Good info, but not nearly as good as "The Art of Deception"
I read "The Art of Deception" when it came out, and I thought this book would be on-par with that. Although it has a lot of good information, the book does not reflect the quality of the previous book, in terms of the content being well laid out, Mitnick's side-bars, and the recommendations at the end of each section. In addition, many of the recommendations are generic, and not suited to realistic usage and architecture constraints. My sense from the previous book was that Mitnick was the expert, whereas my sense from this book is that he's out of his league. As with the previous book, it was informative to see what people are capable of doing, so that as a security architect, you can understand the mindset that will be attacking the architecture you develop.
Good value insight
As with The Art of Deception: Controlling the Human Element of Security, Mitnick tells a series of hackers' stories, each one a basic case study illustrating a different person or group.
The techniques described include:
- Hardware hacking: reverse-engineering the pseudorandom number generators in slot machines and cloning mobile phones;
- Classical computer and network hacking: guessing or brute-force cracking of weak passwords, sniffing network traffic, SQL injection, oh-days, running secret warez servers, stealing intellectual property;
- Social engineering: dumpster diving, email spoofing and confidence tricks;
- Physical penetration: tailgating and impersonation;
- Phreaking: hacking telephone and voicemail systems;
- Keylogging using hardware loggers and malware.
While the technical descriptions are not particularly enlightening and the language fairly mundane, the book is littered with references to the underground hacker culture, that parallel universe where ordinary ethical considerations are set aside in the interest of hackers achieving their narrow goals. The book is worth reading in the sense of "know your enemy" and learning a little about the sociology of hackers, short of actually immersing oneself in the hacker culture and becoming one. The case studies would make interesting pieces for security awareness purposes - for class discussion or illustrative background reading in company newsletters and briefings.
Like so many sequels, the book doesn't quite live up to the expectations set by its predecessor and in some ways is just filling time until Mitnick is released from the legal restrictions on profiting from his own stories. Still, it's definitely worth the price.
The Art of War On Line
This book is the Internet's Art of War new version of Tsun Tzu original, don't expect to learn how to be a Hacker, but if you learn from each person interviewed by Mitnick on each chapter you'll find how a Hacker thinks, how they challenge IT Managers or IT experts.
You will find that you have already failed in some basic topics that can be used against you. You will learn another way of thinking, if you want of course, and how to be more perceptive and conscious about security; for this last point i consider this the new Art of War for IT.
Enlightening
Kevin Mitnick's writing style is at best elementary, but the story's shared in this book are the stories people need to hear. Mitnick successfully gives the reader enough information to understand what computer security threats exist, while keeping from ever enabling the reader to carry out such computer attacks.
It's just excellent
Adequate for noobs and pros to understand how important social engineering in our security is, this applied not only in software; you can relate it with anything in your live.
Highly recommended
