Zero Day Threat 264
Ben Rothke writes "Zero
Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber
Crooks Steal Your Money and Identity is an
interesting and eye-opening look at how banks and credit card companies make
ID theft and fraud rather elementary. But with all
that, this book must be read in the larger context of how today's society
deals with, and is often oblivious to, risk. When is
comes to risk, American society tolerates tens of thousands of drunk-driving
deaths, gives millions in federal tobacco subsidies, and is oblivious about
near-epidemics such as heart disease, obesity, and diabetes. With
all that, it is doubtful that the myriad horror stories Zero Day
Threat details will persuade Congress or the other players to do anything
to curtail the problem with identity theft and internet
fraud." Keep reading for the rest of Ben's review.
The
internet and web have indeed revolutionized society, and there is hardly an
industry that has not been positively affected by the net. On the down
side, the net is the new conduit for criminals. For example, in the few
years before the web became ubiquitous, U.S. and international law enforcement
nearly had a noose around the child pornography industry and brought it to a
near standstill. After the web, authorities have given up hope that
child pornography can ever be contained.
| Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity | |
| author | Byron Acohido & Jon Swartz |
| pages | 304 |
| publisher | Union Square Press |
| rating | 9 |
| reviewer | Ben Rothke |
| ISBN | 978-1402756955 |
| summary | Excellent overview on the epidemic of indent theft |
Similarly, white-collar crime and fraud has been exacerbated by the net. Zero Day Threat details the various loopholes that criminals use to carry out their attacks and crimes. Each of the book's 18 chapters is divided into 3 section, exploiters — which details how the crime lords and their teams carry out the crimes, enablers — which details the history and current practices of credit card companies, banks, credit bureaus, and data brokers, and expediters — which recounts how technology and technologies enable these crimes. I found that the breaking up of the chapters into such triplets is occasionally confusing, and you are left wondering what story you are in.
The book is based on the premise that the payment industry, namely the credit card companies, banks, credit bureaus and data brokers have created an infrastructure that is pliable, nearly endlessly extendable, but paper-thin when it comes to security. The system is built for ease of access, ease of granting credit, but without a robust security infrastructure or privacy controls.
Consider that the PCI Security Standards Council was not created until late 2004, and that will give you an idea how security is anathema to the industry. The outgrowth of PCI is the PCI Data Security Standard which is the first uniformly created set of comprehensive security requirements for enhancing payment account data security. While the industry debates the efficacy of PCI, attackers are busy at work running innumerable fraudulent schemes.
The authors paint an honest appraisal of the lack of security in the industry and have their facts in order, although an occasional hyperbole does creep in, for instance when the authors repeatedly state that the hackers in question went weeks without sleep. But a huge error is where they state in chapter 11 that PCI is controversial, with some merchants complaining that it is too costly to implement. There is nothing controversial about PCI, and the security controls it requires are sorely needed. While merchants express their discontent about security and its associated costs, attackers steal from underneath them. The quicker the merchants get that they needed security, the quicker the attacks will stop. But as the book shows, that will not happen anytime soon.
Part of the reason why identity theft will not go away anytime soon is similar to the problem in the air traffic control industry, as detailed in Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It. There are too many players in the game, all of which focus on their own interests, and no one wants to take responsibility for the problem. The fact that the Social Security number (SSN) is still used as a key personal identifier, combined with the ease at which an individual 's SSN can be obtained and misused should be enough to give anyone pause.
The primary purpose of a SSN has been to track individuals for taxation purposes. But in the last decade, the SSN has become a de facto national identification number. When established in the 1930s, the Social Security Administration meant for the SSN to be used as a way to track a person's earnings for Social Security benefits. Despite its narrowly intended purpose, the SSN is now used more for non-Social Security purposes, than for the reason it was created. Today, SSNs are used for identity verification, and are the de facto identifier for the credit and financial services industry. With SSNs being aggregated by the millions, they are the fodder for the stories in the book.
Book such as Silent Spring, which helped launch the environmental movement, and The Jungle, which exposed the corruption of the American meatpacking industry, were watershed books that changed America. While Zero Day Threat is not in the same category as either of these books, it is highly unlikely that the level of outrage it will create will be much, nor the indignation significant. Because as bad as identity theft is, and as much grief as it causes, there are far too many politicians, powerful companies, lobbyists and more that are in the way of any change.
Nonetheless, Zero Day is a most interesting look at the many players that work together to facilitate the countless identity theft rings. The book is an absorbing look at the many international players and their enablers involved. While identity theft is not going away anytime soon, Zero Day Threat details the problem, and shows what you can do to ensure that you are not a victim.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Re:Ummm.... (Score:2, Informative)
For a country that is busy becoming scared of every boogeyman that the political and special interest groups can come up with, too little hysteria over risks does seem like on odd choice of wording.
As to society tolerating tens of thousands of drunk-driving deaths, you might want to research that some more. Try this place http://dammdrinkers.com/ [dammdrinkers.com] MADD is becoming more of a problem than drunk drivers ever were.
Re:Review ? (Score:3, Informative)
In the US nearly EVERYTHING has this poison in it because it is cheaper.
Oh stop it. 90% of food at the grocery store does not have high-fructose corn syrup in it.
The problem with HFCS is that the liver stops processing other items until all of the HFCS is processed, if you eat lots of it it never lets the other stuff in to be processed.
That is so non-sensical it's hard to know where to start. You make it sound like the liver is the primary digestive organ. Also, according to you, if I eat some HFCS, I can then eat 20,000 calories and it'll never be processed. Hurray! HFCS is the cure for obesity.
The question is "why is HFCS so cheap here?" and the answer is federal subsidies.
Sorry, wrong. The reason is the high import tariff on sugar in the USA. That's not the same thing as a subsidy.
I think that this is also why we still have an embargo against Cuba too.
It's been fun, but you should run along and finish your homework before posting on Slashdot again.
Re:AT LAST!!!... (Score:4, Informative)
Re:Review ? (Score:2, Informative)
Ok, here goes:
1) Try going to the grocrey store and looking at the ingredients. No, really. Bread, cereal, almost all drinks including juices and soda. jams/jellies, snacks, many processed foods including the ones made by the grocer. Go look at the labels and I think you'll be surprised how much food has HFCS in it.
2) Non-sensical? I think you're just being difficult. Here is where I'm encouraging others to mod you troll, as I've just used up my mod points. Your comments are neither ACTUALLY informative or very helpful. They're just meant to rebuff someone's opinion by calling it non-sensical, rather than bring a truth to light. HFCS DOES stop the body from processing fats, so rather than get burned up by the body the fats get stored immediately. OF COURSE HFCS doesn't stop the body from processing calories, but your getting your panties in a bunch rather than simply pointing out the potential misunderstandings the parent post could cause is not helpful.
3) You're right (to my knowledge). However, the general idea that government intervention keeps prices low is what I believe the parent was getting at.
4) Wow. Just, wow. Could you be any less helpful? Do you need to be so condescending to someone who seems to want to add constructively to the discussion? I know I shouldn't feed this type of behavior, but I think you are the one who should seriously consider how and why you post on Slashdot. Maybe you just had a bad day, though. Maybe your undies really are just bunched up tightly. I don't know, but I AM trying to give you some benefit of the doubt without being a troll myself.
In conclusion, if I had any mod points left you would not be receiving benefits from them, though I hope you come back and add to future Slashdot discussions as you obviously have strong opinions that could merit being heard.
Re:Review ? (Score:4, Informative)
"Oh stop it. 90% of food at the grocery store does not have high-fructose corn syrup in it."
Assuming a grocery store is a supermarket and not a greegrocer's, then you are wrong.
I apologise for the payment gate, but there's an hour long lecture on corn in the US food system available here:
http://www.alternativeradio.org/programs/POLM001.shtml [alternativeradio.org]
Amongst other things, the speaker details the scientific testing done trying to find processed food with no corn in it. USians should listen to this talk.
If you're referring to a real greengrocer, then you need to check the availability and price of these stores and goods compared with processed foods. I don't think most people can afford a fresh fruit-and-veg diet in the US, or so I've been told.
As for the liver, apparently every cell in the body can metabolize glucose. However, all fructose must be metabolized in the liver. The livers of rats on high fructose diet look like the livers of alcoholics, plugged with fat and cirrhotic. (from http://www.westonaprice.org/motherlinda/cornsyrup.html [westonaprice.org])
This is probably what the previous poster was referring to.
A tarrif is not the same as a subsidy. However, they have roughly the same effect. Ignoring tarrifs, it remains true that the corn industry, and the oil industry upon which it depends so heavily, are both subsidised by the US taxpayer.
Between 1995 and 2003, federal corn subsidies totaled $37.3 billion. Ethanol makes this even worse.
http://www.slate.com/id/2122961/ [slate.com]
There are very big problems with corn in the USA and you should do your own homework; it took me 5 mins to glue some links together.
Oh, and read "fast food nation".