The Myths of Security et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus
EUR 28,34
  • Tous les prix incluent la TVA.
Il ne reste plus que 2 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
Amazon rachète votre
article EUR 0,23 en chèque-cadeau.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir cette image

The Myths of Security (Anglais) Broché – 7 juillet 2009


Voir les 2 formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
Broché
"Veuillez réessayer"
EUR 28,34
EUR 13,35 EUR 0,26

Offres spéciales et liens associés


Les clients ayant acheté cet article ont également acheté


Descriptions du produit

Book by Viega John


Vendez cet article - Prix de rachat jusqu'à EUR 0,23
Vendez The Myths of Security contre un chèque-cadeau d'une valeur pouvant aller jusqu'à EUR 0,23, que vous pourrez ensuite utiliser sur tout le site Amazon.fr. Les valeurs de rachat peuvent varier (voir les critères d'éligibilité des produits). En savoir plus sur notre programme de reprise Amazon Rachète.

Détails sur le produit


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index | Quatrième de couverture
Rechercher dans ce livre:

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 33 commentaires
28 internautes sur 31 ont trouvé ce commentaire utile 
Since consumers don't care about security, why write a book like this for them? 14 août 2009
Par Richard Bejtlich - Publié sur Amazon.com
Format: Broché
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?

TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.

If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.

If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security. If you're going to pretend to debunk open source security, why not back it up with some numbers? Studies have been published recently, and original research and results would be welcome. How about demonstrating that user awareness training wastes money, because enough marks fall prey anyway? I'd also like to see research showing that frequent password changes are worse for security, not better. Wrap all of that in a coherent manner with substantial chapters and you have a real TMOS book.
16 internautes sur 21 ont trouvé ce commentaire utile 
A contrarian provides an interesting look at the information security industry 31 août 2009
Par Ben Rothke - Publié sur Amazon.com
Format: Broché
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'

The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 -- An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths. Most of the chapter are 2-3 pages in length and tackle each of these myths. The range of topics covers the entire security industry, with topics spanning from various security technologies, issues, risks, and people.

While not every chapter is a myth per se, many are. Perhaps the most evocative of the security myth is chapters 10 -- Four Minutes to Infection and chapter 22 -- Do Antivirus Vendors Write their own Viruses?. But the bulk of the book is not about myths per se, rather an overview of the state of information security, and why it is in such a state.

In chapter 16, The Cult of Schneier [full disclosure -- Bruce Schneier and I work for the same company], Viega takes Schneier to task for the fact that many people are using his book Applied Cryptography, even though it has not been updated in over a decade. It is not fair to blame him for that. While Viega admits that he holds Schneier in high esteem, the chapter reads like the author is somehow jealous of Schneier's security rock star status.

Chapter 18 is on the topic of security snake oil, ironically a topic Schneier has long been at the forefront of. The chapter gives the reader sage advice that it is important to do their homework on security products you buy and to make sure you have at least a high-level understanding of the technical merits and drawbacks of the security product at hand. The problem though is that the vast majority of end-users clearly don't have the technical wherewithal to do that. It is precisely that scenario that gives rise to far too many security snake-oil vendors.

Perhaps the best chapter in the book, and the one to likely get the most comments, is chapter 24 -- Open Source Security: A Red Herring. Viega takes on Eric Raymond's theory of open source security that "given enough eyeballs, all bugs are shallow." Viega notes that a large challenge with security and open source is that a lot of the things that make for secure systems are not well defined. Viega closes with the argument that one can argue open versus closed source forever, but there isn't strong evidence to suggest that it is the right question to be asking in the first place.

Overall, The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is good introduction to information security. While well-written and though provoking, the book may be too conceptual and unstructured for an average end-user, and too basic for many experienced information security professionals. But for those that are interested, the book covers the entire gamut of the information security, and the reader, either security pro or novice, comes out much better informed.

While the author makes it clear he works for McAfee, and at times takes the company to task; the book references McAfee far too many times. At times the book seems like it is an advertisement for the company.

Viega does give interesting and often entertaining overviews of what we often take for granted. Some of the books arguments are debatable, but many more are a refreshing look at the dynamic information security industry. Viega has sat down and written his observations of what it going on. They are worth perusing, and the book is definitely worth reading.
9 internautes sur 12 ont trouvé ce commentaire utile 
A Rude Awakening for Many (Who Will Probably Try and Hide or Dismiss the Facts) 9 juillet 2009
Par Mark Curphey - Publié sur Amazon.com
Format: Broché
I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is.

I applaude John for having the balls to write it.

Its not just a must read, its a must take note and must take action book!
7 internautes sur 10 ont trouvé ce commentaire utile 
Awful, opinionated. 3 décembre 2010
Par S. Pearson - Publié sur Amazon.com
Format: Broché
I expected much more from John Viega, but this book has so much unsubstantiated opinion and reads like an arrogant and ill thought out blog, that I want to return the book for a refund.

Chapter 5, "Test of a Good Security Product: Would I Use It?", he then lists some he uses and those he doesn't:

Under the "he does use it" category: "I've been forced to run god-awful VPN (virtual private net-work) software at work (usually the crappy Cisco client). This allows me to access my company's resources even when I'm not actually in the office."

So I take it the god-awful software is a pass of this test? And the use of VPN software to access internal office network resources is a revelation?

Under the "he does NOT use it" category: he lists firewalls and his reasoning? Because he does not need to use one at home, on account that his cable MODEM and wireless router are NAT capable and therefore hosts behind them are not externally addressable. So firewalls fail the "good security product" test because John Viega does not need them at home? Seriously?

He then ends the "does NOT use" category with "Any other consumer security product"!

In Chapter 16, "The Cult of Schneier", he has a few stabs at Bruce Schneier, but does not give any specifics with the technical depth that Bruce Schneier deserves. He complains that Applied Cryptography is overly referred to by Schneier cultists, given that it has been 13 years since it was updated and the field has advanced since then. He uses MD5 as an example of something that was considered very strong then but not now. From my recollection of that brilliant cryptography foundation, Bruce mentioned that MD5 was suspected to have a weakness.

Edit: Dug out my much loved and tattered Applied Cryptography 2nd Ed. Here's the quote: "Tom Berson attempted to use differential cryptanalysis against a single round of MD5, but his attack is ineffective against all four rounds. A more successful attack by den Boer and Bosselaers produces collisions using the compression function of MD5. This does not lend itself to attacks against MD5 in Luby-Rackoff-like encryption algorithms. It does mean that one of the basic design priciples of MD5 - to design a collision-resistant compression function - has been violated. Although it is true that "there seems to be a weakness in the compression function, but it has no practical impact on the security of the hash function", I am wary of using MD5."

At the end of this chapter John states, "I'd like to make a plea for Schneierists to not accept every word Bruce Schneier has written as utterly factual". So the field has advanced 13 years from the snapshot in time that Applied Cryptography captured and so Bruce did not capture the facts at the time? So was there a better book at that time?

Under Chapter 27 "Virtualization: Host Security's Silver Bullet?", John suggests that Apple could get a leg up on Microsoft in the security of virtualization, by adding hardware support for virtualization in Open Firmware, "which it (Apple) controls". Strange, given that Apple have not mass shipped Open Firmware based computers (using the PowerPC archtecture), since the transition to EFI Intel based computers was completed in 2006. This book was first release three years after that!

He also claims that, "I think virtualization is the long-term future of host security", which flies in the face of Google research which found all x86 based virtualization products were vulnerable to attacks which allowed stepping out of an exploited virtual machine and into another adjacent virtual machine or even the host VM OS itself, seizing full control of the host and all virtual machines. Just take a look at all the advisories for the past years since that Google research to see that virtualization continues to provide a new attack surface for attackers.

Under Chapter 40 "VPNs Usually Decrease Security", John claims that VPN's reduce security because when an Internet connected client connects to a secured office network via VPN, it is now connected to the internet and the secured office network. But this is only practically true in for a split tunnel VPN configuration. If a corporation sets their laptops up for that, without anti-malware and a host firewall, then they get what they deserve.

There is nothing exceptional in this embarrassment of a book. It is filled with opinion that is not backed up. I'd expect this quality from a column in some monthly glossy PC magazine that is peddled from stands in the checkout aisle of super markets. I wish I could give zero stars. Really awful.
3 internautes sur 4 ont trouvé ce commentaire utile 
A Working of Wind-Socking 7 février 2011
Par Eddie-Oh! - Publié sur Amazon.com
Format: Broché Achat vérifié
The title of this book should be "Information Security: One Mans Battle With Himself and Everyone Else". The author doesn't know what he likes or dislikes, so he hedges his as he likes and dislike everything at once. In certain situations he feels the hassle for security protocol is worth the effort, in other yet remarkably similar situations he feels the same protocol a total waste of time. Only he knows, er, or maybe not, what the differences are, while the reader is feeling nauseous from the roller coaster ride of emotional opinion.
I rate it two stars only on account of the occasional tidbit of juicy security/technology bits that you can add to your repertoire. It's a shame that the author chose to road he took to convey his ideas. I think it would be more respected if it were a straight up techy book.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?