Auto Ads by Adsense

Thursday, December 08, 2022

Review: The Cuckoo's Egg

 I first read The Cuckoo's Egg way back in the 1990s, and recently someone referred to it and I figured why not read it again --- it's been so long since I'd read it it would be like a new book. And indeed it has been --- the process of detecting an intruder on a VAX, along with using physical paper printers to log his terminal without tipping him off, and even making phone calls to sysadmins all over the country in order to warn them of a security hole in their systems ---- these all ring true and probably to some extent still happens today.

What is dated are the stakes involved. The intruder turned out to be no particular people of any consequence, and weren't even selling secrets for that much money. (One of the incidents in the epilogue in the book, the Robert Morris worm, has no been long forgotten --- mention it today and nobody's likely to remember it) Today, security breaches regularly cost the identity of thousands of customers, maybe even millions, and even those might not make front page news.

What probably hasn't changed is how hard it is to get even the 3-letter agencies to do anything about an obvious intruder who's looking for defense-related information. Though after 9/11, that might have changed. In any case, the book's well written, a fascinating read, and a good reminder that when dealing with incidents like this, it's important to keep a logbook that's supported by evidence. Many times near the end of the book, the author, Cliff Stoll was told by others that his wasn't the first incidence of a security breach, but rather the first well-documented incidence!

No comments: