Computer Security and the Internet: Tool and Jewels from Malware to Bitcoin,
Paul C. van Oorschot

Springer International Publishing, 2021.
ISBN 978-3-030-83410-4 (hardcopy), 978-3-030-83411-1 (eBook).
With a foreword by Peter G. Neumann.
Second edition, XXIX, 446 pages.

Reviewed by  Sven Dietrich   Jan 24, 2022 

As we navigate this new normal, we have to deal with many surprising variations of old known problems. On the upside (intentionally skipping the word 'positive' here), we see that this 'new normal' can generate new editions of computer security books much sooner than later. Paul C. van Oorschot has done this with his second edition of "Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin." It was a bit of a (pleasant) surprise to see a revised and enhanced edition of this already great security book so soon, with only 80 pages more than the previous edition. As a little birdie told me, the camera-ready version of the first edition was submitted to the publisher in mid-2019. So that makes a second edition of this book, with its camera-ready copy submitted in June 2021, appearing in late 2021 much more palatable.

So I will refer back to my previous review from May 2020, summarize that first edition, and focus on what changed in this second edition. You may think of it as the revised edition of the book review.

The first edition was already a fine collection of computer security concepts, very densely assembled into an almost Cliff-Notes-style book (yet better). The changes in the second edition round off that previous great achievement and add a touch of varnish.

In the second edition of "Computer Security and the Internet," there are now thirteen chapters, two more chapters than before, which got tacked on at the end as Chapters 12 and 13:

As before, the text throughout the book is color-coded, with different colors for concepts, program or operating system names, and keywords. Many diagrams and figures illustrating this book are also in color.

The first new chapter, Chapter 12 in the book, explains wireless security concepts, from the earlier, tremendously insecure mechanism called Wired Equivalent Privacy (WEP) up to the latest WiFi Protected Access aka WPA3, which recent operating systems and wireless routers support. In a world of wireless devices it is important to understand these fine differences in wireless security assurance as our (private?) bits fly through the air, and also how we got to WPA3 after a long and difficult road, sprinkled with many 'nails in the coffin for WEP' papers.

The second new chapter, Chapter 13 in the book, discusses blockchain, cryptocurrencies, and smart contracts in a succinct, yet complete, manner. In the 'popular science' public eye, cryptocurrencies and blockchain appear to have started with Bitcoin in 2009, but insiders know that the foundations were put in place many, many years before. This chapter provides a nice overview of the blockchain concepts, with cryptocurrencies and of course smart contracts with Ethereum. A combination view of the Ethereum white, yellow, and beige papers lets the reader zoom in and out to get a high-level understanding of Ethereum and smart contracts. As a logical follow-on topic, the reader also learns about Non-Fungible Tokens (NFTs), something that some of you may have seen in connection with the art world.

Paul C. van Oorschot's "Computer Security and the Internet" is a great textbook for a computer security course, as I have used it myself for both undergraduate and graduate students, as well as a reference book for researchers and computer security professionals.

The book also has a web page outlining the book and its contents, with all its chapters available in PDF format for personal use, as well as a list of errata that continuously get worked into the most recent PDFs. The reader can assess where to best get their copy: at a book shop, their university library, the publisher, or simply online.

My copy will definitely be a hard copy to sit on my bookshelf next to the other books by Paul C. van Oorschot that I already have in my collection. I enjoyed reading this book and look forward to having this second edition readily available on my bookshelf for many years to come.

Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org