The Art of Deception et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus


ou
Identifiez-vous pour activer la commande 1-Click.
Plus de choix
Vous l'avez déjà ? Vendez votre exemplaire ici
Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

 
Commencez à lire The Art of Deception sur votre Kindle en moins d'une minute.

Vous n'avez pas encore de Kindle ? Achetez-le ici ou téléchargez une application de lecture gratuite.

The Art of Deception: Controlling the Human Element of Security [Anglais] [Relié]

Steve Wozniak , Kevin D. Mitnick , William L. Simon
3.7 étoiles sur 5  Voir tous les commentaires (3 commentaires client)
Prix : EUR 26,65 Livraison à EUR 0,01 En savoir plus.
  Tous les prix incluent la TVA
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Il ne reste plus que 5 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon. Emballage cadeau disponible.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 8,91  
Relié EUR 26,65  
Broché EUR 9,38  
Broché --  

Description de l'ouvrage

8 octobre 2002
The world′s most infamous hacker offers an insider′s view of the low–tech threats to high–tech security Kevin Mitnick′s exploits as a cyber–desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought–after computer security experts worldwide. Now, in The Art of Deception, the world′s most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked–down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true–crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

Offres spéciales et liens associés



Descriptions du produit

Revue de presse

“…authoritative…” ( Retail Systems , December 2005) Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie WarGames . Since his plea–bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It′s not clear whether this book is a means toward that end or a, wink–wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it′s a tour de force, a series of tales of how some old–fashioned blarney and high–tech skills can pry any information from anyone. As entertainment, it′s like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it′s a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick′s description of how he actually hacked into systems. As a manual for a would–be hacker, it′s dated and nonspecific –– better stuff is available on the Internet—but it teaches the timeless spirit of th e hack. Between the lines, a portrait emerges of the old–fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxication sense of power that comes from stalking and spying. (Oct.) Forecast: Mitnick′s notoriety and his well written, entertaining stories should generate positive word–of–mouth. With the double appeal of a true–crime memoir and a manual for computer security, this book will enjoy good sales. ( Publishers Weekly , June 24, 2002) "...an interesting read..." (www.infosecnews.com, 17 July 2002) "...highly entertaining...will appeal to a broad audience..." ( Publishing News , 26 July 2002) The world′s most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22–month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software. He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state–of–the–art security software can′t protect businesses from the dangers of human error. With Mitnick′s recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. [This should not be confused with Ridley Pearson′s new thriller, The Art of Deception . —Ed]—Joe Accardi, William Rainey Harper Coll. Lib., Palatine, IL ( Library Journal , August 2002) He was the FBI′s most–wanted hacker. But in his own eyes, Mitnick was simply a small–time con artist with an incredible memory, a knack for social engineering, and an enemy at The New York Times . That foe, John Markoff, made big bucks selling two books about Mitnick – without ever interviewing him. This is Mitnick′s account, complete with advice for how to protect yourself from similar attacks. I believe his story. ( WIRED Magazine, October 2002) Kevin Mitnick spent five years in jail at the federal authorities′ behest, but The Art of Deception: Controlling the Human Element of Security (Kevin Mitnick and William Simon), reveals that he was no lowly grifter. Rather, by impersonating others in order to talk guileless employees out of access protocols, Mr. Mitnick was practicing "the performance art called social engineering." While every society has had its demimonde–like the Elizabethan coney catchers who duped visitors to 16th–century London––it′s in the United States that con artists assumedlegendary status. The definitive book is still The Big Con from 1940 (Anchor Books), which commemorates a golden age already receding when it was published: the grifters it describes––like the High Ass Kid and Slobbering Bob––thrived between 1914 and 1929, when technological advances and unparalleled prosperity generated a roller–coaster stock market. That sounds a lot like the past decade. So how did the culture of the con do during the Internet era? On Mr. Mitnick′s evidence, it flourished and evolved. The Art of Deception is itself a bit of a fraud as far as advice on upgrading security. But the book does deliver on "social engineering" exercises. Some aren′t even illegal and Mr. Mitnick –– weasel that he is –– lovingly records their most elaborate convolutions. One way or another, you′ll find the information useful. ( Red Herring , October 2002) "Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as ′that natural human desire to help others and be a good team player.′" ( Wired.com , October 3, 2002) Finally someone is on to the real cause of data security breaches––stupid humans. Notorious hacker Kevin Mitnick––released from federal prison in January 2000 and still on probation––reveals clever tricks of the "social engineering" trade and shows how to fend them off in The Art of Deception: Controlling the Human Element of Security (Wiley, $27.50). Most of the book, coauthored by William Simon (not the one running for governor of California), is a series of fictional episodes depicting the many breathtakingly clever ways that hackers can dupe trusting souls into breaching corporate and personal security––information as simple as an unlisted phone number or as complicated as plans for a top–secret product under development. The rest lays out a fairly draconian plan of action for companies that want to strengthen their defenses. Takeaway: You can put all the technology you want around critical information, but all it takes to break through is one dolt who gives up his password to a "colleague" who claims to be working from the Peoria office. What′s useful about this book is its explanation of risks in seemingly innocuous systems few people think about. The caller ID notification that proves you′re talking to a top executive of your firm? Easily forged. The password your assistant logs in with? Easily guessed. The memos you toss into the cheap office shredder? Easily reconstructed. The extension that you call in the IT department? Easily forwarded. Physical security can be compromised, too. It′s not hard to gain access to a building by "piggybacking" your way in the door amid the happy throng returning from lunch. You′d better have confidence in your IT professionals, because they′re likely to have access to everything on the corporate system, including your salary and personal information. Mitnick offers some ideas for plugging these holes, like color–coded ID cards with really big photos. Implementing the book′s security action plan in full seems impossible, but it′s a good idea to warn employees from the boss down to the receptionist and janitors not to give out even innocuous information to people claiming to be helpful IT folks without confirming their identity––and to use things like encryption technology as fallbacks. Plenty of would–be Mitnicks––and worse––still ply their trade in spaces cyber and psychological. ––S.M. ( Forbes Magazine – October 14, 2002) "...the book describes how people can get sensitive information without even stepping near a computer through ′social engineering′ –– the use of manipulation or persuasion to deceive people by convincing them that you are someone else." ( CNN.com ′s Technology section, October 9, 2002) "...engaging style...fascinating true stories..." (The CBL Source, October/December 2002) "…the book describes how people can get information without even stepping near a computer…" (CNN, 16 October 2002) "…each vignette reads like a mini–cybermystery thriller…I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate…" (zdnet.co.uk, 15 October 2002) "…details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems…the book is scary in ways that computer security texts usually do not manage to be…" (BBC online, 14 October 2002) "…more educational than tell–all…" (Forbes, 2 October 2002) "…would put a shiver into anyone responsible for looking after valuable computer data…the exploits are fictional but realistic…the book is about hacking peoples heads…" (The Independent, 21 October 2002) "…the key strength of The Art of Deception is the stream of anecdotes – with explanations about how and why hacks succeed…provides a solid basis for staff training on security…" (Information Age, October 2002) "…should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is – people and their human nature…" (Unix Review, 18 October 2002 "…disturbingly convincing…" (Fraud Watch, Vol.10, No.5, 2002 "…the worlds most authoritative handbook…an unputdownable succession of case studies…chilling…trust me, Kevin Mitnick is right…" (Business a.m, 29 October 2002) "…a damn good read…I would expect to see it as required reading on courses that cover business security…Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a good read, this is worth it…" (Acorn User, 29 October 2002) "...the analysis of individual cases is carried out thoroughly...ultimately, the value of the book is that it may encourage security managers to be more assiduous ...

“…authoritative…” ( Retail Systems , December 2005) "...an interesting read..." (www.infosecnews.com, 17 July 2002) "...highly entertaining...will appeal to a broad audience..." ( Publishing News , 26 July 2002) "required reading for IT professionals, [and] is highly recommended for public, academic, and corporate libraries." ( Library Journal , August 2002) "This is Mitnick′s account, complete with advice for how to protect yourself from similar attacks. I believe his story." ( Wired , October 2002) "does deliver on ′social engineering′ exercises." And "[o]ne way or another, you′ll find the information useful." ( Red Herring , October 2002) "Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as ′that natural human desire to help others and be a good team player.′" ( Wired.com , October 3, 2002) "Most of the book, coauthored by William Simon ..., is a series of fictional episodes depictin g the many breathtakingly clever ways that hackers can d upe t rusting souls into breaching corporate and personal security – information as simple as an unlisted phone number or as complicated as plans for a top–secret pr oduct under development." ( Forbes , October 14, 2002) "...the book describes how people can get sensitive information without even stepping near a computer through ′social engineering′ –– the use of manipulation or persuasion to deceive people by convincing them that you are someone else." ( CNN.com ′s Technology section, October 9, 2002) "...engaging style...fascinating true stories..." (The CBL Source, October/December 2002) "…the book describes how people can get information without even stepping near a computer…" (CNN, 16 October 2002) "…each vignette reads like a mini–cybermystery thriller…I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate…" (zdnet.co.uk, 15 October 2002) "…details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems…the book is scary in ways that computer security texts usually do not manage to be…" (BBC online, 14 October 2002) "…more educational than tell–all…" (Forbes, 2 October 2002) "…would put a shiver into anyone responsible for looking after valuable computer data…the exploits are fictional but realistic…the book is about hacking peoples heads…" (The Independent, 21 October 2002) "…the key strength of The Art of Deception is the stream of anecdotes – with explanations about how and why hacks succeed…provides a solid basis for staff training on security…" (Information Age, October 2002) "…should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is – people and their human nature…" (Unix Review, 18 October 2002) "…disturbingly convincing…" (Fraud Watch, Vol.10, No.5, 2002 "…the worlds most authoritative handbook…an unputdownable succession of case studies…chilling…trust me, Kevin Mitnick is right…" (Business a.m, 29 October 2002) "…a damn good read…I would expect to see it as required reading on courses that cover business security…Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a good read, this is worth it…"(Acorn User, 29 October 2002) "…the analysis of individual cases is carried out thoroughly…ultimately, the value of the book is that it may encourage security managers to be more assiduous in teaching their staff to check the identities of the people they deal with, and better corporate security will be the result…"(ITWeek, 1 November 2002) "…a penetrating insight into the forgotten side of computer security…" (IT Week, 4 November 2002) "...a highly entertaining read...Mitnick has a laid–back style which makes the book easy to read and of great interest, even to those of us who have no interest in computers..."(Business Age, September 2002) "...one of the hacker gurus of our time...makes it abundantly clear that everyone can be fooled and cheated by the professionals...." ( The Times Higher Education Supplement , 15 November 2002) "...focuses on teaching companies how to defeat someone like him…full of specific examples of the ways apparently innocent bits of information can be stitched together to mount a comprehensive attack on an organisation′s most prized information..." ( New Scientist , 23 November 2002) "...all simple things, little titbits of seemingly innocuous information, which when gathered together give the hacker the power to cripple the biggest corporation or the smallest home business..." ( New Media Age , 14 November 2002) "…highly acclaimed…a fascinating account…" (Information Security Management, November 2002) "...His new book, The Art of Deception, presents itself as a manual to help companies defeat hackers..." Also listed in recommended reading list (The Guardian, 13 December 2002) "...gets it’s point across and contains some valuable pointers..." (MacFormat, January 2003) "...supremely educational…a sexy way to hammer home a relevant point...what makes it sing is the clear information that Mitnick brings to the table..." (Business Week, 8 January 2003) "...Indispensable..." ( Focus , February 2003) "...incredibly intriguing...a superb book which would be beneficial for anyone to read..." ( Telecomworldwire , 4 February 2003) "...a good overview of one of the most neglected aspects of computer security..." ( Technology and Society , 7 February 2003) "...fascinating to read...should strike fear into the hearts of commercial computer security departments..." (Business Week, 3 September 2003) "...a penetrating insight into the forgotten side of computer security..." (Accountancy Age, 19 February 2003) Top 10 Popular Science Books (New Scientist, 21 February f2003) "...should be assigned as required reading in every IT department...excellent advice..." (Electronic Commerce Guide, 12 February 2003) “…an interesting and educational read for anyone with a role to play in corporate security…”(Computer Business Review, 6 March 2003) “…a good read, well written…” (Managing Information, March 2003) “…structured like a mini detective story series…the unfolding attacks are compulsive reading…”(Aberdeen Evening Express, 7 June 21003) “…a real eye–opener…well written and produced…an easy and valuable read…” (Accounting Web, 19 June 2003) “…a superb book which would be beneficial for anyone to read…” (M2 Best Books, 4 February 2003) “…the insights for earlier chapters are fascinationg, and that alone makes it worth blagging a copy for review…”(Mute, Summer/Autumn 2003) “…a good read, well–written…this accessibility makes it doubly important…” (Managing Information – 5 star rating, October 2003)

Quatrième de couverture

A legendary hacker reveals how to guard against the gravest security risk of all–human nature "...a tour de force, a series of tales of how some old–fashioned blarney and high–tech skills can pry any information from anyone. As entertainment, it′s like reading the climaxes of a dozen complex thrillers, one after the other" ––Publishers Weekly Kevin Mitnick′s exploits as a cyber–desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought–after computer security experts worldwide. Now, in The Art of Deception, the world′s most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businesses–and the consequences. Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. He illustrates just how susceptible even the most locked–down information systems are to a slick con artist impersonating an IRS agent or any other seemingly innocent character. Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successful and how it could have been averted in an engaging and highly readable manner reminiscent of a true–crime novel. Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company′s sophisticated technical security investment will not be for naught. He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all–human nature.

Détails sur le produit

  • Relié: 368 pages
  • Editeur : John Wiley & Sons; Édition : First Printing (8 octobre 2002)
  • Langue : Anglais
  • ISBN-10: 0471237124
  • ISBN-13: 978-0471237129
  • Dimensions du produit: 23,4 x 16,3 x 2,9 cm
  • Moyenne des commentaires client : 3.7 étoiles sur 5  Voir tous les commentaires (3 commentaires client)
  • Classement des meilleures ventes d'Amazon: 222.468 en Livres anglais et étrangers (Voir les 100 premiers en Livres anglais et étrangers)
  • Table des matières complète
  •  Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Première phrase
a company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business. Lire la première page
En découvrir plus
Concordance
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index | Quatrième de couverture
Rechercher dans ce livre:

Quels sont les autres articles que les clients achètent après avoir regardé cet article?


Commentaires en ligne 

3.7 étoiles sur 5
3.7 étoiles sur 5
Commentaires client les plus utiles
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 The art of Deception 29 janvier 2006
Par Un client
Format:Broché
Ce livre n'explique pas la biographie de Kevin D Mitnick .Ce livre raconte les fait et les secret sur l'art du "social engineer" .Je ne le recommande pas a tout le monde mais pour ceux qui sont mordu de l'informatique et du savoir ,vous apprendrez ce qu'est le social engineering et comment se rendre contre quand on est victime d'un social engineer , et comment se defendre.
Avez-vous trouvé ce commentaire utile ?
4.0 étoiles sur 5 Référence 10 février 2013
Format:Broché|Achat vérifié
Un excellent livre qui peut paraitre répétitif MAIS qui permet de se rendre compte que le romantique hacker est en fait un simple escroc. D'autre part, les conseils de préventions suivent eux une progression qui permet après lecture d'être un peu plus averti. Black hats, passez votre chemin, ce livre ne vous révèlera rien :)
Avez-vous trouvé ce commentaire utile ?
2.0 étoiles sur 5 La grande déception 16 mars 2007
Par Jul'
Format:Broché
Lourd, répétitif au possible; exemples explicatifs/anecdotes tirés en longueur. Ce livre peut être résumé en quelques pages!

Il y a quelques éléments interressants, mais de là à en faire un livre, je suis pas sur...
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.2 étoiles sur 5  182 commentaires
64 internautes sur 67 ont trouvé ce commentaire utile 
3.0 étoiles sur 5 Interesting cons, but repetitive and ego-trippy 24 mars 2006
Par Luke Meyers - Publié sur Amazon.com
Format:Relié
Mitnick has his own reputation to live up to with this book, which sets a pretty high bar for the audience who knows him as the "World's Most Notorious Hacker." Unfortunately, while he knows the material cold, his skills as an author are less stellar.

The vignettes describing various cons are, in the large, very entertaining. They're fictionalized, and sometimes the dialogue feels artificial. This book is supposed to convince us how easily people are victimized by social engineers. When the victim's dialogue plays too obviously into the con man's hands (for the purpose of illustrating the point relevant to the enclosing chapter/section), this goal is to some extent defeated. It's too easy to read unnatural dialogue and use that as an excuse to tell oneself, "I don't have to worry about that sort of attack -- I'm not that dumb!" More effort could have been expended in fictionalizing these scenarios without making them so difficult to relate to. Seeing how a con is performed is kind of like learning how a magic trick works -- it holds a similar fascination. Imagine seeing an amazing magic trick performed on television, wondering how it was possibly accomplished, and then learning that the trick was all in the video editing. That really sucks the fun out of the magic -- analogously, when the "trick" in one of these cons is just that the victim does something obviously stupid at just the right moment, the believability and enjoyment are damaged.

Despite what I've said, the cons are definitely enjoyable to read and do offer some genuine insights. Not all suffer from believability problems. However, the supporting material discussing these scenarios is pretty weak. There's a rigid format ("Analyzing the con," "Preventing the con," etc.) which leads the author to repeat the same points over and over again with very little variation, at times seemingly just to fit the format. The purpose of all this material is to give useful security recommendations and proper motivation for following them. The recommendations are on-target, but repeated ad nauseum.

The descriptions of social engineers also suffer from a tendency to stroke the author's own ego -- the bigger the con, the thicker the language about how smart, handsome, and clever the con man is. I'd like to be convinced by facts, not hyperbole.

I think this would really have worked better as two books, for two different audiences. One for entertainment, to read about all the cons and how they work, to get a little history of social engineering. And one for serious security discussion. The blend of the two leads to a schizoid work that's simply mediocre.
62 internautes sur 68 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Interesting & timely about the dangers of social engineering 15 octobre 2002
Par Ben Rothke - Publié sur Amazon.com
Format:Relié
Kevin Mitnick says "the term 'social engineering' is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole for them to slip through." It's suitable that Mitnick, once vilified for his cracking exploits, has written a book about the human element of social engineering - that most subtle of information security threats.
Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption.
The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering.
Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information.
The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios. At the end of each chapter, the book analyzes what went wrong and how the attack could have been prevented.
The book is quite absorbing and makes for fascinating reading. With chapter titles such as The Direct Attack; Just Asking for it; the Reverse Sting; and Using Sympathy, Guilt and Intimidation, readers will find the narratives interesting, and often they relate to daily life at work.
Fourteen of the 16 chapters give examples of social engineering covering many different corporate sectors, including financial, manufacturing, medical, and legal. Mitnick notes that while companies are busy rolling out firewalls and other security paraphernalia, there are often unaware of the threats of social engineering. The menace of social engineering is that it does not take any deep technical skills - no protocol decoders, no kernel recompiling, no port scans - just some smooth talk and a little confidence.
Most of the stories in the book detail elementary social engineering escapades, but chapter 14 details one particularly nasty story where a social engineer showed up on-site at a robotics company. With some glib talk, combined with some drinks at a fancy restaurant, he ultimately was able to get all of the design specifications for a leading-edge product.
In order for an organization to develop a successful training program against the threats of social engineering, they must understand why people are vulnerable to attack in the first place. Chapter 15 explains of how attackers take advantage of human nature. Only by identifying and understanding these tendencies (namely, Authority, Liking, Reciprocation, Consistency, Social Validation, and Scarcity), can companies ensure employees understand why social engineers can manipulate us all.
After more than 200 pages of horror stories, Part 4 (Chapters 15 and 16) details the need for information security awareness and training. But even with 100 pages of security policies and procedures (much of it based on ideas from Charles Cresson Wood's seminal book Information Security Policies Made Easy) the truth is that nothing in Mitnick's security advice is revolutionary - it's information security 101. Namely, educate end-users to the risks and threats of non-technical attacks.
While there are many books on nearly every aspect of information security, The Art of Deception is one of the first (Bruce Schneier's Secrets and Lies being another) to deal with the human aspect of security; a topic that has long been neglected. For too long, corporate America has been fixated with cryptographic key lengths, and not focused enough on the human element of security.
From a management perspective, The Art of Deception: Controlling the Human Element of Security should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature.
23 internautes sur 25 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Great Book for Stopping Hackers and Social Engineers! 15 octobre 2002
Par Erica Phillipson (Hawaii) - Publié sur Amazon.com
Format:Relié|Achat vérifié
Now that Kevin Mitnick is out of prison he has written "The Art of Deception". I rate this book as four stars. Has good insight regarding how Kevin was able to gain large company employee's trust by using social engineering methods. He gives great examples of how he would simply use a telephone to gain user id's and passwords, even from high tech security departments.
Most employee's don't think they are allowed to say 'no' to giving out information over the phone or email in the name of great customer service. There may be company policies but they 'still try to do the right thing' to help a co-worker regain access to the system, when in fact the person is a hacker.
Many solutions are offered to help small and large companies balance the choice of customer service over security and trust. One funny chapter was how Mr. Mitnick's used the same social engineering methods in prison to get additional phone calls, better food, and increase family visits. Classic... He didn't stop even in prison.
I recommend this book.
18 internautes sur 19 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great book that shows what is possible! 31 octobre 2002
Par Dr Anton Chuvakin - Publié sur Amazon.com
Format:Relié
I waited for the book of the famous hacker Kevin Mitnick for a long
time, checking my mailbox every day after my pre-order was
completed. The book was almost worth the wait!
Its a fun book with lots of entertaining and education stories on what
is possible by means of social engineering attacks. The characters
clearly push the limits of this "human technology".
One of the articles I have read on the book called it "Kevin Mitnick's
Latest Deception" due to his downplaying of technology security
controls and emphasizing people skills and weaknesses. However, the
human weaknesses do nullify the strengths of technology defenses and
humans are much harder to "harden" than UNIX machines.
The attack side is stronger in the book than the defense side,
naturally following from the author's background. However, there are
some great defense resource on policy design, awareness and needed
vigilance. However, there is this "minor" issues with defense against
social engineering: one of the definitions called it a "hacker's
clever manipulation of the natural human tendency to trust". The word
"natural" is key; if we are to believe the definition, all defenses
against social engineering will be going against _nature_ and, as a
result, will be ineffective for most environments. Author also
advocates social engineering penetration testing, which appears to be
the best way to prepare for such attacks. Security awareness, while
needed, will get you so far.
The book's stories show examples of hackers defeating firewalls,
passwords, token and two-factor authentication systems, multi-layer
defense, financial institutions security, armed guards and many other
commonly believed to be effective security controls. While some of the
stories first seem to defy common sense, upon more detailed
investigation there are clearly believable. Dialogs, stories,
situations are described with terrifying reality behind them: "So what is the money transfer code for today? - Its this-and-that..." Social
engineers bravely attack and conquer on the pages of this great book!
The book will give lots of ideas to those involved in penetration
testing. Using the book, it is possible to extract a structure of a
successful attack, gather some target selection criteria, learn how to
combine social and technical attacks and then use it for the
pentesting.
The biggest shortcoming of the book is that it has no "attack HOWTO"
part. It has zero content on developing, improving and polishing the
social engineering skills. While it might seem that natural ability is
all it takes, the author _knows_ that there are methods to develop
social engineering skills, but chose not to disclose them and I regret
his decision to withhold such information.
Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. In his spare time he maintains his
security portal info-secure.org
28 internautes sur 32 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Amazing! This book will make you think 9 octobre 2002
Par Un client - Publié sur Amazon.com
Format:Relié
I went into this book thinking I knew a fair amount about security in general. You know, don't leave your network password on a post-it on your bulletin board, be aware of strangers in your office, that kind of thing. Then, I finished reading the book, and realized that it challenged all the assumptions that I had about the way I react in these situations. Mitnick's right - we as human beings are conditioned to be polite and trusting, and as horrible as it seems, that's not always right. But you don't have to become nasty and distrustful, just aware. That's what this book is talking about. The examples are wonderful - they really do read like a mystery thriller. And the advice is really sound. It doesn't mention it here, but there is a great flowchart in the back of the book that I've copied for everyone in my office. It details what to do if someone calls you for information that you are not sure they need or should be getting. All in all, The Art of Deception is a must read for many of us.
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?