Secrets and Lies: Digital Security in a Networked World and over one million other books are available for Amazon Kindle. Learn more
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image
Have one to sell? Sell on Amazon

Secrets and Lies: Digital Security in a Networked World Hardcover – August 14, 2000

ISBN-13: 978-0471253112 ISBN-10: 0471253111 Edition: 1st
Buy used
Condition: Used - Good
Condition: Used: Good
Comment: This item is gently used in good or better condition. If it is a textbook it may not have supplements. It may have some moderate wear and possibly include previous ownerâ€TMs name, some markings and/or is a former library book. We ship within 1 business day and offer no hassle returns. Big Hearted Books shares its profits with schools, churches and non-profit groups throughout New England. Thank you for your support!
Access codes and supplements are not guaranteed with used items.

Used & new from other sellers Delivery options vary per offer
166 used & new from $0.01
Amazon Price New from Used from
"Please retry"
Hardcover, August 14, 2000
"Please retry"
$3.81 $0.01
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Editorial Reviews Review

Whom can you trust? Try Bruce Schneier, whose rare gift for common sense makes his book Secrets and Lies: Digital Security in a Networked World both enlightening and practical. He's worked in cryptography and electronic security for years, and has reached the depressing conclusion that even the loveliest code and toughest hardware still will yield to attackers who exploit human weaknesses in the users. The book is neatly divided into three parts, covering the turn-of-the-century landscape of systems and threats, the technologies used to protect and intercept data, and strategies for proper implementation of security systems. Moving away from blind faith in prevention, Schneier advocates swift detection and response to an attack, while maintaining firewalls and other gateways to keep out the amateurs.

Newcomers to the world of Schneier will be surprised at how funny he can be, especially given a subject commonly perceived as quiet and dull. Whether he's analyzing the security issues of the rebels and the Death Star in Star Wars or poking fun at the giant software and e-commerce companies that consistently sacrifice security for sexier features, he's one of the few tech writers who can provoke laughter consistently. While moderately pessimistic on the future of systems vulnerability, he goes on to relieve the reader's tension by comparing our electronic world to the equally insecure paper world we've endured for centuries--a little smart-card fraud doesn't seem so bad after all. Despite his unfortunate (but brief) shill for his consulting company in the book's afterword, you can trust Schneier to dish the dirt in Secrets and Lies. --Rob Lightner


"...make yourself better informed. Read this book." (CVu, The Journal of the ACCU, Vol 16(3), June 2004)

TECHNOLOGY YOU By Stephen H. Wildstrom
A computer virus shuts down your corporate e-mail for a day. Hackers deface your Web site with pornography. The need to share data with customers and vendors exposes critical corporate information to online theft. With your business ever more dependent on safe use of the Internet, security savvy has become as important as understanding marketing or finance.
Such savvy, however, has been hard for non-techie executives to acquire. Books and articles on security generally came in two equally useless varieties: incomprehensible or sensationalized. Remember all those books on how the Y2K bug would end civilization as we knew it? Now, Bruce Schneier, a highly respected security expert, has stepped into the breach with Secrets Lies: Digital Security in a Networked World (John Wiley Sons, $29.99). The book is of value to anyone whose business depends on safe use of
e-mail, the Web, or other networked communications. If that's not yet everybody, it soon will be.
Schneier brings strong credentials to the job. His book Applied Cryptography is a classic in the field, and he is one of t he creators of the Twofish algorithm, a finalist in the U.S. government's competition for the Advanced Encryption Standard. Schneier serves as chief technology officer of Counterpane Internet Security (, which manages computer security for corporations.
Although this is a book for the general reader, it's not always easy going. But Secrets Lies requires no prior knowledge of computer or security technology and should be accessible to anyone who is willing to put in a little effort. For example, Schneier explains encryption, essentially a mathematical process, without resorting to a single equation. While Schneier is not an elegant writer, he has a nice ability to use analogies to make the obscure understandable.
The book has two main thrusts. First is Schneier's mantra: "Security is a process, not a product." Anyone who promises you a hacker-proof system or offers to provide "unbreakable" encryption is selling you snake oil. There is simply no way to wave a magic wand over a system to make it -and keep it- secure. Second, Schneier says, getting security right is hard, and small mistakes can be deadly.
Risk Management. Schneier backs his opinions with real-world examples. For instance, Hollywood was terrified of piracy and worked hard on a scheme to encrypt digital videodisks so that only authorized players could read the disks. The encryption would have been hard to break, but hackers didn't have to do it. A design flaw made it easy to steal the decryption keys from the software players supplied with PC's. Similarly, most e-commerce sites use a technology called SSL to protect transaction data from online snoopers. SSL works fine, but some e-tailers left customers' credit card information in files where hackers could swipe it.
The last third of the book is most valuable to managers. In it, Schneier discusses the process by which people should assess security vulnerabilities and decide what to do about them. His central point: Computer security is basically risk management. Banks and credit-card companies can tolerate a considerable amount of credit risk and fraud because they know how to anticipate losses and price their services accordingly. That's good, since zero tolerance would put them out of business. Similarly, seeking perfect security would make a system useless because anything worth doing carries some risk.
Unfortunately, the art of computer security has not progressed to the point where Underwriters Labs can certify that a firewall can protect you against attack for two hours, as can be done for safes and fire doors. But with the crude tools that are available, managers have to decide what they are trying to protect and how much they are willing to spend, both in cost and convenience, to defend it. This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library. (Business Week, September 18, 2000)

As an editor at a computer publication in the early 1990s, I hired a freelance security expert to evaluate anti-virus software. After extensive testing he faxed the results; unfortunately, the fax went to one of my publication's direct competitors. His gaffe
demonstrated why we will never see fail-safe computer security: human error.
That premise emerged as a central theme of a new book written by the same freelancer, now a leading security expert. "Secrets and Lies: Digital Security in a Networked World" (John Wiley Sons, 2000, $29.99), by Bruce Schneier, is a compelling brief on the industry's most obsessive anxiety.
It's not a story for the faint of heart. Schneier's scary world makes the Wild West--to which the Internet is often compared--look like kindergarten. (For every gory detail on computer crime, check out "Tangled Web," by Richard Power; Que, 2000, $25.)
"Secrets and Lies" is well-timed on the heels of an apparently unstoppable wave of security foul-ups, hacks and government surveillance revelations. The best-known attacks--such as the breach of Microsoft's corporate network revealed last week, disruptions of Yahoo, EBay and other top Web sites early this year, and the "Love Bug" virus, which infected millions of computers--made headlines.
Paranoids have delighted in recent revelations about "Echelon," the government's once super-secret system for monitoring worldwide voice and data communications, and the FBI's "Carnivore" technology, which sniffs millions of supposedly private e-mail messages.
A burgeoning underground of Internet vandals, network nihilists, data thieves and those who probe vulnerabilities as an intellectual exercise begs a scorecard to distinguish "hackers" from "crackers," "white hats" from "black hats."
"Script kiddies"--wannabes who use turnkey hacking tools they find posted on the Web--may be emerging as the biggest threat.
Schneier explains the reasons for this grim scenario in simple truths:
* In the hacking wars, technology favors offense over defense.
* Complexity is the enemy of security, and the Internet is the mother of all complex systems.
* Software is buggy. Experts suggest that every 1,000 lines of computer programming code contains between five and 15 mistakes, some of which inevitably open security holes. Consider that Windows 2000 shipped with some 63,000 known bugs and incompatibilities.
* People are often foolish. Early this month the National Institute of Standards and Technology adopted an encryption
algorithm (a mathematical formula used to scramble digital data) that it said would take more than 149 trillion years to crack. Then again, if you use your name or the word
"password" as a decoding key--typical among lazy computer users--a neophyte
hacker would need about five minutes.
Any security scheme can and will be subverted. Little wonder that software licensing agreements specifically disclaim responsibility for the product working as advertised.
It's not hard to imagine why security software developers would be short on confidence--their products are nearly always developed in a vacuum.
"A common joke from my college physics class was to 'assume a spherical cow of uniform density,' " Schneier writes. "We could only make calculations on idealized systems; the real world was much too complicated for the theory. Digital system security is the same way"--probably reliable in the lab, always vulnerable in the wild. Part of the problem is that conventional thinking about Internet security is drawn from the physical world, where some kinds of security are "good enough."
"If you had a great scam to pick someone's pocket, but it only worked once every hundred thousand tries, you'd starve before you robbed anyone," Schneier writes. "In cyberspace, you can set your computer to look for the one-in-a-hundred-thousand chance. You'd probably find a couple dozen every day."
A big part of the solution, he writes, is to recognize that "security is a process, not a product." Virus-protection software and "firewalls" designed to guard private networks can be effective only as part of a comprehensive strategy about security. This means that network users--as individuals or employees--must understand their role in protecting information--instead of naively relying on software tools to work without
human vigilance.
So how to reach people with this geeky material? Schneier, founder of Counterpane Internet Security Inc. in San Jose, peppers the book with lively anecdotes and aphorisms, making it unusually accessible. But I still wouldn't have judged it suitable for the average reader. So I wasstonished to find "Secrets and Lies" recently ranked 68th on's sales list. Unless all the buyers are hackers, that's a hopeful sign.
So take Schneier's good advice, but don't panic: Like security, fear-mongering is a process. Exploiting that fear has become a growth industry. Hundreds of security companies shamelessly hype every new virus or hacking to pump up business. Consider that while it's theoretically possible to bring down much of the Internet with a
single orchestrated hack, the most damaging episodes so far have affected only a few sites out of millions. The worst ones, such as Love Bug, though genuinely harmful,
fade in a couple of weeks.
Dopey business plans are a bigger threat to the "dot-com" world, and the sale of personal data by marketers a bigger threat to individuals,than hackers will ever be.

Monday, October 30, 2000, 'Lies' Propagates One Truth: No One Can Get a Lock on Net Security
Los Angeles Times by Charles Piller

A Security State of Mind
It's not encryption. It's not a password. It's not connecting through a VPN or an anonymizing service. Security means vastly different things to a national government, a...


Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Hardcover: 432 pages
  • Publisher: Wiley; 1 edition (August 14, 2000)
  • Language: English
  • ISBN-10: 0471253111
  • ISBN-13: 978-0471253112
  • Product Dimensions: 6.4 x 1.4 x 9.3 inches
  • Shipping Weight: 1.6 pounds
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (146 customer reviews)
  • Amazon Best Sellers Rank: #734,416 in Books (See Top 100 in Books)

More About the Author

Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Resilient Systems, Inc.

Customer Reviews

4.3 out of 5 stars

Most Helpful Customer Reviews

128 of 135 people found the following review helpful By Richard Bejtlich on October 29, 2000
Format: Hardcover
I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I've seen Bruce speak twice and he never fails to impress. "Secrets and Lies" is no different. This book is not designed to teach readers about the latest security technologies. It was not written to promote specific products, although Bruce explains how the book's themes caused him to revamp his Counterpane firm. What the book does is teach security professionals how to think about their craft. I would recommend it to everyone in the field from day one, but its deeper meanings would probably not be evident until a year's work on the front lines.
Some of the ideas aren't new. For example, I've heard members of the L0pht petition for a software Underwriter's Lab for years, and others have encouraged liability laws for software vendors. Bruce builds on these ideas and weaves them into his own prescription for dealing with complex and inherently insecure systems. This is the type of book that gives a professional the vocabulary and framework to organize his understanding of the security process. "Secrets and Lies" creates the "little voice" that warns against a vendor's promises to solve all your problems with a $30,000 box-of-wonders.
Of particular interest to me, after training in economics, is Bruce's insistence that "the buying public has no way to differentiate real security from bad security." It logicially follows that the market cannot address this problem, since "perfect information" does not exist. Therefore, outside organizations (perhaps an FDA for software?) should get involved, but not by outlawing reverse engineering and security tools.
I give five stars to books that make the complex simple, that reveal and enhance technical details, or that change the way I look at the world. This book fits two, and possibly three of those categories. Bravo, Bruce.
6 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
85 of 91 people found the following review helpful By J. G. Heiser on September 17, 2000
Format: Hardcover Verified Purchase
Written by one of my favorite industry commentators, this is an introductory text on information security that should be useful to just about everyone. I highly recommend this book for the following audiences:
· Beginning security specialists
· IS and other business managers who make decisions about systems deployment
· Experienced security practitioners who want to improve their thinking and analysis skills
· Those studying for security certification, such as the CISSP
· Software and Internet product planning and marketing staff (and not just security software)
Schneier, who is recognized for his contributions to cryptography, has recently found religion. As recounted in a recent interview in "Information Security" magazine, he realized that humans were destroying the purity of his mathematical approach. Instead of retreating into academia, he tackled this issue head-on, some of the result of which is this landmark book. He recommends reading it cover to cover, and I agree with him-it takes all 400 pages to paint the complete story, and if you don't approach it linearly, you run the risk of missing the subtleties of the author's message. Skimming this book could easily trap a reader into equating vulnerability with risk. The world is full of risk, and while Schneier takes obvious delight in deconstructing the vulnerabilities of automated systems, it is important to understand that historical manual systems are quite vulnerable too, and humans deal with the risk quite nicely. Read the whole book.
The chapters that I found most significant included:
· (6 & 7) Cryptography: It is no surprise that he was written a terrific introduction to the concepts and building blocks (primitives and protocols) of encryption.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
41 of 42 people found the following review helpful By A Customer on September 6, 2000
Format: Hardcover
_Secrets and Lies_ is a necessary book for everyone who wonders about privacy and security on the Internet--that is to say, everyone. Schneier discusses the threats in cyberspace, the technologies to combat them, and (most importantly) the strategies that make those technologies work. It's not surprising that the technical information is solid. What might be surprising to some, though, is how lucid and funny Schneier's writing is. He doesn't talk down to readers, but you don't have to be a complete techie to understand what he's saying.
Schneier's discussion of where things are and where they're going is fascinating and informative. I was especially interested by the legal stuff--many of the laws designed to enhance security and privacy actually damage it. Read this book, make your boss read it, make your IT manager read it, and send a copy to your congresscritter. It might just help make the Net safer.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 20 people found the following review helpful By Ryan L. Russell on August 21, 2000
Format: Hardcover
If you're a fan of Bruce Schneier, whether it be his live presentations, his books, or Crypto-Gram, then you'll love this book. Bruce has shifted his focus away somewhat from the deep technical details that he has in "Applied Cryptography." In this book, he delves more into the hows and whys of security, and focuses heavily on the trade-offs that reality forces security people to make. This book is a must-read for anyone responsible for making security decisions.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
19 of 22 people found the following review helpful By A Customer on February 23, 2002
Format: Hardcover
Bruce Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester but he is self-educated in the areas of computer security and cryptography. An acknowledged expert in the field of cryptography, he has written eight books and dozens of articles on topics as wide ranging as techniques for securing installations of the MacOS to the detailed specifications of an encryption algorithm. He used to be president of Counterpane Systems, which was a consulting firm specializing in cryptography and computer security. He is now Chief Technical Officer of Counterpane Internet Security, Inc., a company he co-founded, which provides world wide real-time security monitoring services.
Secrets & Lies is an attempt at writing a book to provide everything you wanted to know about cryptography, computer hacking, and the security issues of computers and computer networks. The book is written in three main sections. The first concentrates on the modern electronic environment and the threats to security and commerce that exist within it, and how these weaknesses and threats compare to the more traditional security threats that have existed for years. The second section deals with the main categories of technologies that exist to secure computers and computer networks, and with the weaknesses of each of the types of security. The third section deals with how to develop a threat model, how to analyze a system for security vulnerabilities, and the future of data network security.
Secrets & Lies contains a lot of information arranged as a broad overview of information technology security. It is not, by any stretch of the imagination, a technician's handbook for securing a server or network.
Read more ›
2 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews