The Art of Deception: Controlling the Human Element of Security

Me crucé con este libro (está en la mula, por supuesto) y me lo he devorado en dos días. Hay una segunda parte, The Art of Intrusion, que parece que está incluso mejor.
Kevin Mitnick se hizo bastante famoso, para su desgracia, cuando le condenaron a unos cuantos años de cárcel por diversos delitos contra la seguridad electrónica de varias empresas y agencias estatales norteamericanas (nada grave según él, el holocausto informático según el fiscal). La Wikipedia (Kevin Mitnick, Kevin Mitnick ) cuenta su historia por encima. El caso es que él está convencido de que le tomaron como cabeza de turco, tanto los periodistas como el sistema judicial.
Este libro no es una biografía, sino un repaso a los métodos de lo que se ha show more dado en llamar “ingeniería social”, o el arte de sonsacar información importante a la gente que la tiene sin que estos se alarmen. El libro consiste en un montón de casos (supuestamente verídicos) en los que una persona ajena a cualquier empresa u organización acaba por obtener gran cantidad de información. Kevin Mitnick [KM] habla de detectives privados, de estudiantes de instituto con mucho tiempo libre e incluso de una nueva figura, en el borde de la legalidad, llamada “brokers de información”, especialistas todos ellos en encontrar información que supuestamente no debe ser divulgada al público.
Los casos son realmente entretenidos de leer. Muchas de las veces uno piensa “no, eso no me podría pasar a mí”, pero eso justo es lo que dice KM que piensa todo el mundo. Y sin embargo pasa constantemente, según él. En cada caso que relata termina instruyendo acerca de cómo algunas políticas de difusión de información dentro de la empresa, bien instauradas, podrían evitar la gran mayoría, si no todos, los escapes de información debidos a ataques mediante ingeniería social.
El último capítulo es algo más soso y se dedica íntegramente a resumir de manera estructurada todos los pasos que cualquier organización, ya sea privada o gubernamental, debería dar para establecer políticas claras e inatacables que minimicen el flujo de información importante al exterior.
El libro es muy entretenido y se lee rápidamente. Deja (al menos a mí) con muchas ganas de seguir leyendo sobre el tema, por lo que rápidamente “localicé” el siguiente libro del mismo autor, que ya ando devorando. Mi nota: Muy interesante. show less

I had high hopes for this book: I've followed Mitnick's story for over a decade and have thoroughly enjoyed many of the books written about him and his exploits. I expected The Art of Deception to be no exception. Except it was.

The Art of Deception is more of a IT professional's handbook for preventing social engineering attacks on a corporation. There are two problems with this:

1) It's absolutely not, in any way, a book for casual readers looking to understand and discover some insights on the psychology of deception in a technical environment. If that's what you want, look elsewhere.

2) If an IT security professional working for any company needs a book this big to understand how to protect about social engineering... well they are in show more serious need of a career counselor and should consider a new profession.*

There's one more problem with the book: it's far too long, the stories are endlessly repetitive, and, well, everything else. Avoid.

*OK, that may be hyperbolic. But hear this, IT security professionals: buy this book, read the first chapter, then close it. Everything you need to know is in the first chapter. show less

For more reviews and bookish posts visit: https://www.ManOfLaBook.com

The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick and William L. Simon gives examples, and advice on how to defend against social engineering. Mr. Mitnick is a well-known cybercriminal who spent time as a guest of the federal government.
I’ve heard a lot about this book on the technical forms I frequent. Since social engineering is not my specialty, however, it was always on the bottom of the list.

This is not a technology book, nor a “how to” book per se. It consists mostly of short stories (bathroom read?) and advice on how to mitigate those. The stories are quite bad, obviously fiction or fictionalized which, unfortunately, show more makes them less credible.

I would categorize The Art of Deception by Kevin D. Mitnick and William L. Simon as a business book, more than a technology one. By addressing the tactics of social engineering, the book gives managers and leaders a pathway on how to defend against it using end-user training and policies.

I’ve no idea of the book has been updated, the copy I read was outdated and much of it was no-longer relevant due to the speed in which technology evolves. Nevertheless, I do feel that it has some value and a somewhat fun read (the policy section is dry, of course), even though very dated at this point (and might have been dated by the time it was published, if not soon after).

The book is more a guide for organizations on how to establish proper procedures and educating personnel. It does not target the individual, but more the executive types who want ideas on protecting the organization from employees accidentally giving away damaging information. show less

This book remains extremely relevant to system security problems. Kevin Mitnick, one of the most effective hackers in the end of 20th century describes simple examples that tear at the seems of organised corporate culture security. Really, everyone should have a read to get a sense of how systems can suffer huge damaging impact despite them being carefully certified, monitored and updated. Psychology can have more impact that technology.

The Art of Deception is written by a hacker (or, as he calls himself, a “social engineer”) and describes the ways in which hackers can exploit human nature to bypass security measures. The book was hyped as being “like reading the climaxes of a dozen complex thrillers”, but I don’t think it lived up that hype. Although I found it interesting to read about the clever ways hackers go about getting very classified information, it wasn’t exactly edge-of-your-seat reading.

Read the rest here...

I started reading this book to my son, who was enjoying it immensely, then stopped when I decided it was totally inappropriate matter for an inquisitive 9 year old. Kevin was released from prison last year after being found guilty of hacking into computer systems. Kevin's premise is simple. People are the security's weakest link.

I enjoyed reading this, although I admit, the book gets rather boring after a while. But the first few chapters should be essential reading for everyone to raise awareness of how easy it is to steal personal information. Especially from people in Bruce county who are soooooo friendly and helpful. If you get tired of Kevin's bragging, just skip to his recommendations in chapter 16.

Maybe the best book on social engineering I've ever read (also pretty much the only one). I don't have a ton to say here other than I'd only recommend this book if you are interested in cybersecurity. It might be a nice educational book for your older family members to teach them about the dangers of Phishing/Scam phone calls, perhaps?