Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Art of Deception

Posted by timothy on from the ignore-the-man-behind-that-curtain dept.

MasterSLATE writes "One of the weakest links to the most secured computer systems are the humans that operate them. No matter how well secured a computer, network or information may be, there are always people that will have contact with them from the inside. This is what the social engineer exploits in order to gain access. In The Art of Deception, Kevin Mitnick writes about the human element and how it can be manipulated and exploited to gain access to computer systems or 'secure' information." Read on for the rest of Masterslate's review. The Art of Deception author Kevin Mitnick (& William L. Simon) pages 346 publisher Wiley Publishing, Inc. rating 9 reviewer MasterSLATE ISBN 0471237124 summary Geared toward the company security guy, but a good read for anyone interested in security, especially social engineering What's to Like?

The Art of Deception is extremely easy to understand and actually fun to read.

The first part of the book, Behind the Scenes contains the first chapter, Security's Weakest Link, which describes through many examples how and why the social engineer is able to so easily manipulate people to get what he wants.

Part 2, The Art of the Attacker, contains chapters 2-9, which describe various ways a social engineer can manipulate people over the phone. Each chapter tells of a different method that could be used to gain information. Each chapter also contains at least one example.

Part 3, Intruder Alert, contains chapters 10-14, which tell about different ways a social engineer can get inside a company, whether physically or through an internal contact. Each chapter contains at least one example.

Part 4, Raising the Bar, contains chapters 15 and 16, which explain how a company should create their security policies and training to prevent the social engineer from gaining access to sensitive information. These chapters are definitely more geared toward the executive, security analyst, or other specialist, as they contain specifics on what new policies should be implemented and why.

The last section in the book, Security at a Glance, contains some charts and information which should be read over by a more general audience, such as employees and other people that may be contacted by a social engineer.

And one sidenote: there's a nice little foreword by Woz (Steve Wozniak).

The Summary Although this book is geared toward the company security expert, this book also has appeal to anyone with an interest in social engineering. I found it to be a quick and fun read. As a social engineer, this book taught me new tactics to try as well as ways that my targets might be prevented from giving me information I seek.

Table of Contents

Foreword
Preface
Introduction

Part 1 Behind the Scenes
* Chapter 1 Security's Weakest Link
Part 2 The Art of the Attacker
* Chapter 2 When Innocuous Information Isn't
* Chapter 3 The Direct Attack: Just Asking for It
* Chapter 4 Building Trust
* Chapter 5 "Let Me Help You"
* Chapter 6 "Can You Help Me?"
* Chapter 7 Phony Sites and Dangerous Attachments
* Chapter 8 Using Sympathy, Guilt and Intimidation
* Chapter 9 The Reverse Sting
Part 3 Intruder Alert
* Chapter 10 Entering the Premises
* Chapter 11 Combining Technology and Social Engineering
* Chapter 12 Attacks on the Entry-Level Employee
* Chapter 13 Clever Cons
* Chapter 14 Industrial Espionage
Part 4 Raising the Bar
* Chapter 15 Information Security Awareness and Training
* Chapter 16 Recommended Corporate Information Security Policies

Security at a Glance
Sources
Acknowledgments
Index

You can purchase The Art of Deception from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

3 of 236 comments (clear)

  1. Fine for what it is by Jack+Wagner · · Score: 1, Troll

    I was given an advanced copy of this book as I had done some work for Motorola and Sun Microsystems after Mitnick had broken into them and I thought it kind of glossed over some important info.

    For instance he leaves out the famous ack flood attack which was used to break into Motorola by utilizing a well known hole in the TCP/IPv4 protocol simply because he doesn't want people to know about it and upgrade to IPv6. Of course if they did then he wouldn't be able to get consulting jobs by showing the exploit and them having these Fortune 500 companies pay him big bucks to fix them. Here's a freebie to all you from Wagner Consulting LLC., UPGRADE YOUR NETWORK LAYER TO IPv6!!!

    Fred Brooks in "The Mythical Man Month" states that for every exploit you find in your code there are 3 that go un-found so this means that there are still lots of holes in IPv4, yet the ack flood is the easiest one to exploit.

    Warmest regards,
    --Jack

    --


    Wagner LLC Consulting Co. - Getting it right the first time
  2. Best Solution by SirLanse · · Score: 0, Troll

    If you want to read this criminal's handbook, read it in the bookstore. (maybe borrow it from bookstore) Maybe read it in the library, DO NOT CHECK IT OUT! Library lists are subject to FBI warrants. Do not pay for it, why give a thief money? Mitnick is a DIRT BAG! I wish I could leave my doors unlocked like in the old west, and just shoot trespassers. Assholes like him, make ME have to lock MY doors.

  3. TROLL -Mod parent down by Surreal_Streaker · · Score: 0, Troll

    Known Troll! (Hint: just because you don't know what he is talking about, dosen't mean he is smarter than you.)