or
Sign in to turn on 1-Click ordering.
 
 
Express Checkout with PayPhrase
What's this? | Create PayPhrase
Sorry!
More Buying Choices
89 used & new from $4.92

Have one to sell? Sell yours here
 
   
Secrets and Lies: Digital Security in a Networked World
 
 
Tell the Publisher!
I’d like to read this book on Kindle

Don’t have a Kindle? Get your Kindle here.
 
  

Secrets and Lies: Digital Security in a Networked World (Paperback)

~ (Author) "The world is a dangerous place..." (more)
Key Phrases: cheapest attack, vulnerability landscape, tamperproof hardware, United States, Top Secret, World War (more...)
4.4 out of 5 stars  See all reviews (128 customer reviews)

List Price: $17.95
Price: $12.21 & eligible for FREE Super Saver Shipping on orders over $25. Details
You Save: $5.74 (32%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Want it delivered Tuesday, November 10? Choose One-Day Shipping at checkout. Details
45 new from $9.18 44 used from $4.92

Formats

Amazon Price New from Used from
  Hardcover, August 13, 2000 -- $12.49 $0.37
  Paperback, January 29, 2004 $12.21 $9.18 $4.92

Frequently Bought Together

Secrets and Lies: Digital Security in a Networked World + The Art of Deception: Controlling the Human Element of Security + The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Price For All Three: $35.27

Show availability and shipping details


Customers Who Bought This Item Also Bought

Schneier on Security

Schneier on Security

by Bruce Schneier
4.5 out of 5 stars (6)  $19.79
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

by Kevin D. Mitnick
4.0 out of 5 stars (48)  $11.53
Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

by Bruce Schneier
4.4 out of 5 stars (47)  $19.50
Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

by Bruce Schneier
4.6 out of 5 stars (102)  $29.80
Practical Cryptography

Practical Cryptography

by Niels Ferguson
4.1 out of 5 stars (16)  $31.50
Explore similar items

Editorial Reviews

Amazon.com Review

Whom can you trust? Try Bruce Schneier, whose rare gift for common sense makes his book Secrets and Lies: Digital Security in a Networked World both enlightening and practical. He's worked in cryptography and electronic security for years, and has reached the depressing conclusion that even the loveliest code and toughest hardware still will yield to attackers who exploit human weaknesses in the users. The book is neatly divided into three parts, covering the turn-of-the-century landscape of systems and threats, the technologies used to protect and intercept data, and strategies for proper implementation of security systems. Moving away from blind faith in prevention, Schneier advocates swift detection and response to an attack, while maintaining firewalls and other gateways to keep out the amateurs.

Newcomers to the world of Schneier will be surprised at how funny he can be, especially given a subject commonly perceived as quiet and dull. Whether he's analyzing the security issues of the rebels and the Death Star in Star Wars or poking fun at the giant software and e-commerce companies that consistently sacrifice security for sexier features, he's one of the few tech writers who can provoke laughter consistently. While moderately pessimistic on the future of systems vulnerability, he goes on to relieve the reader's tension by comparing our electronic world to the equally insecure paper world we've endured for centuries--a little smart-card fraud doesn't seem so bad after all. Despite his unfortunate (but brief) shill for his consulting company in the book's afterword, you can trust Schneier to dish the dirt in Secrets and Lies. --Rob Lightner --This text refers to an out of print or unavailable edition of this title.



Review

“…The security technologies available are described in a user-friendly way without going into depth...” (Computer Bulletin, January 2005)

“…peppered with lively anecdotes and aphorisms, making it a really accessible read...” (The ISSG Magazine, Autumn, 2004)

“…fascinating read…peppered with lively anecdotes…” (The ISSG Magazine, October 2004)

"...make yourself better informed. Read this book." (CVu, The Journal of the ACCU, Vol 16(3), June 2004)


Product Details

  • Paperback: 448 pages
  • Publisher: Wiley; 1 edition (January 30, 2004)
  • Language: English
  • ISBN-10: 0471453803
  • ISBN-13: 978-0471453802
  • Product Dimensions: 8.9 x 6 x 1.2 inches
  • Shipping Weight: 1.2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (128 customer reviews)
  • Amazon.com Sales Rank: #14,711 in Books (See Bestsellers in Books)

    Popular in these categories: (What's this?)

    #2 in  Books > Computers & Internet > Certification Central > Exams > Security+
    #6 in  Books > Computers & Internet > Networking > Networks, Protocols & APIs > Networks

More About the Author

Bruce Schneier
Discover books, learn about writers, read author blogs, and more.

Visit Amazon's Bruce Schneier Page

Inside This Book (learn more)
Browse and search another edition of this book.




What Do Customers Ultimately Buy After Viewing This Item?


Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(3)
(2)

Your tags: Add your first tag
 

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

 

Customer Reviews

128 Reviews
5 star:
 (85)
4 star:
 (26)
3 star:
 (6)
2 star:
 (6)
1 star:
 (5)
 
 
 
 
 
Average Customer Review
4.4 out of 5 stars (128 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
91 of 93 people found the following review helpful:
5.0 out of 5 stars A must-read for true computer security professionals, October 29, 2000
I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I've seen Bruce speak twice and he never fails to impress. "Secrets and Lies" is no different. This book is not designed to teach readers about the latest security technologies. It was not written to promote specific products, although Bruce explains how the book's themes caused him to revamp his Counterpane firm. What the book does is teach security professionals how to think about their craft. I would recommend it to everyone in the field from day one, but its deeper meanings would probably not be evident until a year's work on the front lines.

Some of the ideas aren't new. For example, I've heard members of the L0pht petition for a software Underwriter's Lab for years, and others have encouraged liability laws for software vendors. Bruce builds on these ideas and weaves them into his own prescription for dealing with complex and inherently insecure systems. This is the type of book that gives a professional the vocabulary and framework to organize his understanding of the security process. "Secrets and Lies" creates the "little voice" that warns against a vendor's promises to solve all your problems with a $30,000 box-of-wonders.

Of particular interest to me, after training in economics, is Bruce's insistence that "the buying public has no way to differentiate real security from bad security." It logicially follows that the market cannot address this problem, since "perfect information" does not exist. Therefore, outside organizations (perhaps an FDA for software?) should get involved, but not by outlawing reverse engineering and security tools.

I give five stars to books that make the complex simple, that reveal and enhance technical details, or that change the way I look at the world. This book fits two, and possibly three of those categories. Bravo, Bruce.

Comment Comments (3) | Permalink | Was this review helpful to you? Yes No (Report this)



 
37 of 37 people found the following review helpful:
5.0 out of 5 stars Secrets and Lies and Schneier, oh my, September 6, 2000
By A Customer
_Secrets and Lies_ is a necessary book for everyone who wonders about privacy and security on the Internet--that is to say, everyone. Schneier discusses the threats in cyberspace, the technologies to combat them, and (most importantly) the strategies that make those technologies work. It's not surprising that the technical information is solid. What might be surprising to some, though, is how lucid and funny Schneier's writing is. He doesn't talk down to readers, but you don't have to be a complete techie to understand what he's saying.

Schneier's discussion of where things are and where they're going is fascinating and informative. I was especially interested by the legal stuff--many of the laws designed to enhance security and privacy actually damage it. Read this book, make your boss read it, make your IT manager read it, and send a copy to your congresscritter. It might just help make the Net safer.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)



 
72 of 77 people found the following review helpful:
5.0 out of 5 stars Excellent intro infosec book that everyone should read, September 17, 2000
By J. G. Heiser (Sunninghill, Berks) - See all my reviews
(REAL NAME)   
Written by one of my favorite industry commentators, this is an introductory text on information security that should be useful to just about everyone. I highly recommend this book for the following audiences:

· Beginning security specialists

· IS and other business managers who make decisions about systems deployment

· Experienced security practitioners who want to improve their thinking and analysis skills

· Those studying for security certification, such as the CISSP

· Software and Internet product planning and marketing staff (and not just security software)

Schneier, who is recognized for his contributions to cryptography, has recently found religion. As recounted in a recent interview in "Information Security" magazine, he realized that humans were destroying the purity of his mathematical approach. Instead of retreating into academia, he tackled this issue head-on, some of the result of which is this landmark book. He recommends reading it cover to cover, and I agree with him-it takes all 400 pages to paint the complete story, and if you don't approach it linearly, you run the risk of missing the subtleties of the author's message. Skimming this book could easily trap a reader into equating vulnerability with risk. The world is full of risk, and while Schneier takes obvious delight in deconstructing the vulnerabilities of automated systems, it is important to understand that historical manual systems are quite vulnerable too, and humans deal with the risk quite nicely. Read the whole book.

The chapters that I found most significant included:

· (6 & 7) Cryptography: It is no surprise that he was written a terrific introduction to the concepts and building blocks (primitives and protocols) of encryption. Even techno-agnostics will find great value in his discussion of the problems with proprietary algorithms.

· (9) Identification & Authentication: An excellent introduction to the problems of passwords and helpful discussion of the limitations of biometrics. He makes it clear why biometrics are NOT a magic cure for security problems.

· (12) Network Defenses: Schneier tells it like it is! The ugly truth about sexy security toys.

· (13) Software Reliability: Best description of stack overflow that I've ever seen for a lay audience.

· (22) Product Testing and Verification: After crypto, evaluating software for security flaws is Schneier's other specialty, and he's written an awesome chapter. The author makes it very clear why it is unrealistic to expect invulnerable software, he single-handedly conducts a totally balanced debate on the merits of full disclosure, and he finishes the chapter with sage advice on approaching security product reviews with healthy skepticism.

I'm often asked to recommend introductory texts on information security, and unfortunately there really aren't that many good books for a newbie. If more books existed, I would probably give Schneier's book a 4 instead of a 5, but for now, this is one of the best. As he explains in the Afterward, his `epiphany' occurred only 12 months before completing the text-this isn't much time to become an expert in security process. His background is somewhat removed from day to day operations, and perhaps this lack of administrative experience results in a few weak areas. I suggest that the reader exercise some critical thinking and consult additional authorities when reading the following chapters:

· (4) Adversaries: his concept of computer criminals is a bit weak, pretty much lumping all transgressors into the mutually exclusive categories of `spy' or `hacker'.

· (5) Security Needs: Sof of his terminology lacks precision (perhaps inevitable when addressing a general audience). I disagree that a spoofed message represents an integrity failure, and I don't characterize audit as a requirement, but as a control.

· (15) Certificates and Credentials: He totally ignores the concept that practice statements (policies on CA and especially certificate management) provide any arbitrary level of assurance-the more stringent the rules, the higher the assurance. He doesn't discuss time stamping and other forms of third-party witnessing that can greatly strengthen a digital signature.

· (16) Security Tricks: His vehement attack on key recovery is politically extreme. The government's ill-conceived desire for key escrow should not affect the responsibility a corporation has to protect its own data. Who hasn't used an encryption product and lost a key?

· (21) Attack Trees: This is a marvelously useful idea, but he leaves the impression that these can be used to create quantifiable risk models, and I don't believe that putting information security risk in dollar value terms is practical.

Despite its length, the book is a quick read, and the informal tone makes it very approachable. It is addressed at a completely different audience than "Applied Cryptography"--it isn't a technical book--it is more of a business book. (Technical specialists would be well advised to read more business texts like this.) My copy is already well marked with highlighting and notes-this text has a lot of meat in it, and many new and useful ideas. If you find this book helpful in your job and you want to do additional reading, two complementary texts on the human aspects of infosec that I recommend are "The Process of Network Security" by Thomas Wadlow, and "Fighting Computer Crime : A New Framework for Protecting Information" by Donn B. Parker (I've reviewed both here on Amazon).

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)


Share your thoughts with other customers: Create your own review
 
 
 
Most Recent Customer Reviews

5.0 out of 5 stars Brilliant
I have read hundreds of books on INFOSEC related topics but this one takes the cake.
Schneier is a brilliant information security mind and his topics are as relavant to... Read more
Published 2 months ago by Michael S. Bauer

5.0 out of 5 stars The most comprehensive book on the subject of digital security
Its the most comprehensive and well-written book on the extensive subject of digital security. It carefully explains all the paradigms of security involved and then discusses the... Read more
Published 3 months ago by Omar Ghaznavi

5.0 out of 5 stars Great educational and easy read
This is a great book for those interested in security. The author does a great job at making the subject understandable and covers covers a great breadth of topics. Read more
Published 4 months ago by L. Romero

4.0 out of 5 stars Great Book!
This is a great Information Security book.

I also sugges Ira Winkler's "Spies Among Us".
Published 11 months ago by Senrats

5.0 out of 5 stars Theory of Security
I bought this title as a bundle with "Applied Cryptography" and "Practical Cryptography". I still need to read those 2 titles, but I have read "Secrets and Lies" (SL) cover to... Read more
Published 16 months ago by Trurl

4.0 out of 5 stars Excellent Book
Excellent book. A must read for any IT professional. The first 1/3 of the book is a little slow to get going for those already familiar with security concept such as CIA.
Published 19 months ago by Brad Potts

4.0 out of 5 stars A little old but still good
Unfortunately books on the topics of technology don't age as well as homer's masterpieces. I still found Secrets and Lies to be a good book, though it's technology is a bit out... Read more
Published 21 months ago by David A. Boston

5.0 out of 5 stars A little dated but still essential reading
More people should read this book - it would greatly help to make computers and physical property more secure! Read more
Published on September 12, 2007 by Wayne Paterson

5.0 out of 5 stars Great Read
If you are going to read only one security title this is the book. Bruce tells it like it is in an easy to read manner. 5 stars!
Published on July 6, 2007 by JustaGeek718

5.0 out of 5 stars A good introduction to digital security
This book is not very technical but it is very interesting to read and is very good to convey the basic principles of security. Read more
Published on July 3, 2007 by Olivier Langlois

Only search this product's reviews



Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Active discussions in related forums
Search Customer Discussions
Search all Amazon discussions
   




Product Information from the Amapedia Community

Beta (What's this?)


Look for Similar Items by Category


Look for Similar Items by Subject

 

Feedback

If you need help or have a question for Customer Service, contact us.
 Would you like to update product info or give feedback on images?
Is there any other feedback you would like to provide?

Your comments can help make our site better for everyone.


Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.