protecting intangible things of value that have no physical substance.” Management and non-technical people however, should definitely read this book. Schwartau cites easy to use examples and layman’s terms to explain the risks your network suffers.