REVIEW - "The Florentine Deception", Carey Nachenberg

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>]

BKFLODEC.RVW   20150609

"The Florentine Deception", Carey Nachenberg, 2015, 978-1-5040-0924-9,
U$13.49/C$18.91
%A   Carey Nachenberg http://florentinedeception.com
%C   345 Hudson Street, New York, NY   10014
%D   2015
%G   978-1-5040-0924-9 150400924X
%I   Open Road Distribution
%O   U$13.49/C$18.91 www.openroadmedia.com
%O  http://www.amazon.com/exec/obidos/ASIN/150400924X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/150400924X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/150400924X/robsladesin03-20
%O   Audience n+ Tech 3 Writing 2 (see revfaq.htm for explanation)
%P   321 p.
%T   "The Florentine Deception"

It gets depressing, after a while.  When you review a bunch of books
on the basis of the quality of the technical information, books of
fiction are disappointing.  No author seems interested in making sure
that the technology is in any way realistic.  For every John Camp, who
pays attention to the facts, there are a dozen Dan Browns who just
make it up as they go along.  For every Toni Dwiggins, who knows what
she is talking about, there are a hundred who don't.

So, when someone like Carey Nachenberg, who actually works in malware
research, decides to write a story using malicious software as a major
plot device, you have to be interested.  (And besides, both Mikko
Hypponen and Eugene Spafford, who know what they are talking about,
say it is technically accurate.)

I will definitely grant that the overall "attack" is technically
sound.  The forensics and anti-forensics makes sense.  I can even see
young geeks with more dollars than sense continuing to play "Nancy
Drew" in the face of mounting odds and attackers.  That a
vulnerability can continue to go undetected for more than a decade
would ordinarily raise a red flag, but Nachenberg's premise is
realistic (especially since I know of a vulnerability at that very
company that went unfixed for seven years after they had been warned
about it).  That a geek goes rock-climbing with a supermodel we can
put down to poetic licence (although it may increase the licence
rates).  I can't find any flaws in the denouement.

But.  I *cannot* believe that, in this day and age, *anyone* with a
background in malware research would knowingly stick a
thumb/jump/flash/USB drive labelled "Florentine Controller" into his,
her, or its computer.  (This really isn't an objection: it would only
take a couple of pages to have someone run up a test to make sure the
thing was safe, but ...)

Other than that, it's a joy to read.  It's a decent thriller, with
some breaks to make it relaxing rather than exhausting (too much "one
damn thing after another" gets tiring), good dialogue, and sympathetic
characters.  The fact that you can trust the technology aids in the
"willing suspension of disbelief."


While it doesn't make any difference to the quality of the book, I
should mention that Carey is donating all author profits from sales of
the book to charity:
http://florentinedeception.weebly.com/charities.html

copyright, Robert M. Slade   2015   BKFLODEC.RVW   20150609


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Start by doing what's necessary; then do what's possible; and
suddenly you are doing the impossible.     - Saint Francis of Assisi
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.