Book review: The Traitor by Ava Glass

The Traitor: A NovelAccidental superspy Emma is back in this second volume, which can be read independently of the author’s first book chronicling her adventures eluding her Russian counterparts. This time she is put on a Russian’s oligarch’s yacht to try to figure out the cause of one of her fellow secret agent’s death in London. Emma is a delightful character and this book adds to her allure as someone who can kick ass when she needs to but still figure out the subtle tells of the spies around her. The yacht is sailing between Monaco and Barcelona and is the site of numerous near-mishaps and espionage moments that are just a joy to read. The supporting cast from the first book is back making the plot points even more compelling. Highly recommended.

Book review: Containing Big Tech by Tom Kemp

Tom Kemp’s new book about the dangers of the five Big Tech companies is several books in one volume. Normally, this would not be a great recommendation, but stick with me here and see if you agree that he has written a very useful, effective, and interesting book.

It is a detailed history on how Microsoft, Google, Meta/Facebook, Amazon and Apple have become the tech powerhouses and near-monopolists with their stranglehold on digital services, at the same time threatening our privacy. It is a reference work for consumers who are concerned about what private information is shared by these vendors, and how to take back control over their data. It is also an operating manual for business IT managers and executives who are looking to comply with privacy regs and also to prevent their own sensitive data from leaking online. And it is a legislative to-do list for how to fashion better data and privacy protection for our digital future.

Kemp focuses on eight different areas of interest, one per chapter. For example, one chapter describes some startling failures at reigning in the data broker industry and another goes into details about how easily disinformation has prevailed and thrived in the past decade. He mixes his own experience as a tech entrepreneur, investor and executive with very practical matters. Each chapter has a section dealing with the issue, then the response of the various tech vendors, and finally a collection of various laws and proposals from both the EU and the US in response. This last section is a sad tale about the lack of legislative forward motion in the US and how the EU has forged ahead with their own laws in this area — only to be lightly enforced.

Speaking of legislation, I asked him what he thought about the lack of any progress in that department, especially at the US federal level. He told me in a recent interview that “No one is going to do anything to modify Section 230 — all previous efforts have been roundly beaten. Eventually, pressure is going to shift to EU, with its new laws that take effect in 2024. These will require online businesses to monitor their platforms for objectionable speech. These will also give end users the ability to flag content and make the tech vendors to be more transparent. Tech platforms will then have to finally respond. I don’t see anything happening in the US, nor with any new federal privacy laws enacted.”

His unique know-how and the combination of these different perspectives makes for a fascinating read. For example, to test Google’s claims that they have cleaned up their heavy-handed location monitoring, he did some role playing and set up appointments at local abortion clinics, visited drug stores, and shopped online. His online activity and location data was monitored by Google about every six minutes. “The real-time nature of this monitoring was impressive. Google knows the ads that they served me, the pages I visited, my Android phone notifications and locations. And despite their promises, they were logging all these details about me,” he said.

Even if you have been parsimonious about protecting your privacy, you probably don’t know that Meta’s tracking Pixel is used by a third of the world’s most popular websites and is at the heart of numerous privacy lawsuits, especially in Europe. Or the sequence of steps to tamp down on what the five tech vendors allow you to make your activities more private.

Kemp doesn’t pull any punches — he lays blame at the keyboards of these Big Tech vendors and our state and federal legislators. “Big Tech’s anticompetitive practices have also significantly contributed to them becoming these giants who act as gatekeepers to our digital economy,” he writes. “The five Big Tech firms have five of the seven largest cash balances of any S&P 500 company in 2022.”

He documents the missteps that the major tech vendors have taken, all in the service of their almighty algorithms and with the aim of increasing engagement, no matter the costs to society, or to its most at-risk members — namely children.

I asked him about the latest crop of studies that were paid for in part by Meta/Facebook and appeared in various technical journals (and covered here in the NY Times.) He told me, “Meta was closely involved in shaping this research and in setting the agenda. It wasn’t a neutral body – they framed the context and provided the data. Part of the problem is that the big tech platforms are talking out of both sides of their mouths. They market their platforms specifically to influence people to buy products from their advertisers. But then their public policy staffs have another message that says they don’t really influence people when bad things happen to them. They certainly haven’t helped the situation via algorithmic amplification of using their services.” I reminded him that many of the big tech trust and safety teams were one of the first groups to be fired when the most recent downturn happened.

So get a copy of this book now, both for yourself and your business. If you want to stay abreast of the issues he mentions, check out his website for post-publication updates, which is very helpful.

You may have taken some of the privacy-enhancing steps he outlines in one of the book’s appendices, but probably will learn some new tricks to hide your identity.

Book review: Elonka Dunin and Klaus Schmeh’s new Codebreaking edition

What do the authors Beatrix Potter, Rudyard Kipling, Edgar Allan Poe and the British composer Edward Elgar have in common with the Zodiac killer, Mary Queen of Scots, and an enigmatic map left in the 1880s by Virginian buffalo hunter named Thomas Beale? They all were fascinated by communicating by codes. And if you are too and want to learn how to break them yourself, you should pick up the latest expanded edition of Codebreaking by Elonka Dunin and Klaus Schmeh that is expected in September. Their book takes you through the codes used by these historical luminaries, some of them (such as one of the Zodiac messages or the mysterious Voynich manuscript) have never been broken. And there are plenty that have been solved, such as a single telegram that was decrypted and brought the US to enter WWI.

The book’s focus is on using your wits and pencil and paper to solve the puzzles for the most part, although the authors aren’t computer-adverse: they use the old fashioned methods to help develop the reader’s skills and to pay attention to the frequency distribution of the coded letters and symbols used in the messages, among other tricks of the trade that they describe in detail.

Dunin may be a familiar name to you: Years ago, I had an opportunity to meet her in person when she spoke at a conference in St. Louis. She is a very impressive person, and carries a deep history and understanding of the genre. She is tightly associated with an encoded sculpture that sits on the grounds of the CIA campus, which still contains an unsolved portion after decades of tries by the best and brightest cryptographers. Her co-author has written numerous books as well and maintains the Encrypted Books List that is a useful companion to learn more about the topic, along with providing numerous illustrations that begin each of the book’s chapters.

This book is nearly 500 pages, and chock full of illustrations of the original coded messages as well as other helpful materials that show how codebreakers figure things out. Because of this, I would recommend buying the printed copy rather than an ebook. Each chapter is devoted to particular techniques, such as “hill climbing” where you proceed to decode a word at a time and continually measure your progress. This technique has proven very successful at breaking historical codes and uses computer algorithms.

The authors were motivated to update their first edition because so many major codes have been cracked over the past few years — including the aforementioned one by Mary Queen of Scots. The stories of these escapades  is what makes this book entertaining as well as informative, and you realize that codebreaking is a team sport. The encoded message above, by the way, is one of the many Zodiac copycats who wrote messages to the police pretending to be the actual killer. See if you can work out what it says.

Book review: Blind Fear

Blind Fear: A Thriller (The Finn Thrillers Book 3) by [Brandon Webb, John David Mann]This is the third in the series of “fear” books featuring ex-Navy SEAL Finn in another escapade, this time in Puerto Rico in the process of saving two children who get caught up in a series of unfortunate events. Finn is trying to find the kids, who have been abducted on a snorkel trip. Meanwhile, two federales are searching for Finn and land on the island and start tracking him down. The characters, as with the previous two novels, are well drawn, the situations ultra realistic, the conflicts seemingly vexing. You don’t have to read the other books to get involved here, and if you are fans of Lee Child’s Reacher or Brad Thor’s books you will find this novel enjoyable and the pace the usual madcap and mayhem.

Book review: The edge of sleep

The Edge of Sleep: A Novel by [Jake Emanuel, Willie Block]This book is based on the podcast/TV series of the same name which has been out for several years. The thesis is that a worldwide plague hits when people go to sleep, so the obvious conceit is to stay awake to try to fight it and figure out an antidote. So we have the real-life pandemic to compare with the fictionalized version, and that may or may not sit well with some readers. We touch on several different groups of people in everyday situations around the world as they try to cope with the calamity, which I think works better in a TV version than trying to keep track of them throughout the novel. Think of it as a zombie apocalypse without the zombies, which has never been a favorite genre for me. The novel has some terrific descriptions and the plot takes us to some interesting places. In place of the hyper-science and politics of Covid, we have just ordinary folks who are trying to live their lives and cope with staying awake. Read on Amazon here.

Book review: Breaking Backbones Book 2 by Deb Radcliff

I have know Deb Radcliff as a B2B journalist colleague and now cyber fiction author for more than a decade. Her latest novel in the “Breaking Backbones” series can be read independent of the first volume, and is a sizzler taken directly from today’s cybersecurity news. We have mostly the same motley cast of characters of hackers, ne’er-do-wells, and tough dudes who are trying to mess up the world now that its central IT authority GlobeCom was taken down at the end of the first book. The various hacker clans are trying desperately to free a bunch of imprisoned programmers somewhere in Russia and stop the evil doers from unleashing their AI-based code on the world. In the meantime, there are plenty of drone attacks to manage, code to review, and personal scores to be settled. There is plenty of dystopia to be served up in its pages, and a great deal of verisimilitude thanks to Radcliff’s familiarity with the subject matter. Will her world be successful at freeing its digital enslavement from a crazy autocrat? Well, I won’t give away the ending, but it sure was fun reading about it.

Book review: Visual Threat Intelligence by Thomas Roccia

Thomas Roccia has written an interesting book called Visual Threat Intelligence that is both unusual and informative for security researchers of all experience levels. He is a Senior Security Researcher at Microsoft’s Threat Intelligence group, and the founder and curator of, a database of malware evasion techniques.

Think of it as both a reference guide as well as a collection of carefully curated tools that can help infosec researchers get smarter about understanding potential threats (such as YARA, Sigma, and log analyzers) and the ways in which criminals use them to penetrate your networks.

For threat intel beginners, he describes the processes involved in breach investigation, how you gather information and vet it, and weigh various competing hypotheses to come up with what actually happened across your computing infrastructure. He then builds on these basics with lots of useful and practical methods, tools, and techniques.

One chapter goes into detail about the more notorious hacks of the past, including Stuxnet, the 2014 Sony hack, and WannaCry. There are timelines of what happened when, graphical representations of how the attack happened (such as the overview of the Shamoon atttack shown here), mapping the attack to the diamond model (focusing on adversaries, infrastructure, capabilities, and victims) and a summary of the MITRE ATT&CK tactics. That is a lot of specific information that is presented in a easily readable manner. I have been writing about cybersecurity for many years and haven’t seen such a cogent collection in one place of these more infamous attacks.

Roccia also does a deeper dive into his own investigation of NotPetya for two weeks during the summer of 2017. “It was the first time in my career that I fully realized the wide-ranging impact of a cyberattack — not only on data but also on people,” he wrote.

The book’s appendix contains a long annotated list of various open source tools useful for threat intel analysts. I highly recommend the book if you are interested in learning more about the subject and are looking for a very practical guide that you can use in your own investigations.

Book review: A Hacker’s Mind by Bruce Schneier

I have known Bruce Schneier for many years, and met him most recently just after he gave one of the keynotes at this year’s RSA show. The keynote extends his thoughts in his most recent book, A Hacker’s Mind, which he wrote last year and was published this past winter. (I reviewed some of his earlier works in a blog for Avast here.)

Even if you are new to Schneier, not interested in coding, and aren’t all that technical, you should read his book because he sets out how hacking works in our everyday lives.

He chronicles how hacks pervade our society. You will hear about the term Double Irish with a Dutch Sandwich (how Google and Apple and others have hacked and thus avoided paying US taxes), the exploits of the Pudding Guy (the person who hacked  American Airlines frequent flyer system by purchasing thousands of pudding cups to obtain elite status), or when the St. Louis Browns baseball team hacked things by hiring a 3’7″ batter back in 1951. There are less celebrated hacks, such as when investment firm Goldman Sachs owned a quarter of the total US aluminum supply back in the 2010’s to control its spot price. What was their hack? They moved it around several Chicago-area warehouses each day: the spot price depends on the time material is delivered. Clever, right?

Then there are numerous legislative and political hacks, such as the infamous voter literacy tests of the 1950s before the Civil Rights laws were passed. Schneier calls them “devilishly designed, selectively administered, and capriciously judged.”

“Our cognitive systems have also evolved over time,” he says, showing how they can be easily hacked, such as with agreements and contracts. This is because they can’t be made completely airtight, and we don’t really need that anyway: just the appearance of complete trust is usually enough for most purposes.

A good portion of his book concerns technology hacks, of course. He goes into details about how Facebook’s and You Tube’s algorithms are geared towards polarizing viewers, and the company not only knew this but specifically ignored the issue to optimize profits. The last chapters touch on AI issues, which he categorically says “will be used to hack us, and AI systems themselves will become the hackers” and find vulnerabilities in various social, economic and political systems. He makes a case for a hacking governance system that should be put in place — something which isn’t on the radar but should be.

“The more you can incorporate fundamental security principles into your systems design, the more secure you will be from hacking. Hacking is a balancing act. On the one hand, it is an engine of innovation. On the other, it subverts systems.” The trick is figuring out how to tip that balance.

Book review: The Revenge List

I liked the conceit about this murder mystery novel by Hannah Mary McKinnon entitled The Revenge List: The central character attends an anger-management support group and makes a list of people who have wronged her in the past and to whom she should forgive. Trouble is, the list falls into the wrong hands and people start having grave accidents. The mystery is who is doing these dastardly deeds, and what does this have to do with the character’s flaws, which are many. The action takes place in and around Portland Maine and the supporting cast is engaging and just quirky enough to sustain the plot points. It makes you question your own attitude towards forgiveness and how we resolve issues with our past connections. The family dynamics are also very true-to-life, which adds to the novel’s credibility and complexity. Highly recommended.

Book review: Stalked by Revenge by Lynn Lipinski

Stalked by Revenge (Zane Clearwater Mystery Book 3) by [Lynn Lipinski]This is the third book in a series of mystery novels featuring Zane Clearwater, a character who has had a shady past. It can be read independently of the others and there is a fourth is in the works. The story centers on Clearwater’s family, including a gun-packing grandmother and a private detective who comes to the aid of the family to stop a revengeful assailant who starts out in prison at the story’s beginning. Lipinski’s descriptive prose is first-rate, and the various characters are well drawn, with some very realistic challenges in their lives. By the end of the book you will feel that you know them and have a lot of empathy for their circumstances. Fans of mystery novels will enjoy this book, and I highly recommend it.

Buy it from Amazon here.