You need to sign in or sign up before continuing.
Take a photo of a barcode or cover
wilte 's review for:
The Art of Deception: Controlling the Human Element of Security
by William L. Simon, Kevin D. Mitnick, Steve Wozniak
"The truth is that there is no technology in the world that can prevent a social engineering attack" (p245)
Mitnick describes many examples of social engineering; often con-artists that work remotely (via phone or internet). In this way, he shows where vulnerabilities are that are exploited. Such as basic human trust, or setting up an elaborate operation where several victims all do one innocuous looking part of chain that leads to a large breach.
The anecdotes and examples are insightful and entertaining. Sometimes a bit (technologically) dated, the book was written in 2002. However, with more and more technical possibilities and impact, the flaws in human nature that can be taken advantage of increase in importance.
Mitnick strongly advocates continuously training staff to be vigilant and avoid the traps that (online) con-men can set. "People must be trained that it 's not only acceptable but expected to challenge authority when security is at stake." (p112). He also echoes Bruce Schneier's quote: "Security is not a product, it is a process" (p4). But he is also aware of the challenge to find a good balance between security and productivity.
Something I did not know: there exists such a thing as a lock pick gun, making it easier to pick a (physical) lock (p.226)
Mitnick describes many examples of social engineering; often con-artists that work remotely (via phone or internet). In this way, he shows where vulnerabilities are that are exploited. Such as basic human trust, or setting up an elaborate operation where several victims all do one innocuous looking part of chain that leads to a large breach.
The anecdotes and examples are insightful and entertaining. Sometimes a bit (technologically) dated, the book was written in 2002. However, with more and more technical possibilities and impact, the flaws in human nature that can be taken advantage of increase in importance.
Mitnick strongly advocates continuously training staff to be vigilant and avoid the traps that (online) con-men can set. "People must be trained that it 's not only acceptable but expected to challenge authority when security is at stake." (p112). He also echoes Bruce Schneier's quote: "Security is not a product, it is a process" (p4). But he is also aware of the challenge to find a good balance between security and productivity.
Something I did not know: there exists such a thing as a lock pick gun, making it easier to pick a (physical) lock (p.226)