The Art of Deception: Controlling the Human Element of Security

Review: The art of deception, controlling the Human Element of Security.
By Kevin D. Mitnick, William L. Simon.
ISBN: 0-471-23712-4.
Publisher: Wiley Publishing, Inc. (http://www.wiley.com).
Review: stijn.huyghe@thti.telindus.be.

Rating:
Summary: Own3d
Review: Book frig'n rulz. Kevin does "have a real job" kid. Who do you think he works for now?

This book is is well written and from a great mind @ that. Get it, get it now. ~
Ramsinks dot com.

Rating:
Summary: Well worth the read
Review: There was little material in here that I didn't already know, so I gave it 4*, for its use as refresher. For those unfamiliar with the topic, it probably does rate 5* as a primer.

Like other reviewers I didn't enjoy Mitnick's self-congratulatory / self-apologetic tone.

What it did remind me of is the lack of security at my own company :

* our employee car park beneath the building is permanently unmanned, so multiple passengers could enter the building piggybacking - and they have access to the office space behind the 'firewall' of the reception desk.

* in common with many companies we know have outsourced lots of things, including our Systems Security. So who's protecting who? I get lots of requests to send e-mails of commercially sensitive material outside our network to developers in India; but I refuse. Of course their own staff based onshore could be forwarding it on, and we wouldn't know.

I recommend everyone reads this book to see if they can improve upon their own security.

Rating:
Summary: The Book is a Con Job Too
Review: The psychology of a Con Job is more the issue here. Computer
security is merely incidental. The stories are repetitive
but informative. The good thing about the book is a series of
anticdotes which can be used in speeches and training seminars
on computer security. It is sort of a book of quotes for IT
security trainers. The bad thing about the book is that it
is a con job in and of itself. Mitnick is profiting from his
crimes. The hype of the "Free Kevin" campaign caught visibity
with the magazine "2600" shows more public relations skill than
compter security competence. Some people just can't quit.
Find a real job Kevin.

Rating:
Summary: You're already a victim
Review: If you're reading this, you're already a victim of "social engineering" as Mitnick calls it. You somehow believe that reading these reviews will tell you whether the book is OK or not. But these reviews can be entered by anyone. Perhaps Mitnick has entered most of them himself or his publisher did the same; you'll never know.

So instead go down to the local bookstore, handle a copy and determine for yourself.

Rating:
Summary: Worth reading for infosec professional - a 3.5
Review: As the previous reviewer pointed out, you have to get past the fact that the author of this book has been convicted of a heap of crimes due to his application of the techniques he lays out in this book. I admittedly was a bit indignant about taking Mitnick's advice at first, but recognized early on that this is judgemental and immature, and this book has good info in it.

So basically this book is almost a "must-have" for the infosec professional because ... it's really the only book like it right now. Most well-rounded infosec books *include* info on social engineering. This book is *about* it, meaning you finally get an in-depth analysis of the techniques and methods used by social engineers, and suggestions to stop them.

Actually my biggest problem with this book is that the author(s) couldn't seem to figure out their target audience. They wrote a book that filled an infosec niche, then constantly defined terms like "Brute Force", which everyone reading this book probably figured out at the kindergarten level of infosec. They do this a lot and overall I found this, coupled with the simplistic writing style, to be a bit condescending. That's why I say this is a 3.5 and not a true 4.

SUMMARY - Good info, more in-depth knowledge of social engineering than anywhere else, dumb writing style. At least worth borrowing or picking up used like I did.

Rating:
Summary: Good book for those who appreciate a good social engineer
Review: Good book for hackers, recruiters, sales people, or basically anyone who has a need to ruse now and then. Last few chapters were boring but overall good book.

Rating:
Summary: Nicely done!
Review: There are over 70 reviews on Amazon so I will keep this short. Since I work for a security research and education group, I get proposals to do a social engineering course several times a year. In general they can only come up with 6 or 7 attacks. Nothing I have seen has the depth and breadth of this work.

Rating:
Summary: Good information on a rarely covered subject.....
Review: This is one book that every security manager NEEDS! So often (too often), information security is only addressed at a purely technical level (e.g., firewalls, IDS, etc.) while "traditional" types of security are completely ignored or (worse yet) ridiculed as "old fashioned".

If you're expecting Mitnik to dive into the IP stack headfirst, this book is NOT for you. No fancy tools are needed for these "hacks". Instead, it shows how a slick tongue, human nature, and a bit of logical thinking often combine to wreak havoc. This is hacking at its finest - no audit trails, no intrusion detection - just pure system access that somebody handed to you in a basket!

If you're an INFOSEC manager, read this book. Learn what you can from it, then take an honest look at how easy it is to get around security measure in your own organization. (Start by taking a peek your wastepaper bins or those paper recycling boxes after hours. It's amazing what can be found!)

Great book for managment and INFOSEC people alike....but I'd think twice before handing it over to a bored 15-year old! :-)