Customer Reviews


95 Reviews
5 star:
 (54)
4 star:
 (17)
3 star:
 (14)
2 star:
 (3)
1 star:
 (7)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


3 of 3 people found the following review helpful
5.0 out of 5 stars Packed With Knowledge!
In The Art of Deception, Kevin D. Mitnick, a corporate security consultant who was once arrested for computer hacking, has written a fascinating book about how to control security lapses due to the "human element." With writer William L. Simon, he describes how con artists use social engineering to gain information by lying to pass themselves off as insiders. By being...
Published on June 22 2004 by Rolf Dobelli

versus
3.0 out of 5 stars The Art of Deception...and then some
The human factor is truly security's weakest link according to Kevin Mitnick, famed hacker, now turn security consultant.
Mitnick, based on his illustrious experiences, writes about social engineering; the human factors involved with information security. The book goes into multiple ways of showing social engineering in practice, such as convincing an employee to...
Published on Feb. 12 2004 by Tarek M - www.InfosecWriters.com


‹ Previous | 1 210 | Next ›
Most Helpful First | Newest First

3 of 3 people found the following review helpful
5.0 out of 5 stars Packed With Knowledge!, June 22 2004
By 
Rolf Dobelli "getAbstract" (Switzerland) - See all my reviews
(REAL NAME)   
In The Art of Deception, Kevin D. Mitnick, a corporate security consultant who was once arrested for computer hacking, has written a fascinating book about how to control security lapses due to the "human element." With writer William L. Simon, he describes how con artists use social engineering to gain information by lying to pass themselves off as insiders. By being sensitive to human behavior and taking advantage of trust, they learn to bypass your security systems. The book teaches you how to ward off such threats and educate employees. Yet, problematically, this information could also help con artists be more sophisticated. In any case, this highly informative, engaging book includes sample conversations that open the door to information, along with tips about how various cons are used and what to do about them. We recommend this book to corporate officers, information managers, human resource getAbstract. directors and security personnel, but don't tell anybody.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars The Tao of Deception, April 18 2004
By 
Richard Peterson (Summerville, SC United States) - See all my reviews
(REAL NAME)   
Other reviewers write that this book is repetetive, and I agree - I believe that Mitnick is trying to convey a mindset. Each scenario in the book, taken alone, is insignificant. You can skip through the book, reading here and there, without losing much. Don't expect to learn much in this book about technicals of network security. But then again, all the computer and telecommunications savvy in the world does not make a hacker.
The right technical skills and knowledge, plus the mindset presented in this book equals hacking. If you are on the security side of things, reading this book (or a few chapters of it, at least) will help you get into the mindset of a hacker, and thus better detect weaknesses in your organization or system.
By the way, I thought the book was an entertaining read. Others say it was boring. I think they expected the wrong thing out of the book. For those of you that have read Harvey Mackay - this book is a lot like "Swim with the Sharks Without Being Eaten Alive" - he tells parables to get the message across.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars the Social Engineer., Feb. 20 2004
This book is both educational, and entertaining. Mitnick is the authority on the subject. And even though the techniques in this book used in the scenarios might seem dated, they still still get the point across, that the 'Human Element', is one of the greatest security holes. In this day and age network administrators feel that they have an edge against hackers with firewalls, and proxies, and what not...but when somebody wants to really get in, and they have the skill of somebody like Mitnick, then trouble is at hand. Though when reading the book, most people will probably get the feeling that Kevin Mitnick is just skimming the surface, or giving us the shortened version of each scenario. Even so this is great reading, and a great addition to anybody interested in corporate security, 'dumster diving' type of techniques, or hacker/anti-hacker techniques. Definite must reading for anybody that would train employees about security, and privacy/sensitvity of material and documents. Truly the art of being sneaky is a gift to Mitnick, alongside his hacking skills. One of the greatest lessons learned in this book is the fact that most people are just not paranoid enough, information that you think isn't sensitive, or important, could just be the key to any hacker's plan. If you want to get into Company X, then don't through the front door, go through the sewer lines....
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3.0 out of 5 stars The Art of Deception...and then some, Feb. 12 2004
The human factor is truly security's weakest link according to Kevin Mitnick, famed hacker, now turn security consultant.
Mitnick, based on his illustrious experiences, writes about social engineering; the human factors involved with information security. The book goes into multiple ways of showing social engineering in practice, such as convincing an employee to reveal his computer username and password or tricking someone to download spyware.
The book is definitely an eye-opener, bringing awareness of such devious, unorthodox tactics and attacks that users, net administrators and companies are commonly uneducated about. For counteractive measures, Mitnick goes on to recommend the establishment of training and awareness programs in addition to security policy guidelines.
But an interesting note surrounding the publication of this book was "the lost chapter". Much of the preface section never made the final cut but happened to mysteriously turn up on the Internet.
It revealed a lot more of Mitnick, with him recounting his life as a hacker and fugitive, about incidents whereby he was wrongly accused and his later arrest and incarceration where he was denied his constitutional rights...and John Markoff of the New York Times who couldn't get his facts straight.
At the end of this "lost chapter", it's safe to say you'd have some sympathy towards the legendary Mitnick, a hero in his own right. But then you'd have to give it a second thought, wouldn't you? After all, the book is about deception. ;-)

[+] Many methods of social engineering, an eye-opener.

[-] The scenario examples are fictionalized. He doesn't regale us with his actual stories.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars This book is about you. Yes, you., Jan. 8 2004
By 
Stijn Huyghe (Europe (Belgium).) - See all my reviews
This book is about you. Yes, you. The carbon-based life form in his natural habitat - the cubicle - tapping high-spirited and without worries on the keyboard. In the age of abundant security hypes and the painful, daily confrontations with the insecure reality, you finally managed to build a secure environment. Life is good.
A system is technically perfect when the only flaw in the system is the Human that operates, maintains and works with it. That makes you and every employee in the organization a target.
Organizations in the world invest massive amounts of money in firewalls, anti-virus software, intrusion detection ,VPN technology... but often neglect the most important and vulnerable security component: humans.
Kevin Mitnick brings you an essential piece of valuable awareness training packed in an easy reading book. Using realistic cases, interweaved with side notes, tips and lingo explanations from the master, you can start to mature and to fill the gaps in your security policy.
Review: The art of deception, controlling the Human Element of Security.
By Kevin D. Mitnick, William L. Simon.
ISBN: 0-471-23712-4.
Publisher: Wiley Publishing, Inc. ([...]
Review: stijn.huyghe@thti.telindus.be.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Well worth the read, Dec 26 2003
By 
Keith Appleyard "kapple999" (Brighton, UK) - See all my reviews
(REAL NAME)   
There was little material in here that I didn't already know, so I gave it 4*, for its use as refresher. For those unfamiliar with the topic, it probably does rate 5* as a primer.
Like other reviewers I didn't enjoy Mitnick's self-congratulatory / self-apologetic tone.
What it did remind me of is the lack of security at my own company :

* our employee car park beneath the building is permanently unmanned, so multiple passengers could enter the building piggybacking - and they have access to the office space behind the 'firewall' of the reception desk.
* in common with many companies we know have outsourced lots of things, including our Systems Security. So who's protecting who? I get lots of requests to send e-mails of commercially sensitive material outside our network to developers in India; but I refuse. Of course their own staff based onshore could be forwarding it on, and we wouldn't know.
I recommend everyone reads this book to see if they can improve upon their own security.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Worth reading for infosec professional - a 3.5, Nov. 30 2003
By 
Keith Tokash "twigles" (Laguna Niguel, CA United States) - See all my reviews
(REAL NAME)   
As the previous reviewer pointed out, you have to get past the fact that the author of this book has been convicted of a heap of crimes due to his application of the techniques he lays out in this book. I admittedly was a bit indignant about taking Mitnick's advice at first, but recognized early on that this is judgemental and immature, and this book has good info in it.
So basically this book is almost a "must-have" for the infosec professional because ... it's really the only book like it right now. Most well-rounded infosec books *include* info on social engineering. This book is *about* it, meaning you finally get an in-depth analysis of the techniques and methods used by social engineers, and suggestions to stop them.
Actually my biggest problem with this book is that the author(s) couldn't seem to figure out their target audience. They wrote a book that filled an infosec niche, then constantly defined terms like "Brute Force", which everyone reading this book probably figured out at the kindergarten level of infosec. They do this a lot and overall I found this, coupled with the simplistic writing style, to be a bit condescending. That's why I say this is a 3.5 and not a true 4.
SUMMARY - Good info, more in-depth knowledge of social engineering than anywhere else, dumb writing style. At least worth borrowing or picking up used like I did.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Good information on a rarely covered subject....., Oct. 21 2003
By A Customer
This is one book that every security manager NEEDS! So often (too often), information security is only addressed at a purely technical level (e.g., firewalls, IDS, etc.) while "traditional" types of security are completely ignored or (worse yet) ridiculed as "old fashioned".
If you're expecting Mitnik to dive into the IP stack headfirst, this book is NOT for you. No fancy tools are needed for these "hacks". Instead, it shows how a slick tongue, human nature, and a bit of logical thinking often combine to wreak havoc. This is hacking at its finest - no audit trails, no intrusion detection - just pure system access that somebody handed to you in a basket!
If you're an INFOSEC manager, read this book. Learn what you can from it, then take an honest look at how easy it is to get around security measure in your own organization. (Start by taking a peek your wastepaper bins or those paper recycling boxes after hours. It's amazing what can be found!)
Great book for managment and INFOSEC people alike....but I'd think twice before handing it over to a bored 15-year old! :-)
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Hacking made frighteningly easy, Aug. 28 2003
By 
Dr. G. Hinson "Gary" (New Zealand) - See all my reviews
(REAL NAME)   
Story by story, Mitnick (once described as the FBI's "most wanted hacker") reveals some tricks-of-the-trade. Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick's favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members of the organizations he is attacking into defeating the controls from the inside.
Reading this book, you will quickly come to realize that Mitnick's toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can't simply plug in a new program to security-patch your employees!
Mitnick's suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3.
I'm left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the "419" advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.
My bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Mitnick offers unique and invaluable insight, Aug. 7 2003
By 
Andrew L. Williams (Hingham, MA) - See all my reviews
(REAL NAME)   
The Art of Deception is a must read for EVERYBODY, not just those directly responsible for securing information and/or computer systems. Becuase, as Mitnick points out, those individuals in corporations who are furthest removed from creating or enforcing security policies are often times the most common targets of social engineers becuase of this very fact. Reading this book, you will begin to realize that every, single one of us is a potential security vulnerability waiting to be exploited by a social engineer. In fact, many of the stories will probably have you recalling certain situations in your own past, and wondering if you've already been a target.
This book is totally unique in the information security field, because it focuses on strategies, tactics, and results and not on tools and technologies, which often times serve only to provide a false sense of security. This point is made most succinctly in Mitnick's tale of compromising (at the challenge of the manufacturer at a trade show) of a supposedly un-hackable operating system. Mitnick and his companion succeed in gaining administrator priveleges on the machine not by using traditional hacking techniques, rather by combining guile, amateur lock-picking skills, and exploiting carelesness and cockiness on the part of the developers (think of the Germans rolling around the Maginot line into France). After reading the stories in the book and the chapters at the end on security assesments and policies, you will have the knowledge to recognize the potential threats and to defend yourself and your company.
In addition to all of this, The Art of Deceptions is a captivating and enjoyable read.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 210 | Next ›
Most Helpful First | Newest First

This product

Only search this product's reviews