The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick (PDF)

Description

The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security Kevin Mitnick’s exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world’s most notorious hacker gives new meaning to the old adage, “It takes a thief to catch a thief.” Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

User’s Reviews

Editorial Reviews: Review “…a fascinating read…” (ForTean Times, June 2004) “…a lot of interesting cautionary tales…” (New Scientist, January 2004)

Reviews from Amazon users which were colected at the time this book was published on the website:

⭐I bought this book in 2008, and read it after I got it. I was in love with cyber-security and social engineering was the theme those days. I never reviewed the book back then but I reread this book again yesterday and it hit me that Kevin’s ideas are some of the most profound ideas when it comes to human behavior.Our tendency to be helpful.Our tendency to let someone new come into our livesEtc,..I will be honest, after spending 13 years in financial and marketing industry and reading 1000s of books and having 1000s of experiences I promise if someone wants to set me up they probably can.It’s really hard to get away from a good setup.One thing that helped me all these years is that at the end of the day I ask myself two questions. This is a routine I do every day and been doing it for almost 10 years now.1. Did I try to help a stranger or someone I know today? If yes, then what was the context.2. Did someone came in my life trying to do good things for me out of blue? (This can be a friend that randomly texts you on FB or emails you after ages.)

⭐Wow! This is a must read book for just about everyone, even those who have not entered the information age yet.In a world that incessantly grows complex and beyond the understanding of the common man, one simply cannot cope with the new risks and threats that arise on a daily basis. This leads to innocent mistakes that can cause us serious harm.Often – techies and geeks believe technology is the answer – and to an extent that is true; however, the human element is the weakest link – and this book shows that in a nice way.Read this book to understand the ploys used, the tactics of a vicious mind (or mischevious), and how easy it is for a vast majority of the people to fall victim. The good thing is that you will get ideas on what you and your company should be doing different.Remember – although you will learn a lot – maintaining your guard and building immunity against deception is a moving traget. As such – you will need to strive and go beyond the many points covered in the book.Read it and implement better practices in your work and life without any delay…the risks are not worth it.

⭐The reason for security professionals to read this book can be summed up in two words: Eric Snowden.It opens with: “A company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business.That company is still totally vulnerable.”Two words: Eric SnowdenMitnick shows that the weakest link in any security system is the human factor. Employees with the best intentions can be tricked into giving away passwords and allowing access to the most top secret systems.”The Art of Deception” teaches you the tricks of deception so that you can learn how to protect against them. This is a must read for all security professionals.

⭐It’s a textbook. What’s there to get excited about. Great to be able to rent though instead of paying exorbitant prices.

⭐The systematic approach to misleading and deceiving people is startling and eye opening at first, but the book’s narrative style is smug and ham-handed. About half-way through you realize every story is the same. Why go on?

⭐Mitnick never described himself as a “hacker” but rather a “social engineer”. Good at it and well articulated in this text. Shame a crook can make so much ill gotten gain from being good at his illegal endeavors

⭐This book highlights how security these days has little to do with electronics and more to do with employees and people in general.It described how to defeat a card lock / RFID door security system and gain access to one of these buildings by holding nothing more than a simple large brown box.

⭐Good book on social engineering, material is still valuable if slightly dated. A lot of the different aspects centers around the ability to influence landlines, get into switch networks for phones, and work through various gaps in the phone systems which have been rendered OBE by the advent of cel phones. I recommend if you can find a used copy.

⭐Kevin Mitnick is well known to those in the security field; he is notorious for the efforts that he made to find ways around security systems, sometimes by hacking, but often by social engineering. I was a bit ambivalent about buying the book; did I want to “reward” someone that had been responsible for a number of security breaches.However, I am glad that I did; the book highlights the methods used to gain illegal access to sites, systems and processes. These can be used by the astute security professional to understand how hackers think and to than be able to consider their options for improving their own security.Security is not a destination, it is a journey. No matter how good a job you do, someone will find a way to get around the most hardened of processes. It is necessary to constantly question if the specific process that you have introduced are working and if they are doing the job that you think they should. Books like this reveal just how important it is to be able to take that outsider’s view to ensure that you do not become one of the victims.It’s a very readable book and I feel that it should be read by anyone involved at any level in the field of IT security.

⭐( NB The author is Kevin Mitnick, despite Amazon’s “all my reviews” showing it to be Steve Wozniak, Steve Jobs’ partner in founding Apple. Woz merely wrote the foreword. )I found this book very disappointing. After listening to an interview with the author, I was interested in learning more about his hacker background, and techniques he used to gain access to computer systems. As his new book is so excessively priced, I settled for a used copy of this, his earlier book.At first it held my interest, as it describes how access to computer systems is gained by “social engineering” – posing as a company employee from one department, when phoning another department & extracting access infromation from employees like receptionists etc. who trust that you are genuine. It helps to be able to name drop managers’ names too. He even persuades systems administrators to set him up with a “guest” account by posing as a visitor from another installation, within the same company.Fascinating in as far as it went, but that’s where it stopped. Subsequent episodes were all variations on the same theme, and soon I got bored with reading the same stuff over and over again, especially as each episode was also followed by an analysis of how it was done (not needed really, it was self-evident) and then recommendations on how to avoid being compromised by this kind of hack. So all this was repeated time and time again also.The only time it raised a smile was when he talks about running a password harvesting program on a dumb terminal. This is a relatively simple hack which, as a college teacher of I.T. I was able to demonstrate to students on our Unix system, so the author brought back interesting memories.I have a lot of respect for his chutzpah and nerve in carrying through what he did, and also his skill in penetrating systems, but am far less impressed by his ability as a writer. The book is heading for the charity (thrift) shop.

⭐I wasn’t really sure what I was getting myself in for getting this book, but I have to say that I really enjoyed it.Kevin was what the movie’s Hackers 1/2 was based on and this really does take you through his early life and how easy it was back then to get details of passwords and accounts etc. But also teaches of ways to counter also.Overall I really enjoyed the book and often mention it in conversation about how social engineering can be used.

⭐The stories told by Mitnick in this book are very entertaining to read, but I do think that businesses today (certainly enterprises) have done a lot of work in countering practices described by Mitnick. After a story, there is always an explanation of the con and what you can do about it (which is usually not much). These comments are very obvious most of the time. So of the 368 pages, there are about 200 that are an entertaining read. The last chapter covers how you can improve the security (and security procedures) of your company. Again, some are obvious, some of these notes are already widely implemented today. I must agree with another reviewer, the book hasn’t aged well.

⭐I bought this having thoroughly enjoyed Mitnick’s “Ghost in the Wires”, but it fell short of the original standard. My overall impression was that this book simply capitalised on Mitnick’s reputation based on his “notoriety” and his previous literary success. I found myself skipping large chunks of it, but maybe the book would be useful as a checklist or reminder for those who work directly with internet security issues. Mitnick’s “Ghost in the Wires” taught me a lot; this one added little more.

Keywords

Free Download The Art of Deception: Controlling the Human Element of Security in PDF format
The Art of Deception: Controlling the Human Element of Security PDF Free Download
Download The Art of Deception: Controlling the Human Element of Security 2003 PDF Free
The Art of Deception: Controlling the Human Element of Security 2003 PDF Free Download
Download The Art of Deception: Controlling the Human Element of Security PDF
Free Download Ebook The Art of Deception: Controlling the Human Element of Security