- Series: Expert's Voice
- Paperback: 312 pages
- Publisher: Apress; 1st ed. edition (December 4, 2001)
- Language: English
- ISBN-10: 1893115720
- ISBN-13: 978-1893115729
- Product Dimensions: 7.4 x 0.8 x 9.3 inches
- Shipping Weight: 1.4 pounds
- Average Customer Review: 4 customer reviews
- Amazon Best Sellers Rank: #4,716,660 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Developing Trust: Online Privacy and Security Paperback – December 4, 2001
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Suitable for the IP manager or developer seeking to improve Web privacy and security, Developing Trust: Online Privacy and Security provides an intriguing, though at times somewhat theoretical, guide to the issues surrounding privacy today.
Interestingly, this book straddles an expert-eye, theoretical overview of what privacy is and a more practical view of how it is often undermined on the Internet today. Early sections cover basic terms and concepts of privacy at a fairly high level. Mixing in sometimes erudite commentary (and an occasional rant), the author's expert-level view does a good job of explaining what privacy is and the larger principles used to protect it. From anonymity to "verinymity" (where sites know who you are), Curtin makes a good case that anonymity is often eventually undermined on today's Web sites. A good section early in the book outlines how a potential attacker might attack a hypothetical Web site for security holes. (We never see the attack carried out, perhaps because it would be irresponsible to do so, but this material establishes Curtin's expertise for the reader.)
Though the early sections largely avoid specific standards and real Internet software, the book soon delves into the nuts and bolts of the Web, for example HTTP, HTML, URLs, and cookies, with an eye to privacy. For most readers, the most fascinating sections of this text will be the author's five case studies on real privacy problems with some of today's leading Web sites and vendors (including Netscape and DoubleClick). He shows how certain features--like cookies--can undermine privacy (or even the ability to "opt out" successfully). A follow-up chapter cements the argument that if Web sites collect "anonymous" browsing behavior, it is all too easy to connect users' real identities to their supposedly anonymous profiles later on, putting privacy in jeopardy. Finally, the author makes a good argument that protecting privacy is good business sense.
The book concludes with more practical advice on implementing good security practices, including an excellent discussion of firewalls, DMZs, including their limitations, and a checklist for beefing up security in your organization. The text closes with a final case study of a hypothetical Web site (which serves up content from third parties) that arguably "does it right" regarding privacy, based on the author's earlier discussion.
While the mix of theoretical and practical here will not suit everyone, there's little doubt that the author's in-depth understanding of the issues surrounding privacy today can help your organization do better with privacy and security. While this title will not help you configure Internet Information Server, for instance, it will help you plan high-level strategies for improved security, as well as show you why protecting user and organizational privacy makes good business sense. --Richard Dragan
About the Author
Matt Curtin is the founder of Interhack Corporation and is responsible for the leadership of Interhack's research, development, and consulting efforts. His present focus is to understand how complex systems interact "in the large," and how that affects security, privacy, and reliability. Findings of this work have been widely covered in major news media around the world. A frequent lecturer and author, Matt also tries to help developers understand how they can avoid the mistakes that undermine the trustworthiness of the systems on which we depend. Some of his recent audiences have included Columbus ITEC, Columbus INFOSEC Forum, Privacy 2002, Columbus and Dayton chapters of InfraGard, the Northeast Ohio chapter of ISACA, and the Wellington School, in addition to local, national, and trade media. He holds the National Security Agency's INFOSEC Assessment Methodology (IAM) certification and is a certified information systems security professional (CISSP).
Browse award-winning titles. See more
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Mr. Curtin is an expert in privacy and security issues, as well as cryptography and security technology. The approach he takes in the book is to explain both the theory and concepts of privacy in social and legal contexts, and to examine the threats and exposures.
From there he leads you through the design of a solution that starts with principles, then a thorough examination of the underlying online technologies and how they work for and against you. An obvious example of one technical element that works for and against is the 'cookie' which can provide a major convenience (it remembers you and your preferences) and an invasion of your privacy (it remembers you and your preferences - and can also 'stalk' you in a manner of speaking). How to best balance the strengths and weaknesses of not only the technology, but the business imperatives driving commercial uses of the internet are addressed.
My personal vuiew is that this book blends the best of Bruce Schneier's Secrets and Lies and Richard Hunter's World Without Secrets. Schneier's book covered the full range of security issues, social and technical. Hunter's book is more focused on social aspects of privacy. What sets this book apart from those two are the focus on privacy and the multiple contexts in which the book addresses it: social, legal and technical. If the author keeps this book up to date it is destined to become a classic. The challenge is to remain abrest of emerging legal issues and technical breakthroughs - both of which are inevitable.
In a nutshell, privacy is the ability of an individual or organization to decide whether, when, and to whom personal or organizational information is released.
While defining privacy is difficult, ensuring on-line privacy is even more challenging. Those required to ensure that their corporate systems and web sites are secure against prying hackers will find Developing Trust: Online Privacy and Security to be an important resource.
Curtain writes in an entertaining and easy to read style; especially when he introduces topics such as attack models, privacy concepts, and threats.
The book suggests prevention mechanisms and includes a few real-world case studies. If you have anything to do with electronic privacy, Developing Trust: Online Privacy and Security is a great book to read.
Although the subject matter is serious and is treated seriously, Curtin has a light and deft touch that make the book a pleasure to read.
And while this book's target audience is programmers responsible for dealing with the issues of Privacy and Security, I would recommend this book to a much wider audience. Every top manager of a company that has a web site should read this book so they can understand how Online Privacy and Security could affect them and so they can ask the questions that someone needs to be asking the folks who are running and developing websites.
I would also recommend the internet savvy who are curious about these two buzzwords because this book will provide them a much better understanding of the stories that have and will appear in the news related to privacy and security. The real world examples are ones that we all can relate to.
He presents several case studies of insecure privacy applications. He analyzed the commercially deployed systems of Alexa, DoubleClick and others. Showing how cookies and server side bugs could lead to users being tracked. In some cases, as they perused many different websites that reported their activities to a central site. Other books have talked about how cookies could be misused in this way. But Curtin's analysis goes beyond a typical generic treatment and can be more instructive to you.
The malware of 2002 that he warned of has increased in sophistication and danger. No sign of abatement, so keeping the book's ideas in mind is a good idea.