Take a photo of a barcode or cover
sackofbeans 's review for:
The Art of Deception: Controlling the Human Element of Security
by William L. Simon, Kevin D. Mitnick
This one had been sitting on my shelf for a loooong time.
As a nerdy kid growing up I was fascinated by computers and the then-emerging Internet. Dial-up to AOL and local BBSes had me feeling pretty fly. I remember stumbling onto the "Anarchist Cookbook", and finding a few issues of the hacker magazine 2600 at a Barnes and Noble. The checkout lady gave me a concerned frown and told me to be careful. Haha, joke was on her! I had no idea what I was reading.
Except for the parts about Kevin Mitnick, the world's greatest hacker. There was apparently some big "Free Kevin!" movement for this guy who hacked and stole information from big companies and was thrown into a dark jail cell with no communication with the rest of the world because they were afraid of what he was capable of. Except he never hurt anyone or truly damaged or broke anything, he just got caught having fun digitally trespassing.
The day came when he was finally released from prison, and I remember gleefully watching him on ZNet TV on an episode of the Screensaver's being allowed to access the Internet for the first time. This was the ultimate "We did it Reddit!" about 10 years before Reddit even existed.
When I recently had to take an online training class at work about social engineers trying to trick you into giving up valuable proprietary information, there were cute little video segments featuring my old friend Kevin. Holy crap! That guy! My old hero! I changed my AIM status to support you! Oh wait, I bought your first book when it came out and I never read it! Let's do this!
I regret that I did not read it then. While a lot of the information it provides is still quite valuable and true, it's almost commonplace in any workplace setting these days. That's not to say social engineers have given up and hung up their hats, it's likely more prevalent than ever, but this is the Social Engineering 101 book for people taking the on-ramp to the Information Superhighway for the very first time in the early 2000s.
It features advice in there like don't keep your passwords written down next to locked computers (there are a few X-Files episodes where Mulder and Scully can be thankful the monsters they were investigating didn't read this book), make those passwords a little more secure by being longer than 8 characters, don't let someone convince you to attach a dial-up modem to your computer or network, and don't set your modem to auto-answer lest a bored Matthew Broderick finds it.
The main point behind this book is still very true today: It doesn't matter how sophisticated your technologically amazing security systems are, gullible super-friendly happy-to-help human beings are always your weakest link. I'm convinced that if the Chinese have any engineering blueprints of our latest warfighters, they probably got it from having a young-looking spy with a goofy grin pretend to need help writing a book report. But it's less embarrassing to blame faceless hackers.
The best parts of the book were the little story vignettes that demonstrated how a person can make a few seemingly innocent phone calls asking for tidbits of information that lead to the mother-load. The first call could be person pretending to be a customer needing some advice. The next phone call could be to the receptionist with that little bit of gained knowledge to sound like an employee at another location. That receptionist will provide information that a manager could use, and suddenly Gary in accounting needs to send over the latest financial projections STAT. Fax would work best, e-mail has been acting weird.
I especially enjoyed the story about how young Kevin and a friend of his in high school went to a tech convention and managed to thwart a super-secure system in development. Not through hacking so much as waiting for the employees to all leave the system un-attended during lunch, sweet-talking a promoter, using slight of hand and lock-picking a cabinet, and switching around some network cables. Kind of silly to build the vault door out of titanium if the surrounding walls are made from cardboard.
The last chunk of the book is just lists and simple paragraphs of kind of boring now-cliche advice that those working in security should know by heart. It becomes an undergrad textbook, basically.
I say all of this but find myself wanting to read the other books Kevin's since published as I'm sure he's got a wealth of ideas and knowledge about what social engineers might be up to today. And it's when you don't think you can be fooled is when you are most likely to be.
As a nerdy kid growing up I was fascinated by computers and the then-emerging Internet. Dial-up to AOL and local BBSes had me feeling pretty fly. I remember stumbling onto the "Anarchist Cookbook", and finding a few issues of the hacker magazine 2600 at a Barnes and Noble. The checkout lady gave me a concerned frown and told me to be careful. Haha, joke was on her! I had no idea what I was reading.
Except for the parts about Kevin Mitnick, the world's greatest hacker. There was apparently some big "Free Kevin!" movement for this guy who hacked and stole information from big companies and was thrown into a dark jail cell with no communication with the rest of the world because they were afraid of what he was capable of. Except he never hurt anyone or truly damaged or broke anything, he just got caught having fun digitally trespassing.
The day came when he was finally released from prison, and I remember gleefully watching him on ZNet TV on an episode of the Screensaver's being allowed to access the Internet for the first time. This was the ultimate "We did it Reddit!" about 10 years before Reddit even existed.
When I recently had to take an online training class at work about social engineers trying to trick you into giving up valuable proprietary information, there were cute little video segments featuring my old friend Kevin. Holy crap! That guy! My old hero! I changed my AIM status to support you! Oh wait, I bought your first book when it came out and I never read it! Let's do this!
I regret that I did not read it then. While a lot of the information it provides is still quite valuable and true, it's almost commonplace in any workplace setting these days. That's not to say social engineers have given up and hung up their hats, it's likely more prevalent than ever, but this is the Social Engineering 101 book for people taking the on-ramp to the Information Superhighway for the very first time in the early 2000s.
It features advice in there like don't keep your passwords written down next to locked computers (there are a few X-Files episodes where Mulder and Scully can be thankful the monsters they were investigating didn't read this book), make those passwords a little more secure by being longer than 8 characters, don't let someone convince you to attach a dial-up modem to your computer or network, and don't set your modem to auto-answer lest a bored Matthew Broderick finds it.
The main point behind this book is still very true today: It doesn't matter how sophisticated your technologically amazing security systems are, gullible super-friendly happy-to-help human beings are always your weakest link. I'm convinced that if the Chinese have any engineering blueprints of our latest warfighters, they probably got it from having a young-looking spy with a goofy grin pretend to need help writing a book report. But it's less embarrassing to blame faceless hackers.
The best parts of the book were the little story vignettes that demonstrated how a person can make a few seemingly innocent phone calls asking for tidbits of information that lead to the mother-load. The first call could be person pretending to be a customer needing some advice. The next phone call could be to the receptionist with that little bit of gained knowledge to sound like an employee at another location. That receptionist will provide information that a manager could use, and suddenly Gary in accounting needs to send over the latest financial projections STAT. Fax would work best, e-mail has been acting weird.
I especially enjoyed the story about how young Kevin and a friend of his in high school went to a tech convention and managed to thwart a super-secure system in development. Not through hacking so much as waiting for the employees to all leave the system un-attended during lunch, sweet-talking a promoter, using slight of hand and lock-picking a cabinet, and switching around some network cables. Kind of silly to build the vault door out of titanium if the surrounding walls are made from cardboard.
The last chunk of the book is just lists and simple paragraphs of kind of boring now-cliche advice that those working in security should know by heart. It becomes an undergrad textbook, basically.
I say all of this but find myself wanting to read the other books Kevin's since published as I'm sure he's got a wealth of ideas and knowledge about what social engineers might be up to today. And it's when you don't think you can be fooled is when you are most likely to be.