The Art of Deception: Controlling the Human Element of Security

ClanBrandon Books
view more info on this item
click here for more details, find new or used items

Kevin Mitnick, William L. Simon

Our price £6.99 (£9.99)
New from £4.85
Used from £4.98

Pages: 368 (Paperback)

ISBN: 076454280X

Pub: John Wiley & Sons

Pub date: 2003-10-17

Amazon.co.uk Sales Rank: 109825
Check for 3rd party sellers (new/used)

Editorial Review:


The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organisational security is going to lose the will to live. It's been said before but people and security are antithetical. Organisations exist to provide a good or service and want helpful friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru the least and last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organisations and were probably known to the Pheonicians. Technology simply makes it all easier. Phones are faster than letters after all and large organisations mean dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realise more effective security means reducing organisational efficiency: an impossible trade in competitive business. And anyway, who wants to work in an organisation where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world effective organisations have to acknowledge total security is a chimera--and carry more insurance. --Steve Patient

Reader Reviews:


2/5 stars

Utterly repetitive (0/1 people found this helpful)

The first 50 pages were great. Then gradually I began to realise that the whole book is just a repetition of the same theme. All the stories follow the same pattern and you might as well stop reading after the first couple of chapters when the basic techniques have been demonstrated by way of fictional examples, After that virtually nothing new is learnt.

3/5 stars

Interesting read, but falls short (0/0 people found this helpful)

Rather too much self-congratulation for my liking, and the fact that the stories are fictional reduces their credibility. Having said that, I can well believe the vulnerability of an organisation in the hands of a skilled con artist.

4/5 stars

Entertaining Read (8/8 people found this helpful)

The Art of Deception provided more of an entertaining read, than a "How To" book. Whilst I would reccomend the book to anyone interested in network security, I wouldnt reccomend it to those who physically want to go and do it themselves. The book is influenced more on to defending yourself, than attacking others.

The book is full of entertaining little stories about how 'social engineers' are able to obtain sensitive information, just by 'asking for it', along with explainations of the techniques used, why it worked, and how you can prevent something similar happening to you.

Given the content, and the quality of the book, it is definitely worth the money. Just dont be dissapointed if you were looking to be able to go and do it yourself.

5/5 stars

Well worth reading (3/3 people found this helpful)

An excellent read giving a great insight into how people can be easily duped. Not a handbook to begin hacking but an overview of techniques so that anybody who is worried about Information Security can be aware of the methods employed by Hackers and put in place procedures to prevent unauthorised access to data. Written by the "definitive" hacker who has now turned his energy and expertise to the benefit of all. Well written and easy to read even if you're not a techi'. Not full of jargon or assumptions. BUY IT NOW

2/5 stars

Could be better (10/26 people found this helpful)

All the book represents is a compilation of anecdotal stories which the author suggests defences against, while occasionally reminding you that he is not allowed near technology due to previous convictions as he may start cracking.

Stories of Mr X called the local branch office of company Y and spoke to person Z to get some freely given information followed by a how to avoid these kind of hacks, usually in the form of do not let any of your staff talk to anybody from the outside world, this will prevent them from giving any company secrets away, this includes anything from the blue prints to the next company design to a member of staffs telephone number. I would tend to believe that any company, which followed these recommendations to the letter, would be the most inefficient and obstructive company know to mankind.

Very dull read which is full of suggestions that would make every day at work a pain; internal staff could not help each other etc. If your staff care about security, trust me on this one there's a lot of minimum wage staff who don't care the slightest, and why should they when the next available job around the corner is well as the least the same pay! Even the highest paid staff members probably don't want the hassle of this as more and more company time would be eaten by ensuring everything is 100% secure.

The entire book could have been summarized with "only give information to authenticated and authorised people, oh and don't trust anyone!"

Similar Products

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Secrets and Lies: Digital Security in a Networked World

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

Beyond Fear: Thinking Sensibly About Security in an Uncertain World

Security Engineering: A Guide to Building Dependable Distributed Systems

Categories

Amazon.co.uk places this book into the following categories:

Books -> Subjects -> Business, Finance & Law -> Management -> Information Management
Books -> Subjects -> Computing & Internet -> General
Books -> Subjects -> Computing & Internet -> Digital Lifestyle -> Online Shopping -> Amazon
Books -> Subjects -> Computing & Internet -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> Network Topics -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> General AAS
Books -> Subjects -> Computing & Internet -> Software & Graphics -> General AAS
Books -> Special Features -> Search Inside!
Books -> Refinements -> Language (feature_browse-bin) -> English
Books -> Refinements -> Age (feature_two_browse-bin)
Books -> Refinements -> Format (binding_browse-bin) -> Paperback
Books -> Refinements -> Condition (condition-type)

 

ClanBrandon Books | Prague airport transfer | Dreamweaver | Short Term Missions | English Teacher Jobs in the Czech Republic
Czech Republic | Operation Mobilisation | Czech Republic Map