The Art of Deception Controlling the Human Element of Security Review ☆ 102


Read & download The Art of Deception Controlling the Human Element of Security

The Art of Deception Controlling the Human Element of Security

Wn information systems are to a slick con artist impersonating an IRS agent Narrating from the points of view of both the attacker and the victims he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true crime novel And perhaps most importantly Mitnick offers advice for preventing these types of social engineering hacks through security protocols training programs and manuals that address the human element of security In The Art of Deception Kevin Mitnick discusses the thing he's best at Social Engineering Social engineering is the term used in computer security to describe the manipulation of humans in order to break through a security barrier and is sometimes referred to as hacking the mind In the first chapter of his book usually referred to as The Lost Chapter As it wasn't published with the final version of the book Kevin Mitnick tries to convince his readers that he is innocent – or at least that he isn't a criminal I believe he made good points in this chapter and wish it was publishedThe book isn't about Mitnick though; it's about social engineering If he was ever on the dark side he is no longer there He now works as a security consultant and this book is designed to help improve security awareness and help us all avoid being deceived by social engineersThe bulk of this book consists of different stories of social engineers getting their job done followed by advice on how to avoid such kinds of attacks Just like any security book this book can also help the bad guys improve their skills because it offers many ideas on how you can trick people; however if the good guys read the book they would laugh at the bad guys' attempts and say Ha I know that one No reallyThe idea of the book is very interesting and some of its stories are really smart; however I must admit that it gets a bit repetitive towards the end The authors are trying to separate different stories into different chapters but the differences between the ideas in these stories are sometimes so smallThe ideas represented in this book are applicable to than just computer related systems Hey you don't have to use them to steal money but they're good to know anyway; however due to the fact that information is closely associated with computing nowadays you'll usually find a lot of technical details in the book But anyway as long as you use a computer you'll most likely be fine reading itThe authors have just completed a new book The Art of Intrusion It looks like it is going to be technical and geared toward hacking than social engineering I probably will give it a try sometime

Summary ✓ PDF, DOC, TXT, eBook or Kindle ePUB free ¹ Kevin D. Mitnick

The world's most infamous hacker offers an insider's view of the low tech threats to high tech security Kevin Mitnick's exploits as a cyber desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles books films and documentaries Since his release from federal prison in 1998 Mitnick has turned his life around and established himself as one of the most sought after computer security experts worldwide Now in The Art of Deception the world's most notorio The Art of Deception is one of two books by famous hacker Kevin Mitnick the other being The Art of Intrusion Intrusion focuses primarily on physical or technological hacks while this book focuses almost exclusively on social engineering attacksA number of problems prevented this book from being very good The main problem is simply that Mitnick did not have enough material to fill an entire book This book would have been better if it were shorter and simply one section in a larger book about security A great deal of the book feels like padding the anecdotes about various social engineering attacks seem repetitive and pointless reading just one is often enough but Mitnick consistently indulges himself with identical tale after identical taleI'm not entirely sure who the audience for this book could really be It doesn't seem like it's for technical people because the book goes out of it's way to define what things like http mean The book claims to be geared toward nontechnical people or businesspeople but the fact of the matter is that the subtle differences between a lot of the social engineering attacks will be missed by nontechnical people To your average joe 20 or so of the stories in the book will seem identical testing the patience of the readerThe book is also frustrating in its design It's constructed as a book to help managers and businesspeople manage security at their companies Every story about a social engineering attack is followed by a Mitnick Message where Kevin explains how to prevent the attack from happening to you In reality however the real focus is the story itself the attackers are consistently painted as the hero of the story with the hapless victims being drawn as naive morons It's clear that Mitnick admires the attackers in these tales and the Mitnick Message feels like it's been forced into the book to keep up the ruse that the book is intended for anyone other than wannabe hackers Mitnick's advice is a restated form of verify the identity of the caller in nearly every instanceThe book is to put it simply a bore Reading it was a challenge and I had to fight the frustration to skim or skip sections nonstop The Art of Intrusion is far interesting and I recommend it over this book without reservation There is value for businesspeople to read this book but I imagine it will present a significant challenge to their patienceAs an aside Mitnick offers terrible advice regarding passwords He argues that passwords should not consist of a constant combined with a predictable variable such as kevin01 kevin02 kevin03 I agree He also says that users should not write down their passwords and tape the paper to their monitor or under their keyboards I agree again He also unfortunately argues that passwords should expire every month Well that's terrible advice Passwords need to be something people can remember or they have to write them down If they are going to be memorable they can't change constantly If they change constantly and must still be memorable people have no choice but to add some predictable pattern to a memorable portion of a password In short of options A Don't write passwords down B Don't use a simple increment in a password C Change passwords monthly security administrators can pick any two To try for all three is delusion LDN Graffiti exploits as a cyber desperado and fugitive form one of the most Sworn to Silence exhaustive FBI manhunts in history and have spawned dozens of articles books films and documentaries Since his release from federal prison in 1998 Mitnick has turned his life around and Frog Is Frog established himself as one of the most sought after computer security Doctor Who experts worldwide Now in The Art of Deception the world's most notorio The Art of Deception is one of two books by famous hacker Kevin Mitnick the other being The Art of Intrusion Intrusion focuses primarily on physical or technological hacks while this book focuses almost Secrets On Morgan Hill exclusively on social Emma (Emma Trilogy engineering attacksA number of problems prevented this book from being very good The main problem is simply that Mitnick did not have Conversations with James Baldwin enough material to fill an Fifth Avenue, Uptown entire book This book would have been better if it were shorter and simply one section in a larger book about security A great deal of the book feels like padding the anecdotes about various social The Children of Willesden Lane. Beyond the Kindertransport engineering attacks seem repetitive and pointless reading just one is often Nee Naw enough but Mitnick consistently indulges himself with identical tale after identical taleI'm not Hide and Seek entirely sure who the audience for this book could really be It doesn't seem like it's for technical people because the book goes out of it's way to define what things like http mean The book claims to be geared toward nontechnical people or businesspeople but the fact of the matter is that the subtle differences between a lot of the social A Mothers Duty engineering attacks will be missed by nontechnical people To your average joe 20 or so of the stories in the book will seem identical testing the patience of the readerThe book is also frustrating in its design It's constructed as a book to help managers and businesspeople manage security at their companies Every story about a social Disney Tangled engineering attack is followed by a Mitnick Message where Kevin The Soprano explains how to prevent the attack from happening to you In reality however the real focus is the story itself the attackers are consistently painted as the hero of the story with the hapless victims being drawn as naive morons It's clear that Mitnick admires the attackers in these tales and the Mitnick Message feels like it's been forced into the book to keep up the ruse that the book is intended for anyone other than wannabe hackers Mitnick's advice is a restated form of verify the identity of the caller in nearly Empire Made Me every instanceThe book is to put it simply a bore Reading it was a challenge and I had to fight the frustration to skim or skip sections nonstop The Art of Intrusion is far interesting and I recommend it over this book without reservation There is value for businesspeople to read this book but I imagine it will present a significant challenge to their patienceAs an aside Mitnick offers terrible advice regarding passwords He argues that passwords should not consist of a constant combined with a predictable variable such as kevin01 kevin02 kevin03 I agree He also says that users should not write down their passwords and tape the paper to their monitor or under their keyboards I agree again He also unfortunately argues that passwords should Night of Knives (Malazan Empire, expire Kestrel (Hart Brothers, every month Well that's terrible advice Passwords need to be something people can remember or they have to write them down If they are going to be memorable they can't change constantly If they change constantly and must still be memorable people have no choice but to add some predictable pattern to a memorable portion of a password In short of options A Don't write passwords down B Don't use a simple increment in a password C Change passwords monthly security administrators can pick any two To try for all three is delusion

Kevin D. Mitnick ¹ 2 Free read

Us hacker gives new meaning to the old adage It takes a thief to catch a thief Focusing on the human factors involved with information security Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system With the help of many fascinating true stories of successful attacks on business and government he illustrates just how susceptible even the most locked do “ I went to prison for my hacking Now people hire me to do the same things I went to prison for but in a legal and beneficial way” – Kevin D Mitnick Ghost in the Wires My Adventures as the World's Most Wanted HackerReading ‘The Art of Deception’ is like hearing it straight from the horse's mouth Kevin D Mitnick one of the legendary cyber desperado turned computer security consultant takes the reader into the complex supremely confident – often misunderstood as arrogance and curiosity driven mindset of the hacker world as he describes the human element of computer security In this book with the help of very plausible scenarios and stories he demonstrates the Art of exploiting the human mind – other wise known as ‘Social Engineering’ to gain access to computer networks In the forward to this book Steve Wozniak sums up ‘The Art of Deception’ nicely with these words The art of Deception shows how vulnerable we all are – government business and each of us personally – to the intrusions of the social engineer In this security conscious era we spend huge sums on technology to protect our computer networks and data This book points out how easy it is to trick insiders and circumvent all this technological protection In the first three sections of this book the author explains in great details on how attackers gain entry into fortified assets by simply taking advantage of the trusting sympathizing nature of the human mind Mitnick covers almost all possible basic attack scenarios which a real life attacker uses in conning an unsuspecting computer user for gaining entry into a closed network By attacking the weakest link in the security apparatus this book shows how a skilled social engineer can take complete control of a system by pulling the strings on an unsuspecting victim like a master puppeteer and making him do things which favors the attacker After showing each scenario Mitnick explains the various factors which made each scenario work and gives valuable inputs and strategies on how organizations can prevent each scenario from happening with in their working environmentFor those who have a professional interest in corporate security or information security the section titled ‘Raising the Bar’ will be a valuable resource In this section Mitnick provides a very detailed outline of ‘practical corporate information security policies’ and training methodologies for staff which in a combined manner can mitigate the risks of an intrusion Some readers may find the style of writing employed in the book not up to the mark but as a practical book on analyzing and getting aware of the threat of Social Engineering and as an Information Security Policy reference this book has some valuable content In the present time you may find detailed books on Social Engineering but when this book came out in 2003 it had some sensational content which I still remember reading with great thrill Some of the technical exploits related to the telephone systems that are mentioned in the book are a bit outdated but the methods and philosophy of exploits that target the human mind is very relevant even todayThis book is a recommended read for anyone who is interested in computer security and the hacker subculture


10 thoughts on “The Art of Deception Controlling the Human Element of Security

  1. says:

    Pubbed almost two decades ago the technology angle in this book is largely although not completely out of dateFortunately that isn't the primary reason I picked up this book It's right there in the title We may as well call is Social Engineering Others might call it a con But either way human psychology being what it is the underlying vulnerability to network or corporate structures never really goes out of stylePEBCAK Problem Exists Between Chair and Computer This book does a very serviceable job outlining most of the ways that people can be conned out of information My favorite is just in looking or acting the part that people expect I've been hearing that advice from the early Robert A Heinlein days People trust others who seem just like them Confident behavior sends up no red flagsA lot of this is common sense but you and I know that Social Engineering is still a growth industryEvery day every sector someone somewhere is conning us A lot of this book is still very timely but I'm also sure that there are a lot of updated techniues out there


  2. says:

    The Art of Deception is one of two books by famous hacker Kevin Mitnick the other being The Art of Intrusion Intrusion focuses primarily on physical or technological hacks while this book focuses almost exclusively on social engineering attacksA number of problems prevented this book from being very good The main problem is simply that Mitnick did not have enough material to fill an entire book This book would have been better if it were shorter and simply one section in a larger book about security A great deal of the book feels like padding the anecdotes about various social engineering attacks seem repetitive and pointless reading just one is often enough but Mitnick consistently indulges himself with identical tale after identical taleI'm not entirely sure who the audience for this book could really be It doesn't seem like it's for technical people because the book goes out of it's way to define what things like http mean The book claims to be geared toward nontechnical people or businesspeople but the fact of the matter is that the subtle differences between a lot of the social engineering attacks will be missed by nontechnical people To your average joe 20 or so of the stories in the book will seem identical testing the patience of the readerThe book is also frustrating in its design It's constructed as a book to help managers and businesspeople manage security at their companies Every story about a social engineering attack is followed by a Mitnick Message where Kevin explains how to prevent the attack from happening to you In reality however the real focus is the story itself the attackers are consistently painted as the hero of the story with the hapless victims being drawn as naive morons It's clear that Mitnick admires the attackers in these tales and the Mitnick Message feels like it's been forced into the book to keep up the ruse that the book is intended for anyone other than wannabe hackers Mitnick's advice is a restated form of verify the identity of the caller in nearly every instanceThe book is to put it simply a bore Reading it was a challenge and I had to fight the frustration to skim or skip sections nonstop The Art of Intrusion is far interesting and I recommend it over this book without reservation There is value for businesspeople to read this book but I imagine it will present a significant challenge to their patienceAs an aside Mitnick offers terrible advice regarding passwords He argues that passwords should not consist of a constant combined with a predictable variable such as kevin01 kevin02 kevin03 I agree He also says that users should not write down their passwords and tape the paper to their monitor or under their keyboards I agree again He also unfortunately argues that passwords should expire every month Well that's terrible advice Passwords need to be something people can remember or they have to write them down If they are going to be memorable they can't change constantly If they change constantly and must still be memorable people have no choice but to add some predictable pattern to a memorable portion of a password In short of options A Don't write passwords down B Don't use a simple increment in a password C Change passwords monthly security administrators can pick any two To try for all three is delusion


  3. says:

    Kevin Mitnick probably the most famous and controversial computer hacker of the 1990's has spent several years of his life on the run as well as a few years in jail For years after leaving prison he was forbidden to log on to a computer a prohibition he appealed successfully He now runs a computer security business lectures to large corporations and has co authored two books on computer network security This book focuses on the human element of computer security Reminding us that even the most sophisticated high tech security systems can be rendered worthless if the people running them are not sufficiently vigilant Mitnick goes on to point out the myriad ways in which human carelessness can contribute to security breaches An experienced con artist who is well versed in social engineering techniues can often do far damage by manipulating people to provide information they shouldn't than by relying on technologically sophisticated hacking methodsThe book is interesting for the most part though it would have benefited from a 25% reduction in length and there are some annoying stylistic tics Throughout the first 14 chapters each of which reviews a particular type of ‘con’ used by hackerssocial engineers to breach computer security the chapter setup follows the same schemai an anecdote or vignette involving fictitious characters but based on actual events which lays out the deception as it unfolds following it through to the successful breach ii analysis of the ‘con’ focusing specifically on the mistakes or behaviors at the individual and at the organizational level which allowed it to succeed iii discussion of the changes that would be needed to stop the con from succeeding eg behavior of individual employees corporate policies and procedures computer software and hardware This is actually a pretty decent way to make the points Mitnick wants to get across – starting out with a concrete example of how things go wrong gets attention and motivates the reader to read on to figure out the solution One feature of the book which was meant to be helpful started to drive me crazy by about the third chapter Interspersed throughout each chapter the authors insert highlighted textboxes of two types ‘lingo’ – repeating the definition of a concept already adeuately defined in the text or ‘mitnick messages’ – which manage to be irritating beyond the cutesy name as they do nothing but encapsulate the obvious in language which condescends to the reader In general this is not a book you will read for the delights of its prose style after successfully gaining access to a cache of hidden documents one hacker is described as spending his evening gleefully “pouring over” the documents; however the prose is serviceable managing to avoid lapses into the dreaded corpspeak for the most part For some readers the most useful part of the book may be its final two chapters Here the authors lay out in considerable detail outlines for recommended corporate information security policies and an associated training program on information security awareness Though I am no expert in these areas the outlines strike me as being commendably thorough – complete enough that they could be fleshed out without too much difficulty to generate a comprehensive set of policies and proceduresDespite some redundancy and occasional infelicities of style this book seemed to me to be interesting and likely to be practically useful


  4. says:

    “ I went to prison for my hacking Now people hire me to do the same things I went to prison for but in a legal and beneficial way” – Kevin D Mitnick Ghost in the Wires My Adventures as the World's Most Wanted HackerReading ‘The Art of Deception’ is like hearing it straight from the horse's mouth Kevin D Mitnick one of the legendary cyber desperado turned computer security consultant takes the reader into the complex supremely confident – often misunderstood as arrogance and curiosity driven mindset of the hacker world as he describes the human element of computer security In this book with the help of very plausible scenarios and stories he demonstrates the Art of exploiting the human mind – other wise known as ‘Social Engineering’ to gain access to computer networks In the forward to this book Steve Wozniak sums up ‘The Art of Deception’ nicely with these words The art of Deception shows how vulnerable we all are – government business and each of us personally – to the intrusions of the social engineer In this security conscious era we spend huge sums on technology to protect our computer networks and data This book points out how easy it is to trick insiders and circumvent all this technological protection In the first three sections of this book the author explains in great details on how attackers gain entry into fortified assets by simply taking advantage of the trusting sympathizing nature of the human mind Mitnick covers almost all possible basic attack scenarios which a real life attacker uses in conning an unsuspecting computer user for gaining entry into a closed network By attacking the weakest link in the security apparatus this book shows how a skilled social engineer can take complete control of a system by pulling the strings on an unsuspecting victim like a master puppeteer and making him do things which favors the attacker After showing each scenario Mitnick explains the various factors which made each scenario work and gives valuable inputs and strategies on how organizations can prevent each scenario from happening with in their working environmentFor those who have a professional interest in corporate security or information security the section titled ‘Raising the Bar’ will be a valuable resource In this section Mitnick provides a very detailed outline of ‘practical corporate information security policies’ and training methodologies for staff which in a combined manner can mitigate the risks of an intrusion Some readers may find the style of writing employed in the book not up to the mark but as a practical book on analyzing and getting aware of the threat of Social Engineering and as an Information Security Policy reference this book has some valuable content In the present time you may find detailed books on Social Engineering but when this book came out in 2003 it had some sensational content which I still remember reading with great thrill Some of the technical exploits related to the telephone systems that are mentioned in the book are a bit outdated but the methods and philosophy of exploits that target the human mind is very relevant even todayThis book is a recommended read for anyone who is interested in computer security and the hacker subculture


  5. says:

    I suspect that if you're reading for entertainment then you probably want Mitnick's The Art of Intrusion or Ghost in the Wires instead This book is split 23 and 13 between a series of fictionalized anecdotes based on or representative of real incidents and a corporate policy guide The guide like all such specifications is deadly dry and would reuire several readings and much thought to fully internalizeThe anecdotes are interesting than entertaining and all proceed by the same basic pattern a 'social engineer' Mitnick's sterile term for what amounts to a con man manipulates the helpful or easily influenced into providing information or services which can then be further leveraged to some end Sections directly relating to computer penetration are substantially less interesting than those that are merely two people on a phoneMitnick's focus is organizational not individual and presupposes an organized collective effort towards protection based on establishing correct procedure education and most of all the directed effort of those in charge As such I can't help but think that this book is targeted to executives and not to the peon types on the front lines who in the anecdotes are the ones who inadvertently give away the keys to the kingdom


  6. says:

    We think of computer hackers as sitting in an isolated room endlessly probing corporate and private networks from their screen Actually almost all deep hacking starts with the manipulation of people to do something that allows the hacker to move to the next level The Art of Deception tells how Mitnick used social engineering skills to get people to unknowingly provide critical assistance from simply being polite and opening a secure door to setting up restricted user accounts Having read this book I am much suspicious of any reuest made online by phone or in person by a stranger Should be reuired reading for anyone in IT especially those involved in network security


  7. says:

    So Interesting read Social engineering has been going on a long time and has impacted many corporations governments etc I felt this book did a great job documenting examples of what has taken place as well as provided insights for what you and your organization can do to help prevent the best that you can social engineering attacks This book definitely irritated me as I had not thought about the detailed level of attacks folks have gone through Thinking back there have probably been some times where I had been the person on the receiving end Wish I had read this about a decade ago as it has some good common sense knowledge to learn from


  8. says:

    Human's are like bad Microsoft coding


  9. says:

    In The Art of Deception Kevin Mitnick discusses the thing he's best at Social Engineering Social engineering is the term used in computer security to describe the manipulation of humans in order to break through a security barrier and is sometimes referred to as hacking the mind In the first chapter of his book usually referred to as The Lost Chapter As it wasn't published with the final version of the book Kevin Mitnick tries to convince his readers that he is innocent – or at least that he isn't a criminal I believe he made good points in this chapter and wish it was publishedThe book isn't about Mitnick though; it's about social engineering If he was ever on the dark side he is no longer there He now works as a security consultant and this book is designed to help improve security awareness and help us all avoid being deceived by social engineersThe bulk of this book consists of different stories of social engineers getting their job done followed by advice on how to avoid such kinds of attacks Just like any security book this book can also help the bad guys improve their skills because it offers many ideas on how you can trick people; however if the good guys read the book they would laugh at the bad guys' attempts and say Ha I know that one No reallyThe idea of the book is very interesting and some of its stories are really smart; however I must admit that it gets a bit repetitive towards the end The authors are trying to separate different stories into different chapters but the differences between the ideas in these stories are sometimes so smallThe ideas represented in this book are applicable to than just computer related systems Hey you don't have to use them to steal money but they're good to know anyway; however due to the fact that information is closely associated with computing nowadays you'll usually find a lot of technical details in the book But anyway as long as you use a computer you'll most likely be fine reading itThe authors have just completed a new book The Art of Intrusion It looks like it is going to be technical and geared toward hacking than social engineering I probably will give it a try sometime


  10. says:

    Almost all of this book consists of infinitesimal variations on the same point communicated through accounts of apparently real events fictionalised by someone who clearly desperately wanted to write short stories instead of ghost writing for minor celebrities but couldn't find a publisher for them That every story reads like a bad and I mean bad noir film isn't just annoying; it makes them much less credibleIt's clear that Mitnick thinks very highly of himself and his accomplishments occasionally remembering to point out that it's really easy to defend against social engineering attacks but mostly painting social engineers as omnipotent Supermen who are just better than the common folk who merely work in offices; he also seems to think he's the first person to write a book about defending against these con men judging by his two chapters of condescending policy recommendations Maybe he is to a lot of the people who'd read this book It's certainly likely that The Art of Deception has done and will continue to do good than harm which is than can be said for most popular books on any kind of securityThat doesn't make it any less repetitive though


Leave a Reply

Your email address will not be published. Required fields are marked *