Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

+ - Book review: The Terrorists of Iraq

Submitted by benrothke
benrothke writes: Untitled documentol{margin:0;padding:0}.c1{widows:2;orphans:2;text-align:justify;direction:ltr}.c2{widows:2;orphans:2;direction:ltr}.c4{max-width:468pt;background-color:#ffffff;padding:72pt 72pt 72pt 72pt}.c7{color:#1155cc;text-decoration:underline}.c3{color:inherit;text-decoration:inherit}.c0{font-size:12pt}.c6{font-style:italic}.c5{height:11pt}.title{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:21pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}.subtitle{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:13pt;font-family:"Trebuchet MS";padding-bottom:10pt;page-break-after:avoid}li{color:#000000;font-size:11pt;font-family:"Arial"}p{color:#000000;font-size:11pt;margin:0;font-family:"Arial"}h1{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:16pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h2{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:13pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h3{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:12pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h4{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;text-decoration:underline;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h5{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h6{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}

Title:The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, 2nd Edition

Author: Malcolm W. Nance

Pages: 404

Publisher: CRC Press

Rating: 10/10

Reviewer: Ben Rothke

ISBN: 978-1498706896

Summary: Definitive text on the Iraq War written by one of the few Americans who truly understand the issue





The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible.



Using that metaphor, if you took every member of United States Congress and House of Representatives and wrote their collected wisdom on Iraq, it's unlikely they could equal the astuteness of even a single chapter of author Malcolm W. Nance in The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014. It's Nance's overwhelming read-world experiential knowledge of the subject, language, culture, tribal affiliations and more which make this the overwhelming definitive book on the subject.



Nance is a career intelligence officer, combat veteran, author, scholar and media commentator on international terrorism, intelligence, insurgency and torture. In 2014 he became the executive director of the counter-ideology think tank the Terror Asymmetrics Project on Strategy, Tactics and Radical Ideologies (TAPSTRI).



While it's debatable if most members of Congress could elucidate the difference between the Sunnis and Shiites; Nance knows all of the players in depth. He understands and describes who there are, what they are and how their methods work. His unique analysis provides an in-depth understanding of who these groups are and what they are fighting about.



The book details how the many terror groups formed to create the Iraqi insurgency that led to the rise of the Islamic State of Iraq and Syria (ISIS). Nance places the blame on the Bush administrations 2003 invasion of Iraq that lead to the destabilization of the country. While the war was based on faulty evidence, the insurgency was created by myriad mistakes, misperceptions and miscalculations by L. Paul Bremer, who lead the occupational authority of Iraq during the war.



A common theme Nance makes throughout the book is that the US ignored history and didn't learn the lessons of the Iraqi revolt against the British in 1920 or the events of the Vietnam War. Those lessons being that insurgents and foreign terrorist operations were much more effective despite the enormous manpower and firepower that the US troops brought to bear in Iraq.



Nance details how much of the coalition's strategy was based on wishful thinking. He writes that Washington never had a realistic plan for post-war Iraq. Only Saddam Hussein, Abu Musab al-Zarqawi and the ex-Ba'athists has a definitive strategy for what to do in post-war Iraq. Unlike the Americans, they mobilized the right resources and persons for the job, with devastating and horrifying effects.



The book writes of the utterly depravity and evil nature of Saddam Hussein and his sons Uday and Qusay. Following the first Gulf War. Qusay revealed a brutality to match both his father's and brother's. The Hussein family was responsible for the death and torture of hundreds of thousands of innocent Iraq's and others.



The insurgency was and is made up of countless different groups. Some of these groups number under a hundred members, others in the tens of thousands. Nance details who these groups are, their makeup and leadership structure and what they hope to achieve.



Nance quotes Donald Rumsfeld and General Tommy Franks who described the insurgency as dead-enders; namely small groups dedicated to Hussein, and not large military formations or networks of attackers. Yet the reality was that Hussein started creating the insurgency in the months before the invasion. Rather than being a bunch of dead-enders, the insurgency was a group that was highly organized, heavily armed, with near unlimited funds based on looting hundreds of millions of dollars.



From a reporting perspective, the book details how the US government made the same mistakes in Iraq as it did in Iran. Underreporting US casualties, over reporting enemy losses, and obfuscating how terrible the situation on the ground was.



The term IED (improvised explosive device) became part of the vernacular during the Iraq War. The book details how the insurgency used the many different types of IED's (including human-based IED) at specific times and places for their political and propaganda goals.



Nance writes that the biggest gift the US gave to Osama bin Laden was to invade Iraq. The invasion provided him with an opportunity for inspirational jihad. bin Laden envisioned a holy war with heroic men fights against desperate odds in the heart of historic Islam, just like the first battles of the Prophet Mohammed.



Nance spends a few chapters dealing with ISIS and how it came to be. There are multiple iterations of the group, which developed as the Iraq mess evolved.



The book closes with a disheartening overview of the current state. Nance writes that the Middle East is in far more danger from destabilizing collapse of states due to the effects of the American invasion today than it has ever been.



As ISIS is currently the dominant force in Iraq; Nance states that he fears ISIS will have no intention of going back to being a small insurgent group. It will attempt to consolidate captured terrain. It will offer the Sunni a chance to rule under it at the technocrat level, but that is when the pogroms will start.



In the end, Nance writes, the Islamic caliphate will attempt and fail at creating a popular Iraqi-Syrian nation out of stolen governorates. But unless confronted quickly and forcefully, it may become an isolated jihadistan from which no end of terror will spawn.



For those that want to truly understand the Iraq conflict, Nancy is eminently qualified and this book is uniquely superb. There is no better book than The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014on the subject.





Reviewed by Ben Rothke

+ - Book review: Future Crimes

Submitted by benrothke
benrothke writes: Title:Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

Author: Marc Goodman

Pages: 400

Publisher: Doubleday

Rating: 9/10

Reviewer: Ben Rothke

ISBN: 978-0385539005

Summary: In the rush to get everyone wired, they forget to secure it





Technology is neutral and non-moral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side.



Technology breeds crime and in the book, Goodman users Crime, Inc.as a metaphor for the many entities and organizations that exist in the dark web and fringes of the Internet. Towards the end of the book, after describing all of the evils that the Internet creates, he suggests creation of a modern day Manhattan Project for cyber security. He writes that a major initiative such as that is what is required to secure the Internet and emerging technologies.



As to Crime, Inc., Goodman shows how they use technologies such as distributed computing, satellite communications, crowdsourcing, encrypted channels and other sophisticated mechanisms to carry out their actions. The premise of the book, and it's a compelling one, is that in the rush to wire every classroom, person and organization, we have failed to secure it appropriately.



The books 18 chapters are an easy and fascinating read. Goodman writes in detail about many major technologies trends and how its benefits can be subverted. The book is written for the non-technical reader and Goodman does an admirable job of minimize tech-talk and gibberish.



While the book obsesses on the dark side, it's important to note that Goodman is not an anti-technologist. The goal of the book is to make people aware of what they are clicking on, and how they often give away their personal life when using free mobile applications.



Chapter 6 on the surveillance economy is particularly interesting. While Snowden brought attention to the NSA's wholesale spying, what has gone under the radar is the lucrative surveillance economy that has developed. Goodman writes how firms like Acxion, Epsilon and others are part of the over $150 billion data brokerage industry. Their power is that they correlate information from myriad disparate sources, to create a powerful dossier that marketers are willing to pay for.



The chapter articulately details the unprecedented amounts of data people have shared with third-parties; that once shared, is almost impossible to control. The privacy implications are huge and the problem is only getting worse. Data brokers have no privacy incentives as they make money when they sell data, not when they protect it.



The book is a fascinating read, albeit a bit wordy at times. The book contains so many horror stories and examples of software and hardware gone badly, that the reader can be overwhelmed. Goodman on occasion makes some errors, such as when he writes that a six-terabyte hard drive could hold all of the music ever recorded anywhere in the world throughout history. At times, he overemphasizes things, such as when he writes that one billion users have posted their most intimate details on Facebook. While Facebook recently passed the 1 billion user mark, not every user posts intimate details of their live.



The book provides a superb overview of the security implications of the Internet of Things (IoT). Goodman details how the IoT can be used to create intelligent systems and networks that can detect and shutdown adversaries. But to secure the IoT will require an effort akin to the Manhattan Project. With that, Goodman advocates that the government fund a digital Manhattan Project, getting the best and brightest minds in the information security space together, to create a framework to better secure the Internet.



The problem is as he notes, that Washington simply does not see the need nor can they comprehend the urgency of the situation. It's only the government that can ostensibly get the private and public sectors together to work in concert, but that is unlikely to happen anytime soon. Which only serves to exacerbate an already tenuous information security problem.



An additional issue the book grapples with, it that the while government wants its citizens to be secure and touts the importance of personal privacy, it simultaneously spies on them. Also, providers such as Google and Facebook provide free services, at the cost of turning the user into a data customer. It's not just the criminals and terrorists the book warns about, rather government and free data collection services.



While the book paints an overly depressing picture of what the future holds for personal privacy, Goodman closes the book with his UPDATEprotocol. He writes that while the worst is yet to come and that it's getting more and more difficult to gain control you're your personal data and metadata; there are six steps you can do. Goodman claims that these 6 steps can prevent 85% of digital attacks. The UPDATE steps are: Update frequently, Passwords, Download from safe sites only, Administrator accounts used with care, Turn off computers and Encrypt data.



Much of the problem is that people are clueless to what is going on. They use free services not knowing their data and personal privacy is what they are giving away. Finally, users don't know what good security looks like. The book is a valiant attempt to show users that while they think they are using the Internet in a pristine environment, it is simply a cesspool of malware, scammers and miscreants. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About Itis a great wake-up call. Let just hope everyone wakes up and read it.





Reviewed by Ben Rothke

+ - Book review: Data and Goliath

Submitted by benrothke
benrothke writes: Untitled documentol{margin:0;padding:0}.c1{widows:2;orphans:2;text-align:justify;direction:ltr}.c0{widows:2;orphans:2;height:11pt;direction:ltr}.c6{max-width:468pt;background-color:#ffffff;padding:72pt 72pt 72pt 72pt}.c4{color:inherit;text-decoration:inherit}.c3{color:#1155cc;text-decoration:underline}.c2{font-size:12pt}.c5{font-style:italic}.title{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:21pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}.subtitle{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:13pt;font-family:"Trebuchet MS";padding-bottom:10pt;page-break-after:avoid}li{color:#000000;font-size:11pt;font-family:"Arial"}p{color:#000000;font-size:11pt;margin:0;font-family:"Arial"}h1{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:16pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h2{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:13pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h3{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:12pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h4{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;text-decoration:underline;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h5{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h6{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}

Title:Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Author: Bruce Schneier

Pages: 400

Publisher: W. W. Norton & Company

Rating: 10/10

Reviewer: Ben Rothke

ISBN: 978-0393244816

Summary: Important defense of privacy & expose on the dangers of NSA domestic mass surveillance



InData and Goliath: The Hidden Battles to Collect Your Data and Control Your World,author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama and the NSA for their wholesale spying on innocent Americans and violations of myriad laws. Instead, he was written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone.



A comment like what's the big deal?often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what do they have to worry about. In the book, Schneier debunks that myth and many others, and defends the important of privacy.



Schneier writes that privacy is an essential human need and central to our ability to control how we relate to the world. Being stripped of privacy is fundamentally dehumanizing and it makes no difference whether the surveillance is conducted by an undercover police officer following us around or by a computer algorithm tracking our every move.



The book notes that much of the data sharing is done voluntarily from users via social media and other voluntary sharing methods. But the real danger is that the NSA has unlawfully been conducting mass surveillance on Americans, in violation of the Constitution and other Federal laws. And with all of that, the book observed that after spending billions doing it, the NSA has very little to show for its efforts.



While the NSA has often said they were just collecting metadata; Schneier writes that metadata can often be more revealing than the data itself, especially when it's collected in the aggregate. And even more so when you have an entire population under surveillance. How big of a deal is metadata? Schneier quotes former NSA and CIA director Michael Hayden that "we kill people based on metadata".



The book spends chapters detailing the dangers of mass data collection and surveillance. It notes that the situation is exacerbated by the fact that we are now generating so much data and storing it indefinitely. People can now search 20 years back and find details that were long thought to have been forgotten. Today's adults were able to move beyond their youthful indiscretions; while today's young people will not have that freedom. Their entire life histories will be on the permanent record.



Another harm of mass government surveillance is the way it leads to people being categorized and discriminated against. Since much of the data is gathered in secret, citizens don't have the right to see or refute it. Schneier notes that this will intensify as systems start using surveillance data to make decisions automatically.



Schneier makes numerous references to Edward Snowden and views him as a hero. He views Snowden's act as being courageous since it resulted in the global conversation about surveillance being made available. Had it not been for Snowden, this book would never have been written.



Schneier does a good job of showing how many of the methods used by the NSA were highly questionable, and based on extremely broad readings of the PATRIOT ACT, Presidential directives and other laws.



The book notes that not only has mass surveillance on US citizens provided extremely little return on the tens of billions of dollars spent; the very strategy of basing security on irrational fears is dangerous. The book notes that many US agencies were faulted after 9/11 and the Boston Marathon bombing for not connecting the dots.But connecting the dots against terrorist plots is extraordinarily difficult, if not impossible. Given the rarity of these events, the book notes that they current systems produce so many false positives as to render them useless.



Schneier straight-out says that ubiquitous surveillance and data minding are not suited for finding dedicated criminals or terrorists. The US is wasting billions on these programs and not getting the security they have been promised. Schneier suggests using the money on investigations, intelligence and emergency response; programs whose tactics have been proven to work.



Schneier makes many suggestions on how to stop the mass surveillance by the NSA. His biggest suggestion is to separate espionage agencies from the surveillance agencies. He suggests that government surveillance of private citizens should only be done as part of a criminal investigation. These surveillance activities should move outside of the NSA and the military and should instead come under the auspices of the FBI and Justice Department, which will apply rules of probable cause, due process and oversight to surveillance activities in regular open courtrooms. As opposed to the secret United States Foreign Intelligence Surveillance courts.



Schneier notes that breaking up the NSA is a long-range plan, but it's the right one. He also suggests reducing the NSA's budget to pre-9/11 levels, which would do an enormous amount of good.



While Schenier comes down hard on mass surveillance, he is also rational enough to know that there are legitimate needs for government surveillance, both law enforcement and intelligence needs to do this and we must recognize that. He writes that we must support legitimate surveillance and work on ways for these groups to do what they need without violating privacy, subverting security and infringing on citizens' rights to be free of unreasonable suspicion and observation.



The book concludes with a number of things that can be done. At the personal level there is a lot people can legitimately do to stop sharing so much personal information. But for most people, they would rather reap the short-term benefits of sharing information on social media, with retailers and more; than the long-term privacy benefits.



The book also notes that much of the problem stems with federal agencies since keeping the fear stoked is big business. For those in the intelligence agencies, that is the basis of their influence and power. Schneier also lays some of the blame on the media who stoke the irrational fears in the daily news. By fixating on rare and spectacular events, the media conditions us to behave as if terrorism were much more common than it is and to fear it far out of proportion to its actual incidence.



This is an incredibly important book. Schenier is passionate about the subject, but provides an extremely reasonably set of arguments. Superbly researched, Schneier lays out the facts in a clear, concise and extremely readable manner. The book is at times disturbing, given the scope and breadth of the NSA surveillance program.



This is the perfect book to take with you on a long flight. It's a compelling and engrossing read, and important book and a major wake-up call. The NSA knows all about you via its many total information awareness programs. In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,Bruce Schneier provides the total information awareness about what the NSA is doing, how your personal data is being mined, and what you can do about it.



While the NSA was never able to connect the dots of terrorists, Schneier has managed to connect the dots of the NSA. This is a book that must be read, for your freedom.





Reviewed by Ben Rothke

+ - Book review: Data and Goliath

Submitted by benrothke
benrothke writes: Title:Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Author: Bruce Schneier

Pages: 400

Publisher: W. W. Norton & Company

Rating: 10/10

Reviewer: Ben Rothke

ISBN: 978-0393244816

Summary: Important defense of privacy & expose on the dangers of NSA domestic mass surveillance





In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama and the NSA for their wholesale spying on innocent Americans and violations of myriad laws. Instead, he was written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone.



A comment like what's the big dealoften indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow conception on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what they have to worry about. In the book, Schneier debunks that myth and many others, and defends the important of privacy.



Schneier writes that privacy is an essential human need and central to our ability to control how we relate to the world. Being stripped of privacy is fundamentally dehumanizing and it makes no difference whether the surveillance is conducted by an undercover police following us around or by a computer algorithm tracking our every move.



The book notes that much of the data sharing is done voluntarily from users via social media and other voluntary sharing methods. But the real danger is that the NSA has unlawfully been conducting mass surveillance on Americans, in violation of the Constitution and other Federal laws. And with all of that, the book observed that after spending billions doing it, the NSA has very little to show for its efforts.



While the NSA has often said they were just collected metadata; Schneier writes that metadata can often be more revealing than the data itself, especially when it's collected in the aggregate. And even more so when you have an entire population under surveillance. How big of a deal is metadata? Schneier quotes former NSA and CIA director Michael Hayden that "we kill people based on metadata".



The book spends chapters detailing the dangers of mass data collection and surveillance. It notes that the situation is exacerbated by the fact that we are now generating so much data and storing it indefinitely. People can now search 20 years back and find details that were once forgotten, often just after the incident occurred. Today's adults were able to move beyond their youthful indiscretions; while today's young people will not have that freedom. Their entire life histories will be on the permanent record.



Another harm of mass government surveillance is the way it leads to people being categorized and discriminated against. Since much of the data is gathered in secret, citizens don't have the right to see or refute it. Schneier notes that this will intensify as systems start using surveillance data to make decisions automatically.



Schneier makes numerous references to Edward Snowden and views him as a hero. He views Snowden's act as being courageous since it resulted in the global conversation about surveillance being made available. Had it not been for Snowden, this book would never have been written.



Schneier does a good job of showing how many of the methods used by the NSA were highly questionable, and based on extremely broad readings of the PATRIOT ACT, Presidential directives and other laws.



The book notes that not only has mass surveillance on US citizens provided extremely little return on the tens of billions of dollars spent; the very strategy of basing security on irrational fears is dangerous. The book notes that the many US agencies were faulted after 9/11 and the Boston Marathon bombing for not connecting the dots.But connecting the dots against terrorist plots is extraordinarily difficult, if not impossible given current computing techniques. Given the rarity of these events, the book notes that they current systems produce so many false positives as to render them useless.



Schneier straight-out says that ubiquitous surveillance and data minding are not suited for finding dedicated criminals or terrorists. The US is wasting billions on these programs and not getting the security they have been promised. Schneier suggests using the money on investigations, intelligence and emergency response; programs whose tactics have been proven to work.



Schneier makes many suggestions on how to stop the mass surveillance by the NSA. His biggest suggestion is to separate espionage agencies from the surveillance agencies. He suggests that government surveillance of private citizens should only be done as part of a criminal investigation. These surveillance activities should move outside of the NSA and the military and should instead come under the auspices of the FBI and Justice Department, which will apply rules of probable cause, due process and oversight to surveillance activities in regular open courtrooms. As opposed to the secret United States Foreign Intelligence Surveillance courts.



Schneier notes that breaking up the NSA is a long-range plan, but it's the right one. He also suggests reducing the NSA's budget to pre-9/11 levels, which would do an enormous amount of good.



While Schneier comes down hard on mass surveillance, he is also rational enough to know that there are legitimate needs for government surveillance, both law enforcement and intelligence needs and we must recognize that. He writes that we must support legitimate surveillance and work on ways for these groups to do what they need without violating privacy, subverting security and infringing on citizens' rights to be free of unreasonable suspicion and observation.



The book concludes with a number of things that can be done. At the personal level there is a lot people can legitimately do to stop sharing so much personal information. But for most of them, the long-term benefits may lose out to the short-term gains from sharing their information on social media, with retailers and more.



The book also notes that much of the problem stems with federal agencies since keeping the fear stoked is big business. For those in the intelligence agencies, that is the basis of their influence and power. Schneier also lays some of the blame on the media who stoke the irrational fears in the daily news. By fixating on rare and spectacular events, the media conditions us to behave as if terrorism were much more common than it is and to fear it far out of proportion to its actual incidence.



This is an incredibly important book. Schneier is passionate about the subject, but provides an extremely reasonably set of arguments. Superbly researched, Schneier lays out the facts in a clear, concise and extremely readable manner. The book is at times disturbing, given the scope and breadth of the NSA surveillance program.



This is the perfect book to take with you on a long flight. It's a compelling, read, and important book and a major wake-up call. The NSA knows all about you via its many total information awareness programs. In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, Bruce Schneier provides the total information awareness about what the NSA is doing, how your personal data is being mined, and what you can do about it.



While the NSA was never able to connect the dots of terrorists, Schneier has managed to connect the dots of the NSA. This is a book that must be read, for your freedom.







Reviewed by Ben Rothke

+ - Book review: Designing and Building a Security Operations Center

Submitted by benrothke
benrothke writes: Title:Designing and Building a Security Operations Center

Author: David Nathans

Pages: 276

Publisher: Syngress

Rating: 8/10

Reviewer: Ben Rothke

ISBN: 978-0128008997

Summary: Good introduction to those looking to build their own security operations center





Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators.



This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues.



In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.



The book notes that the SOC is akin to an enterprise nervous systemthat can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.



The books 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.



When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn't details that approach.



The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".



One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.



Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.



Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation, which I reviewed on Slashdot - http://books.slashdot.org/story/11/02/23/1328243/book-review-security-information-and-event-management-implementation. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.



The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it's important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it's important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.



Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.



The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.



The downside to metrics is that they must be used judiciously. It's important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.



As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn't cover, such as SOC documentation, creating and using SOC operation run books, and more.



But even with those missing areas, Designing and Building a Security Operations Centeris a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.





Reviewed by Ben Rothke

Comment: Re:So... did he have any tested? (Score 3, Insightful) 82

by benrothke (#48551753) Attached to: Book Review: Spam Nation

Krebs writes that he had people at The University of Alabama at Birmingham ready to do the testing. But they couldn’t get the necessary sign off, both from the school administration and the FDA.

And even if they did, imagine if CNN got hold of the story. They would plaster the headlines with: University testing illegal Russian drugs for potency.

Comment: Re:So... did he have any tested? (Score 2) 82

by benrothke (#48551049) Attached to: Book Review: Spam Nation

Such tests require sophisticated testing equipment.

Those with the equipment are not going to risk getting their labs shut down for testing illegal drugs.

The book notes that The University of Alabama at Birmingham was ready to do the testing; but the necessary approval from the FDA and university administrations simply could not be obtained.

Comment: Re:Clarify this sentence, please? (Score 1) 82

by benrothke (#48551015) Attached to: Book Review: Spam Nation

Big pharma has long portrayed these foreign made pharmaceuticals as dirty and dangerous.

The quandary is that if as John Horton noted that they are indeed indistinguishable from those sold by approved pharmacies; then US pharma is selling a drug at 10x the price.

It would place them in a PR nightmare they could not get out of.

Elegance and truth are inversely related. -- Becker's Razor

Working...