Interview with Anonymous, lead author of "Maximum Security 4/e"
by Mirko Zorz - Thursday, 1 May 2003.
Pearson has an interesting (ingenious) way in which it does business. It may well be one of the few functional human networks that remains truly decentralized, dynamic, and elastic. The manner in which editorial copy is moved back and forth is pretty clean. But yes...a few of those authors do know my identity (and more than a few are likely glad that my identity has been so long a secret, as they're such fine persons, I doubt that they would, under any other circumstances, attach their names to my works).

Wouldn't your real name on the book guarantee more customers for your company? Why not use this promotion?

I could just say "see above," but I'm not nearly so rude. As I had anticipated, opposition forces did, within the last two years, release incredibly damaging (and false, defamatory) information about me on the Internet. To prevent Pearson from losing millions of dollars behind that data, it was an imperative that my name never appear anywhere. (Funny sidenote: once, about six months ago, a clerical error led to a Library of Congress misprint that did reveal my name - for a few days. What a mess). To get to the heart of your question, though, yes: most authors do book signing tours, lectures, and what not (and these activities are normal aspects of almost any publishing contract of substance). I - and Pearson - could have made much more money had my name been out there, and had I been out there. Perhaps someday, after a dozen or so lawsuits to clear my name (as much as it can be cleared, heh), my name might be public knowledge.

But today, Pearson's best strategy is to keep it quiet, and I have always tried my best to help Pearson in that regard.

How long did it take you to write "Maximum Security 4/e" and what was it like? Any major difficulties?

"Maximum Security 4/e" came at a time when I was deeply embroiled in a back-alley corporate war - and a nasty one. Hence, I couldn't really be there as I should have been. On that account, "Maximum Security 4/e" (which is a pretty good book, actually) is the fruit of many others' labor. I lent some support there (perhaps quite a bit), but they (Pearson's excellent authors and its editors) are responsible for it. Strictly speaking, my "last" book - ever, save one, which is unrelated to computer security - was "Maximum Apache Security", although my "fingerprints" are on some 32 ISBNs. I think, though, without speaking for other "Maximum Security 4/e" authors, the major difficulties the book presented was, as always, the same: technology in this area gains ground by the minute, and not the day. Hence, from the time the book entered the editorial queue to printing, the authors had to undertake many updates to account for strides (by black and white hats) that occured during its production. Wireless security might be a good example.

What operating system(s) do you use?

Well, I'm an OpenBSD fan. It's not perfect (nothing is), but it certainly provides you with a beginning baseline. Of course, nowadays, many technologies that were once commonly to OpenBSD exclusively are becoming widely available to other operating systems. For quick-and-dirty installs, though, OpenBSD rox. However, between the Patriot Act and other legislative maneuvers like it, our problems are now a tad different. Whereas we once had to "watch" crackers, we must now also watch our watchers. This presents practical issues that this or that encryption suite or firewall may not necessarily handle, so now, we need to look more to the processes by which data winds its way through our enterprises and homes. Wireless security, for example, is still, in my opinion, a disaster, and yet, many of my friends use it without a second thought (and without hardening it). These days, any sensitive work I do, I do on a laptop without network connectivity. When I'm done, I melt the drive, and buy another.

What is, in your opinion, the biggest challenge in protecting information at the enterprise level?


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th