Cypherpunks: I recently received the recent Loompanics catalog and read the review of SECRETS OF A SUPER HACKER in it. I wondered if the book was just hype ("Approaching Zero" comes to mind) so I'm glad to read in Timothy May's "Books, Loompanics, and other weird stuff" that the book might actually be worth reading. I've appended the review. Thanks, tcmay! Walter A. Kehowski <wak@next0.math.pitt.edu> ###################################### SECRETS OF A SUPER HACKER by The Knightmare, introduction by Gareth Branwyn, 205 pp., 8 1/2" x 11", ISBN 1-55950-106-5, March, 1994, Loompanics Unlimited, Box 1197, Port Townsend WA, 98368. Price: $19.95 plus $4.00 for shipping (includes a copy of their must-have 280 page catalog of unusual books). Credit card orders to 206-385-2230 (phone) or 206-385-7785 (fax). This is a very good practical book on breaking into computer systems. It's readable, interesting, informative, balanced, and accurate, with a nice spirit of fun and swashbuckling! Here's the contents: Introduction: Hackers: Heroes or Villains? I: The Basics II: The History of Hacking III: Researching the Hack IV: Passwords and Access Control V: Social Engineering VI: Reverse Social Engineering VII: Public Access Computers and Terminals VIII: On-Site Hacking: The Tresspasser-Hacker IX: Hacking at Hope: Dialing Up Computers With Your Modem X: Electronic Bulletin Board Systems XI: Borderline Hacking XII: What To Do When Inside XIII: This Lawful Land XIV: Hacker Security: How To Keep From Getting Caught XV: Conclusion Further Reading Glossary 8 Appendices The Knightmare covers lots of clever technical tricks for gaining access, but he shows most glee with scores of hilarious "Social Engineering" scams for seducing legitimate users into revealing their passwords. The striking thing about these spoofs is, just reading them, you realize through the laughter how often these simple Social Engineering techniques will produce results and how the credulity of non-security- minded naive users is the weak point of any security system. Sometimes while reading, I wished the book provided more specific info about phone numbers, brand names, specific techniques that work on specific bulletin board systems, etc. But I recognize that such information would go quickly out-of-date, or would be fixed in response to the book's publication, or could implicate the author. The Knightmare is presenting concepts that won't go out-of-date soon, giving the interested non-hacker a comprehensive and comprehensible survey of the field, and tipping off the potential hacker with just enough details to get him/her started and steered in the right direction and minimize the chance of getting caught. On this final point... a few times during the early chapters I thought The Knightmare was being cavalier about personal safety, favorably reporting (for example) Social Engineering advertizing scams that would likely bring the cops to one's doorstep. But The Knightmare was saving his warnings for 2 chapters towards the end, 22 sobering pages that make very clear the risks involved and what definitely NOT to do. A very balanced presentation. As usual with Loompanics books, this one can be read backwards, and pages 167-168 are directed specifically to System Administrators interested in beefing up security. I also appreciated all the hacker philosophy and pragmatic do-no-damage hacker ethics. The Knightmare disdains and derides "crackers" who break into a system in order to wreak havok; for him, "hackers" are peaceable, non- destructive puzzle-solvers and liberators of information. In a world where the govco is ever working to extend and centralize its control over financial data, encryption techniques, cyberspace, and every aspect of people's lives, the hacker may emerge as a modern-day Robin Hood.