Synopses & Reviews
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security.
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Review
"...a lot of interesting cautionary tales..." New Scientist
Synopsis
Beim Schutz von Unternehmenswerten geht die gr te Gefahr von den Mitarbeitern des Unternehmens selbst aus.
Obwohl die meisten Unternehmen die neuesten Sicherheitssysteme installieren, ignorieren sie doch meist die Gefahr aus den eigenen Reihen.
The Art of Deception ist das erste Buch, das sich ausschlie lich auf Social Engineering, d.h., den menschlichen Faktor im Rahmen der Sicherheit konzentriert. Hierbei geht es darum, durch Ausnutzen menschlicher Schw chen, jene Informationen (z.B. Passw rter) zu erhalten, die Unbefugten den Zugang zu (sensiblen) Systemen und Daten erleichtern.
Autor Kevin Mitnick vermittelt hier seine Insidererfahrungen und erl utert die Techniken, mit deren Hilfe sich auch die st rksten Sicherheitsbarrieren berwinden lassen.
Mitnick ist einer der angesehensten Experten auf dem Gebiet des Sicherheitsbetrugs. Er ist bei Hackern ebenso bekannt wie bei Sicherheitsprofis.
Coautor William Simon ist ein Bestsellerautor, der bereits ber 20 B cher ver ffentlicht hat; er wurde u.a. mit dem Global Business Book Award ausgezeichnet.
The Art of Deception - die ultimative Lekt re im Zeitalter des Cyberterrorismus.
Synopsis
This book builds on the foundation of Bruce Shneier's book Secrets and Lies. Mitnick claims that computer security is more than just hardware and software it lies with the company's own employees.
Synopsis
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Synopsis
The worlds most celebrated hacker delivers the lowdown on todays most serious security weaknesshuman nature
"Finally someone is on to the real cause of data security breachesstupid humans
Mitnick
reveals clever tricks of the social engineering trade and shows how to fend them off."
Stephen Manes, Forbes
"A tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, its like reading the climaxes of a dozen complex thrillers, one after the other."
Publishers Weekly
"Mitnick provides hair-raising examples of social engineeringdisgruntled employees stealing top-secret research, smooth-talking con men acquiring data on next-generation explosives for terroristsand explains how to combat it."
Angela Gunn, Time Out New York
"He was the FBIs most-wanted hacker. But in his own eyes, Mitnick was simply a small-time con artist with an incredible memory [and] a knack for social engineering
This is Mitnicks account, complete with advice for how to protect yourself from similar attacks. I believe his story."
Simson Garfinkel, Wired
About the Author
Kevin Mitnick is the founder of Defensive Thinking, an information security firm, and speaks widely on security issues. He has appeared on
60 Minutes and elsewhere in the media, and his exploits have spawned several bestselling books, including
The Fugitive Game.
William Simon is the bestselling author of more than twenty books.
Table of Contents
Foreword.
Preface.
Introduction.
Part 1: Behind the Scenes.
Chapter 1: Security's Weakest Link.
Part 2: The Art of the Attacker.
Chapter 2: When Innocuous Information Isn't.
Chapter 3: The Direct Attack: Just Asking for It.
Chapter 4: Building Trust.
Chapter 5: "Let Me Help You".
Chapter 6: "Can You Help Me?".
Chapter 7: Phony Sites and Dangerous Attachments.
Chapter 8: Using Sympathy, Guilt, and Intimidation.
Chapter 9: The Reverse Sting.
Part 3: Intruder Alert.
Chapter 10: Entering the Premises.
Chapter 11: Combining Technology and Social Engineering.
Chapter 12: Attacks on the Entry-Level Employee.
Chapter 13: Clever Cons.
Chapter 14: Industrial Espionage.
Part 4: Raising the Bar.
Chapter 15: Information Security Awareness and Training.
Chapter 16: Recommended Corporate Information Security Policies.
Security at a Glance.
Sources.
Acknowledgments.
Index.