The Art of Deception 241
| The Art of Deception | |
| author | Kevin Mitnick (& William L. Simon) |
| pages | 346 |
| publisher | Wiley Publishing, Inc. |
| rating | 9 |
| reviewer | MasterSLATE |
| ISBN | 0471237124 |
| summary | Geared toward the company security guy, but a good read for anyone interested in security, especially social engineering |
What's to Like?
The Art of Deception is extremely easy to understand and actually fun to read.
The first part of the book, Behind the Scenes contains the first chapter, Security's Weakest Link, which describes through many examples how and why the social engineer is able to so easily manipulate people to get what he wants.
Part 2, The Art of the Attacker, contains chapters 2-9, which describe various ways a social engineer can manipulate people over the phone. Each chapter tells of a different method that could be used to gain information. Each chapter also contains at least one example.
Part 3, Intruder Alert, contains chapters 10-14, which tell about different ways a social engineer can get inside a company, whether physically or through an internal contact. Each chapter contains at least one example.
Part 4, Raising the Bar, contains chapters 15 and 16, which explain how a company should create their security policies and training to prevent the social engineer from gaining access to sensitive information. These chapters are definitely more geared toward the executive, security analyst, or other specialist, as they contain specifics on what new policies should be implemented and why.
The last section in the book, Security at a Glance, contains some charts and information which should be read over by a more general audience, such as employees and other people that may be contacted by a social engineer.
And one sidenote: there's a nice little foreword by Woz (Steve Wozniak).
The Summary
Although this book is geared toward the company security expert, this book also has appeal to anyone with an interest in social engineering. I found it to be a quick and fun read. As a social engineer, this book taught me new tactics to try as well as ways that my targets might be prevented from giving me information I seek.Table of Contents
Foreword
Preface
Introduction
Part 1 Behind the Scenes
* Chapter 1 Security's Weakest Link
Part 2 The Art of the Attacker
* Chapter 2 When Innocuous Information Isn't
* Chapter 3 The Direct Attack: Just Asking for It
* Chapter 4 Building Trust
* Chapter 5 "Let Me Help You"
* Chapter 6 "Can You Help Me?"
* Chapter 7 Phony Sites and Dangerous Attachments
* Chapter 8 Using Sympathy, Guilt and Intimidation
* Chapter 9 The Reverse Sting
Part 3 Intruder Alert
* Chapter 10 Entering the Premises
* Chapter 11 Combining Technology and Social Engineering
* Chapter 12 Attacks on the Entry-Level Employee
* Chapter 13 Clever Cons
* Chapter 14 Industrial Espionage
Part 4 Raising the Bar
* Chapter 15 Information Security Awareness and Training
* Chapter 16 Recommended Corporate Information Security Policies
Security at a Glance
Sources
Acknowledgments
Index
You can purchase The Art of Deception from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Letter.. (Score:5, Funny)
Dear Amazon.com,
I would like to get a copy of "The Art of Deception", however my grandmother needs surgery and I can't spare any money at the moment. If you'd like to lend me a copy please feel free to email for shipping information.
I, and my grandmother, thank you.
grubby
small typo in the review (Score:4, Funny)
As a social engineer, this book taught me new tactics to try as well as ways that my targets might be prevented from giving me information I seek.
You misspelled "criminal".
Right here (Score:3, Funny)
RE-WRITING CHAPTER 7 (Score:3, Funny)
More like:
Chapter 7: Porn Sites and Dangerous Screen Savers
Re:Letter.. (Score:5, Funny)
Hi, it's Scratch at Amazon. The suits here would never think of sending you something for free, but your story touched my heart, and I'd like to help. If you could send me the username and password of your Amazon account, I'd be happy to slip the order in for you, without charging your credit card.
Re:Protecting people via DCMA (Score:3, Funny)
>Part 2 The Art of the Attacker
* Chapter 2 When Innocuous Information Isn't
* Chapter 3 The Direct Attack: Just Asking for It
* Chapter 4 Building Trust
* Chapter 5 "Let Me Help You"
* Chapter 6 "Can You Help Me?"
* Chapter 7 Phony Sites and Dangerous Attachments
* Chapter 8 Using Sympathy, Guilt and Intimidation
* Chapter 9 The Reverse Sting
From the poster:
> Doesn't the US DCMA NOT allow for tools that bypass security? I wonder how soon it will be before someone tries to use the DCMA against someone who used social engineering.
Don't worry, rumors to the effect that we're going to pass laws to extend DMCA to new areas happen all the time, they're pretty innocuous. Why don't you support us? We're just trying to make good laws, just like you're trying to make good code. If you're confused, that's OK, we've seen that before, let us help you with that.
We're working with Senator Hollings (D-Dis), and we're considering new and novel approaches to promote consumer use of broadband. Can you help us help him to promote the use of consumer broadband?
He's taken an awful lot of hard knocks lately over the SSSCA, er, CBDTPA, and some people in the halls of power (and some who have really big guns!) think it's partially Slashdot's fault and are kinda cheezed about it. But neither bill had a chance to be passed, and Senator Hollings (D-Dis) knew it when he put them forward. Surely an honest geek can make up for misunderstanding the Senator's intention, can't he?
Did you know that Senator Hollings (D-Dis) is starting up a brand-new 2600 chapter in Washington, DC? Why not come to our first meeting and say hello!
social engineering (Score:2, Funny)
He always could get what he wanted from people.
Re:Is this always true? (Score:5, Funny)
It's called a KEY, Eisenstein. You can find them at the hardware store.
LOL... if sarcastically calling someone Einstein implies that they are stupid, does sarcastically calling someone Eisenstein imply that they are spouting propaganda?
-a
The real question (Score:5, Funny)
Re:Where's the review? (Score:1, Funny)
What do you get?
Part 1 Behind the Scenes
* Chapter 1 Security's Weakest Link
But that's not all. Act now and you will also receive
Part 2 The Art of the Attacker
* Chapter 2 When Innocuous Information Isn't
* Chapter 3 The Direct Attack: Just Asking for It
* Chapter 4 Building Trust
* Chapter 5 "Let Me Help You"
* Chapter 6 "Can You Help Me?"
* Chapter 7 Phony Sites and Dangerous Attachments
* Chapter 8 Using Sympathy, Guilt and Intimidation
* Chapter 9 The Reverse Sting
As though that weren't enough, you will also get:
Part 3 Intruder Alert
* Chapter 10 Entering the Premises
* Chapter 11 Combining Technology and Social Engineering
* Chapter 12 Attacks on the Entry-Level Employee
* Chapter 13 Clever Cons
* Chapter 14 Industrial Espionage
And if you call in the next ten minutes, we'll include at no addional cost
Part 4 Raising the Bar
* Chapter 15 Information Security Awareness and Training
* Chapter 16 Recommended Corporate Information Security Policies
Now how much would you pay?
favorite "review" quote: (Score:3, Funny)
Re:Is this always true? (Score:2, Funny)
Do not discount the possibility of someone stealing the box [slashdot.org].
One of the purposes of the concrete is to make the box impossibly heavy. Also, for best results, the box should be surrounded by lasers in a locked room in a secret military facility hidden in the side of a volcano.
Seriously though, I don't think this kind of precaution is something every business needs to take. This is for the army's root key, or maybe a large company with a very sensitive CA (e.g. Microsoft or Verisign).
-a
The DMCA needs to be amended . . . (Score:3, Funny)
Re:Where's the review? (Score:2, Funny)