BKCNSPRC.RVW 20030603 "Conspiracy.com", R. J. Pineiro, 2001, 0-812-57505-9 %A R. J. Pineiro author@rjpineiro.com %C 175 Fifth Avenue, New York, NY 10010 %D 2001 %G 0-812-57505-9 %I Tor Books/Tom Doherty Assoc. %O pnh@tor.com www.tor.com %O http://www.amazon.com/exec/obidos/ASIN/0812575059/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0812575059/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0812575059/robsladesin03-20 %P 405 p. %T "Conspiracy.com" The author's bio, printed inside the back cover, indicates that he has almost two decades of experience in the computer industry. The material on his Web page (which, unfortunately, doesn't seem to have been updated in the past two years) points to work as a chip engineer. Which may explain the myriad errors in everything from network operations to authentication to screen resolution. From a technical perspective, the book presents a bit of a dichotomy. On the one hand, there is a rough awareness of much of the detail of the computer world. On the other hand, many of the particulars are wrong: the whole point of the Internet was that you wouldn't need to dial up each computer individually, high end workstation prices in the book are ridiculously inflated, and there is the standard mistake of assuming that a cellular phone actually has to be making a call in order to be tracked. The same rift occurs in regard to computer security. For once the good guys seem to do all the system penetration. There is a lovely piece of social engineering employed in order to install a kind of rootkit. One character takes advantage of a "beaming" (infrared data transfer equipped) personal digital assistant, and the inevitable fact that people write down lists of their passwords, in order to obtain access information. (The beauty of this scam is somewhat reduced because PDAs have extremely weak security at the best of times, making this plot device somewhat redundant.) But the attempt to make the action "visual" (one can almost hear the movie deal making going on) definitely comes at the expense of technical realism. The virtual reality "interface" makes little sense in terms of either networking or database management. The agents seem to simply operate by magic. The security systems are ludicrously vulnerable, with operations and controls completely exposed. There is a vague hint of "sniffing" for passwords as they are used, but security and intrusion detection systems would be operating in a resident mode (and generally internal to a system) so that they would have no need to submit passwords. Certainly the idea that major banks, corporations, and government institutions are all using static, reusable passwords, with no challenge/response systems, is sadly behind the times. A mixed bag, this. More than a passing familiarity with the computer world, but a ton of annoying mistakes. copyright Robert M. Slade, 2003 BKCNSPRC.RVW 20030603