Start reading The Art of Deception on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here or start reading now with a free Kindle Reading App.

Deliver to your Kindle or other device

 
 
 

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.
The Art of Deception: Controlling the Human Element of Security
 
 

The Art of Deception: Controlling the Human Element of Security [Kindle Edition]

Kevin D. Mitnick , William L. Simon , Steve Wozniak
3.6 out of 5 stars  See all reviews (31 customer reviews)

Print List Price: £9.99
Kindle Price: £6.17 includes VAT* & free wireless delivery via Amazon Whispernet
You Save: £3.82 (38%)
* Unlike print books, digital books are subject to VAT.

Formats

Amazon Price New from Used from
Kindle Edition £6.17  
Hardcover £20.78  
Paperback £6.99  
Audio Download, Unabridged £16.25 or Free with Audible.co.uk 30-day free trial
Kindle Summer Sale: Over 500 Books from £0.99
Have you seen the Kindle Summer Sale yet? Browse selected books from popular authors and debut novelists, including new releases and bestsellers. Learn more


Product Description

Amazon.co.uk Review

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organisational security is going to lose the will to live. It's been said before but people and security are antithetical. Organisations exist to provide a good or service and want helpful friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru the least and last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organisations and were probably known to the Pheonicians. Technology simply makes it all easier. Phones are faster than letters after all and large organisations mean dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realise more effective security means reducing organisational efficiency: an impossible trade in competitive business. And anyway, who wants to work in an organisation where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world effective organisations have to acknowledge total security is a chimera--and carry more insurance. --Steve Patient

Amazon Review

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organisational security is going to lose the will to live. It's been said before but people and security are antithetical. Organisations exist to provide a good or service and want helpful friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru the least and last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organisations and were probably known to the Pheonicians. Technology simply makes it all easier. Phones are faster than letters after all and large organisations mean dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realise more effective security means reducing organisational efficiency: an impossible trade in competitive business. And anyway, who wants to work in an organisation where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world effective organisations have to acknowledge total security is a chimera--and carry more insurance. --Steve Patient


Product details

  • Format: Kindle Edition
  • File Size: 1062 KB
  • Print Length: 376 pages
  • Page Numbers Source ISBN: 0471237124
  • Publisher: Wiley; 1 edition (20 Aug 2007)
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • ASIN: B006BBZHAK
  • Text-to-Speech: Enabled
  • X-Ray:
  • Average Customer Review: 3.6 out of 5 stars  See all reviews (31 customer reviews)
  • Amazon Bestsellers Rank: #102,293 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?


More About the Authors

Discover books, learn about writers, and more.


Customer Reviews

Most Helpful Customer Reviews
17 of 17 people found the following review helpful
5.0 out of 5 stars Hacking made frighteningly easy 20 Oct 2003
Format:Paperback
Story by story, Mitnick (once described as the FBI's "most wanted hacker") reveals some tricks-of-the-trade. Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick's favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members of the organizations he is attacking into defeating the controls from the inside.
Reading this book, you will quickly come to realize that Mitnick's toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can't simply plug in a new program to security-patch your employees!
Mitnick's suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3.
I'm left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the "419" advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.
My bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?
Comment | 
Was this review helpful to you?
9 of 9 people found the following review helpful
4.0 out of 5 stars A good book for managment 20 Aug 2003
Format:Hardcover
Kevin Mitnick begins The Art of Deception by telling the reader about securities weakest link - people, and throughout the book he continues to labour this point, constantly reminding us that no matter how well computers are protected against potential hackers, it will 99% of the time be the employees who give away passwords, codes and other secret, and important information to people who will quite simply just have to ask for it.
The book is very easy to read, it isn't full of computer jargon, which I personally thought it would be. The stories are told from the point of view of the hacker, an introduction describing each situation is given first, phone conversations are written down, the con is analyzed, and then Mitnick tells us how to avoid situations like that happening by 'preventing the con'.
It is very easy to see when reading this book how the people (note, not the technology) get tricked or persuaded into giving away such vital information, the key is social engineering. These people believe that the hacker is someone within the organisation who should have access to this information anyway so no harm will come from giving it away, but how can they tell simply from one phone call?
All in all, this book is an education in information security, it tells us that having firewalls, anti-virus software and other security equipment installed will help to protect your information system, but this alone will not be enough, the updates are a very important element in securing your information, and without these, your system will be even more vulnerable from attack by outsiders. Employees, without being educated in information security, can let you down, simply by being too trusting and not knowing who they are giving the information away to!
Comment | 
Was this review helpful to you?
4 of 4 people found the following review helpful
4.0 out of 5 stars Well worth the read 26 Dec 2003
By Keith Appleyard VINE VOICE
Format:Hardcover
There was little material in here that I didn't already know, so I gave it 4*, for its use as refresher. For those unfamiliar with the topic, it probably does rate 5* as a primer.
Like other reviewers I didn’t enjoy Mitnick's self-congratulatory / self-apologetic tone.
What it did remind me of is the lack of security at my own company :

* our employee car park beneath the building is permanently unmanned, so multiple passengers could enter the building piggybacking – and they have direct access to the office space behind the 'firewall' of the reception desk.
* in common with many companies we know have outsourced lots of things, including our Systems Security. So who's protecting who? I get lots of requests to send e-mails of commercially sensitive material outside our network to developers in India; but I refuse. Of course their own staff based onshore could be forwarding it on, and we wouldn't know.
I recommend everyone reads this book to see if they can improve upon their own security.
Comment | 
Was this review helpful to you?
11 of 12 people found the following review helpful
Format:Hardcover
Easy to read, lacking in detail - One for the management.
This statement is not meant to be critical of either the book or of IT\business managers. It is a potential strength of this book. It should have a wide appeal as it is not filled with too much technical detail, and as such could potentially be the catalyst for gaining\increasing management "buy-in" to raising security awareness in an interesting way.
Mitnik's book outlines the key concepts of the most common forms of social engineering attacks and makes the point (several times in fact) that the weakest security link is people and process and not technology. A common theme communicated by many IT security writers and professionals alike.
This is the strength of the book, not as a technical resource or a detailed review of historic attacks and countermeasures, but as an easy to read eye-opener. It is fun to read and leaves the reader with a slightly uncomfortable view of the world, but it does make you think the next time someone asks you one of those seemingly innocent questions.
The most valuable sections are the closing chapters, these contain some good guidelines and ideas for policies, training and awareness raising.
Definitely worth a read, I enjoyed it.
Comment | 
Was this review helpful to you?
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know
Most Recent Customer Reviews
5.0 out of 5 stars Fantasic Read
I bought this book, for a presentation on social Engineering, for this it was excellent, however even after the project had ended it was a fantastic read, and one of my favourite... Read more
Published 3 months ago by Daniel Craven
5.0 out of 5 stars Excellent read!
Want to chat up that nubile young blonde next door, but are afraid of being laughed off her doorstep?
Buy this book, and you'll have her rapt attention in no time. ;)
Published 16 months ago by J. Masson
2.0 out of 5 stars Out of date and repetitive
I'm sure that when this was first released, there were a number of surprises and good advice in there, but the book is badly out of date now. Read more
Published 18 months ago by Matthew Searle
5.0 out of 5 stars Ingenious
Mitnick is the best. Very clever book especially for those you want to fool deceive and exploit the system and others.
Published 19 months ago by Greg
5.0 out of 5 stars A must read for anyone in Security
Kevin Mitnick is well known to those in the security field; he is notorious for the efforts that he made to find ways around security systems, sometimes by hacking, but often by... Read more
Published 21 months ago by Mole
2.0 out of 5 stars The Grifters' Handbook
Kevin Mitnick, it seems, has a tenuous grasp of morality: he argues (p.xii & p.83) that it's OK to steal someone else's property if you're motivated by curiosity and your... Read more
Published on 2 April 2012 by John Dexter
1.0 out of 5 stars awful quality
Content must be awesome but quality of printing is below poor; this is seriously a badly printed and designed book; event the paper is below average. Read more
Published on 30 Jan 2012 by jerome
5.0 out of 5 stars Powerful information - But more so for the attacker
Some stories may be fictional and you may question how the character in question would handle the same situation if such and such happened. Read more
Published on 24 Nov 2011 by WelshMikey
2.0 out of 5 stars Repetitive
( NB The author is Kevin Mitnick, despite Amazon's "all my reviews" showing it to be Steve Wozniak, Steve Jobs' partner in founding Apple. Woz merely wrote the foreword. Read more
Published on 15 Nov 2011 by Kerry Marshall
2.0 out of 5 stars fun read but outdated
The stories told by Mitnick in this book are very entertaining to read, but I do think that businesses today (certainly enterprises) have done a lot of work in countering practices... Read more
Published on 20 July 2011 by gamblor
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   


Look for similar items by category