|The Art of Deception: Controlling the Human Element of Security
|List Price: $16.95
Our Price: $9.99
You Save: $6.96 (41%)
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.
After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.
Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.
Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
- This book is quite an eye-opener
This is a great, but frightening book. The book explains many, many ways how "social engineers" (what the author calls those who manipulate strangers) can take advantage of people. These stories are clearly and convincingly illustrated by examples. Unfortunately, when one realizes all the people who have access to their private information and that it only takes one to fall for the kind of tricks mentioned here, it is clear that safety is all but impossible. That said, this can serve as a wake up call to fix what we can, especially in our own workplaces. My one complaint with the book is that the sample security policies in the last chapter were not available electronically.
Read this book or become a victim! Not only will you learn the how's and why's of social engineering, but you will also be thoroughly entertained by Mitnick's stories. Everyone in the security field should consider The Art of Deception required reading. Let me rephrase that - everyone should be required to read this book. Period.
This would be a great book to recommend to your employees as part of security awareness training. The text is accessible and drives the message home that social engineering is a very real threat....more info
- This book is about you. Yes, you.
This book is about you. Yes, you. The carbon-based life form in his natural habitat - the cubicle - tapping high-spirited and without worries on the keyboard. In the age of abundant security hypes and the painful, daily confrontations with the insecure reality, you finally managed to build a secure environment. Life is good.
A system is technically perfect when the only flaw in the system is the Human that operates, maintains and works with it. That makes you and every employee in the organization a target.
Organizations in the world invest massive amounts of money in firewalls, anti-virus software, intrusion detection ,VPN technology... but often neglect the most important and vulnerable security component: humans.
Kevin Mitnick brings you an essential piece of valuable awareness training packed in an easy reading book. Using realistic cases, interweaved with side notes, tips and lingo explanations from the master, you can start to mature and to fill the gaps in your security policy.
Review: The art of deception, controlling the Human Element of Security.
By Kevin D. Mitnick, William L. Simon.
Publisher: Wiley Publishing, Inc. (http://www.wiley.com).
Review: firstname.lastname@example.org....more info
- A classic and must-read for anybody worried about security
This is a great starting point for anybody interested in deceit. While the book focuses on "real-world" deceit, many of the principles carry over to online crime. It is very easy to read, and yet, informative and helpful. If you want to find an answer to the question "Just how much will people agree to?" then this is the book for you to read -- whether you are a system administrator, security researcher, policy maker, or simply interested in understanding fraud and psychology better.
Book frig'n rulz. Kevin does "have a real job" kid. Who do you think he works for now?
This book is is well written and from a great mind @ that. Get it, get it now. ~
Ramsinks dot com....more info
- You're already a victim
If you're reading this, you're already a victim of "social engineering" as Mitnick calls it. You somehow believe that reading these reviews will tell you whether the book is OK or not. But these reviews can be entered by anyone. Perhaps Mitnick has entered most of them himself or his publisher did the same; you'll never know.
So instead go down to the local bookstore, handle a copy and determine for yourself....more info
- Well worth the read
There was little material in here that I didn't already know, so I gave it 4*, for its use as refresher. For those unfamiliar with the topic, it probably does rate 5* as a primer.
Like other reviewers I didn't enjoy Mitnick's self-congratulatory / self-apologetic tone.
What it did remind me of is the lack of security at my own company :
* our employee car park beneath the building is permanently unmanned, so multiple passengers could enter the building piggybacking - and they have access to the office space behind the 'firewall' of the reception desk.
* in common with many companies we know have outsourced lots of things, including our Systems Security. So who's protecting who? I get lots of requests to send e-mails of commercially sensitive material outside our network to developers in India; but I refuse. Of course their own staff based onshore could be forwarding it on, and we wouldn't know.
I recommend everyone reads this book to see if they can improve upon their own security....more info
- The Book is a Con Job Too
The psychology of a Con Job is more the issue here. Computer
security is merely incidental. The stories are repetitive
but informative. The good thing about the book is a series of
anticdotes which can be used in speeches and training seminars
on computer security. It is sort of a book of quotes for IT
security trainers. The bad thing about the book is that it
is a con job in and of itself. Mitnick is profiting from his
crimes. The hype of the "Free Kevin" campaign caught visibity
with the magazine "2600" shows more public relations skill than
compter security competence. Some people just can't quit.
Find a real job Kevin....more info
- It's just excellent
Adequate for noobs and pros to understand how important social engineering in our security is, this applied not only in software; you can relate it with anything in your live.
- Social Engineering 101 - Read It or Become a Victim
"The Art of Deception" was recommended to me by an instructor teaching a CISSP prep class. It is both an enjoyable and informative read. Mitnik is the "real deal" in exploiting social engineering techniques and his books should be required reading by corporate security policy makers (and I am sure it is for many already).
This book illustrates various techniques for bypassing established corporate physical and information security security policies. I have actually inadvertently used some of these techniques when troubleshooting network issues or having forgotten my passcard to gain access to systems and rooms. It is often easier to bypass the rules than to go through the steps needed to obtain proper access and people are surprisingly willing to cooperate "just this one time".
This book will help you sensitize your employees to the risks of bypassing security policy and recognize when this might be occurring. Highly recommended!...more info
- Reads like a great novel!
I could not put this down! It reads so well that i could hardly put it down. I kept laughing out loud at the stupidity of the people only to realize that they really weren't that stupid. Mitnick is a great con man / social engineer. His exploits / fictional accounts read like an eery account of what to watch out for. Yes, we all think we are smarter than him and all those guys out there, but we really aren't (or at least, not as devious).
I bought this book as I was interested in the subject. I am not a hacker, but technically able... it is not about hacking, and is not a technical computer "how to" book, but as I learned, a how to on social engineering... the funny thing (I did not know previously) Mitnick, really did very little with computers. Most of his crimes were with social engineering.
What he did show is how easily people part with sensitive information. In turn, how that small piece of information could be leveraged into more information, until you have all of the pieces of the puzzle and you have some seriously compromising information that nobody would like to have released.
Don't buy this if you are looking for a computer book, but do get it if you are looking for a book that reads easily (I attribute this to his co-writer) and is a fun, yet scary read....more info
- Definitve Text on Social Engineering
Definitive discussion of "social engineering" or deceptive practices to gain access to a company's data. Typically information security discussions center on technology (antivirus, firewall, intrusion detection), but this book makes clear that the weakest link in most security chains are the people in the organization. Only through a good policy and training can this weakness be addressed. A must read for anyone seriously interested in information security. ...more info