Saturday, February 16, 2013

Zero Day by Robert O' Harrow Jr.

Zero Day: The Threat in Cyberspace, Robert O'Harrow, Jr.  New York: Diversion Books, 2013.  [Washington Post e-book, 69 pps.].

Robert O' Harrow is an investigative journalist for The Washington Post who has written extensively about the erosion of privacy and has won various awards and honors.  In a Washington Post e-book, it is easy to understand why.  His writing is sharp and crisp.  He knows his material.  He cites numerous references to back up his thesis.

The "Zero Day" in the title refers to zero day exploits, a term that should be familiar to hackers.  But Zero Day also takes on the recent Stuxnet and Flame worms and other examples of malicious code.  Besides the stuff of 'cyberwars,' Zero Day introduces some personalities.  Some are folks who have regular sorts of jobs involving tech by day but hack at night.  Others have to do with the targets.

There are bits of history in Zero Day written from the perspective of an investigative journalist who is explaining things to a non-techie non-nerd audience.  This history is shaped a bit differently than the stuff that I myself witnessed in the days of ARPA-net and B.B.S. because of the intended audience.  Although I miss the feel of hacker culture, the history that was related was good enough for as far as it went.

sapphoq reviews says:  Unfortunately, to the uninitiated, Zero Day may come off as somewhat blaming the hackers.  While I do not know if this is intentional, I must state that if it were not for the hackers there would be no Internet today as we know it.  And of course Big Hollywood and various government officials threaten the Internet today as we know it.  

I've often thought that the 'first mistake' of companies was to not appreciate the hackers.  It used to be that a hacker could contact a company about the exploit that was found during exploration.  The hacker would be thanked and the hole would be patched.  [N.B.: The phone company did not extend the same appreciation to phreaks.  Phreaks who were found out were arrested.  Ma Bell was known to offer college scholarships to the best of the phreaks in return for a commitment to work for x amount of years for the monopoly.  I don't know that any of the phreaks ever said "yes"].  I remember those days with a certain fondness.  Nowadays there is panic at the thought that someone would "intrude" upon the insecure network of any given company.  The hacker, who must hack in much the same way that a writer must write, is carted off to prison or made to pay in other ways.  

There is barely a greater thrill than finding something that needs fixing.  When I recently found such a hole in my own system and was able to correct it, I was elated.  The thing is, hackers who are adept at pen testing do it for the same high that I experienced at the moment of my discovery and again at the moment that I patched it.  There are some paid pen testers out there who I am quite sure are happy at their profession and experience a love of the machine--  because I've met them.  And I am also sure that there are others who make a big deal out of what color hats they wear.  They don't want to be brave and be mistaken for one of us.

Zero Day is worth a read for the proper audience-- intelligent people who are not hackers by nature.  Those who willingly and joyfully endure a lack of privacy in the name of security would do well to stick with other sources for their information.  And any hackers probably won't need to read the material.   

some Robert O'Harrow articles dealing with privacy can be found here:

No comments: