Buy Book Online Audio, Child Books, Comic, Engineering Books

• Book Store

• Audio Books

• Child Books

• Comic Books

• Computer Books

The Art of Deception: Controlling the Human Element of Security Books In Print, Audio Books.

Home » All Books

The Art of Deception: Controlling the Human Element of Security
buy bestselling books in print, audio books

	List Price: $35.99 Our Price: $27.50 You Save: $8.49
[ + Zoom ] [ Buy Now ]	Book : Usually ships in 24 hours

The Art of Deception: Controlling the Human Element of Security description
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk

The Art of Deception: Controlling the Human Element of Security Customer Reviews

♥♥♥♥♥

Cloak and Swagger

An important book for anyone involved in security (computer or otherwise). The book recounts the real life exploits of a smart young kid who went bad and eventually got trapped by his own hubris, so it's a pssedo-biography. It shows that the real security weak-link is the human (no surprise there). Eliptic curve algorithms and 2048 bit encryption don't prevent people from just telling someone their password.

The examples used to illustrate techniques are somewhat artificial, but it doesn't take a lot of imagination to see the real world case behind it. It reveals how we are socially engineered and how that was exploited. The modern equivalent, adapted to new technology isn't laid out, but i don't think we have quite reached human 2.0 yet to make that a big intellectual stretch. It is both fascinating and scary how personal weaknesses and prejudices can be used to extract confidential information and gain access.

Mitnik's exploits also included a thorough understanding of phone systems and technology (phreaking) as well as human nature, but these are not discussed in detail in this book because he's prohibited from doing so and probably because the security holes are still there on some systems. Most of these technology based exploits utilized features designed to help field engineers and remote offices. this should help inform system designers, architects and implementors to consider mal-use cases as well. That is, think about how a requested feature could be used improperly and develop appropriate human as well as technological protocols.

The book is not the greatest read and is somewhat repetitive, with many of the exploits seeming somewhat dated. It would be nice to get an update on Mitnick's analysis of risk in current systems and social trends. With the popularity of social netwoking sites that update could help those participants develop a society and human 2.0 awareness.

I think the authors and publishers didn't want to write a handbok for cons, so this has made the book seem obtuse to some readers. I think the intention was to get the reader into the mindset of the con, so they can consider issues from that perpsective. Which is the old economics standard of "what is the maximum reward for minimum risk".

Non User