Thursday, May 28, 2009

Kevin D. Mitnick - The Art of Deception: Controlling the Human Element of Security

Kevin D. Mitnick - The Art of Deception: Controlling the Human Element of Security
Publisher: Wiley | ISBN: 076454280X | edition 2003 | PDF | 577 pages | 3,61 mb

Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying.


Part 1. Behind the Scenes
Chapter 1. Security's Weakest Link

Part 2. The Art of the Attacker
Chapter 2. When Innocuous Information Isn't
Chapter 3. The Direct Attack: Just Asking for it
Chapter 4. Building Trust
Chapter 5. "Let Me Help You"
Chapter 6. "Can You Help Me?"
Chapter 7. Phony Sites and Dangerous Attachments
Chapter 8. Using Sympathy, Guilt and Intimidation
Chapter 9. The Reverse Sting

Part 3 Intruder Alert
Chapter 10. Entering the Premises
Chapter 11. Combining Technology and Social Engineering
Chapter 12. Attacks on the Entry-Level Employee
Chapter 13. Clever Cons
Chapter 14. Industrial Espionage

Part 4 Raising the Bar
Chapter 15. Information Security Awareness and Training
Chapter 16. Recommended Corporate Information Security Policies

Security at a Glance