It describes software engineering techniques pretty well However the stories become tiring after a while. Many of them relate to the same concept. The techniques presented in the book is dated, so it is a good read but not that useful.

The Art of Deception is one of two books by famous hacker Kevin Mitnick, the other being "The Art of Intrusion". Intrusion focuses primarily on physical or technological hacks, while this book focuses almost exclusively on social engineering attacks.

A number of problems prevented this book from being very good. The main problem is simply that Mitnick did not have enough material to fill an entire book. This book would have been better if it were shorter and simply one section in a larger book about security. A great deal of the book feels like padding, the anecdotes about various social engineering attacks seem repetitive and pointless - reading just one is often enough, but Mitnick consistently indulges himself with identical tale after identical tale.

I'm not entirely sure who the audience for this book could really be. It doesn't seem like it's for technical people, because the book goes out of it's way to define what things like "http" mean. The book claims to be geared toward nontechnical people or businesspeople, but the fact of the matter is that the subtle differences between a lot of the social engineering attacks will be missed by nontechnical people. To your average joe, 20 or so of the stories in the book will seem identical, testing the patience of the reader.

The book is also frustrating in its design. It's constructed as a book to help managers and businesspeople manage security at their companies. Every story about a social engineering attack is followed by a "Mitnick Message" where Kevin explains how to prevent the attack from happening to you. In reality, however, the real focus is the story itself - the attackers are consistently painted as the hero of the story, with the hapless victims being drawn as naive morons. It's clear that Mitnick admires the attackers in these tales, and the "Mitnick Message" feels like it's been forced into the book to keep up the ruse that the book is intended for anyone other than wannabe hackers. Mitnick's advice is a restated form of "verify the identity of the caller" in nearly every instance.

The book is, to put it simply, a bore. Reading it was a challenge, and I had to fight the frustration to skim or skip sections nonstop. The Art of Intrusion is far more interesting, and I recommend it over this book without reservation. There is value for businesspeople to read this book, but I imagine it will present a significant challenge to their patience.

As an aside, Mitnick offers terrible advice regarding passwords. He argues that passwords should not consist of a constant combined with a predictable variable, such as "kevin01", "kevin02", "kevin03". I agree. He also says that users should not write down their passwords and tape the paper to their monitor or under their keyboards. I agree again. He also, unfortunately, argues that passwords should expire every month. Well, that's terrible advice. Passwords need to be something people can remember, or they have to write them down. If they are going to be memorable, they can't change constantly. If they change constantly and must still be memorable, people have no choice but to add some predictable pattern to a memorable portion of a password. In short, of options A) Don't write passwords down B) Don't use a simple increment in a password C) Change passwords monthly, security administrators can pick any two. To try for all three is delusion.

This book remains extremely relevant to system security problems. Kevin Mitnick, one of the most effective hackers in the end of 20th century describes simple examples that tear at the seems of organised corporate culture security. Really, everyone should have a read to get a sense of how systems can suffer huge damaging impact despite them being carefully certified, monitored and updated. Psychology can have more impact that technology.

It's a decent book with numerous accounts of Social Engineering attacks that are quite interesting. Unfortunately, it's also somewhat like a textbook, with random notes and definitions thrown in that are quite easy to pick up just by reading the text.

Additionally, the end result is that no company can ever be completely immune from social engineering attack - no surprises there.

There are a lot of interesting and concerning examples in this book of how manipulation can affect a business. I enjoyed reading through these examples to understand how such an individual thinks and how to protect against them. With an interest in a career in cybersecurity, I think this is a good reference. The last chapter is very dry, but provides very usable procedures for companies. The casual reader might get tired through this chapter; the corporate reader, however, should take heed.

The entire book is basically 200 pages of anecdotes illustrating that people can compromise security even with elaborate technical systems in place by seeking seemingly unimportant information from people who don't know better. It's a fun read with some good info, and the 2002-era tech stuff is entertaining. Not especially well-organized and a bit repetitive, but that's how books like this are.

i'm not going to lie; i picked this up entirely because i heard it was one of the books matt bomer read as research for his con man role on 'white collar'. i skipped over most of the "how to protect your business from hackers" stuff and just read the con stories, which were admittedly interesting. good research for if i ever end up writing about cons or scams, for sure. and it's funny to see some of the schemes and names that the writers of 'white collar' lifted right from the book. quick, easy read; my inner spy-flick freak was appeased.

Life of geeky social engineering

I think one of the key requirements of a great non-fiction book is the ability to come back and learn something new from it, despite how many times you have read it or how old it is — you might discover something you passed on one time is now highly relevant due to a shift in the landscape or new information that has emerged.

In the world of computing and technology, books often become quickly outdated -- fundamental concepts change and often times, the very technology itself is replaced by newer and shinier things.

Outside of a few notable exceptions ("The C Programming Language" by Kernighan and Ritchie, "The Art of Computer Programming" series by Knuth or the "Mythical Man-Month" by Brooks are examples that come to mind), the computing section of book stores typically doesn't have many books originally written in 2001 still sitting on the shelf, however, "The Art of Deception" still is and still sells.

Despite being highly relevant when it was first released (and a premonition of things to come), I'd argue that its' relevance has only continued to increase and fully believe that in 20 years from today, it will still continue to be relevant.

In 2001, uses of social engineering resulted in the "ILOVEYOU" virus, in the time since this book, we have seen oil pipelines shutdown due to ransomware attacks, attacks on uranium enrichment facilities due to social engineering attacks on individuals inate sense of curiosity and scam calls that trick individuals into sending gift cards to pay supposed tax bills.

Let's be clear though about one thing -- with a book that is 20 years old, many of the technology examples may be out of date, but it's important to keep in mind that despite it being a computing and technology book, this book is almost more of a psychology book about the social engineering mindset that is highly relevant to those in the computing and technology fields.

The examples in this book are timeless when you think more about the underlying concepts beneath them. While this line of thinking may be obvious to those in security, it may be less obvious why others continue to fall for what should be seen as obvious -- you need to think in an adversarial manner about social engineering so that you can adequately train and defend against it.

When I first picked this book up in 2004, I was 15 years old -- in that time, many books have came and left, however, this book has always stuck around. I can say with confidence that the likelihood of it ever leaving my bookshelf is unthinkable.