Customer Reviews


31 Reviews
5 star:
 (13)
4 star:
 (6)
3 star:
 (2)
2 star:
 (7)
1 star:
 (3)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favourable review
The most helpful critical review


17 of 17 people found the following review helpful
5.0 out of 5 stars Hacking made frighteningly easy
Story by story, Mitnick (once described as the FBI's "most wanted hacker") reveals some tricks-of-the-trade. Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick's favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members...
Published on 20 Oct 2003 by Dr. G. Hinson

versus
3 of 3 people found the following review helpful
2.0 out of 5 stars Outdated, unsurprising
Like many other reviewers here I disliked the "tone" of the book. Granted, it is clearly written for the American market, but because a lot of the "examples" are fictional, it's hard to empathise. What you notice very quickly is that the book is written for the most basic audience. If you don't know what a trojan is or what a root user is, then maybe you'll learn...
Published on 20 Jan 2011 by Alexander Haynes


‹ Previous | 1 2 3 4 | Next ›
Most Helpful First | Newest First

17 of 17 people found the following review helpful
5.0 out of 5 stars Hacking made frighteningly easy, 20 Oct 2003
By 
Dr. G. Hinson "Gary" (New Zealand) - See all my reviews
(REAL NAME)   
Story by story, Mitnick (once described as the FBI's "most wanted hacker") reveals some tricks-of-the-trade. Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick's favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members of the organizations he is attacking into defeating the controls from the inside.
Reading this book, you will quickly come to realize that Mitnick's toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can't simply plug in a new program to security-patch your employees!
Mitnick's suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3.
I'm left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the "419" advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.
My bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


9 of 9 people found the following review helpful
4.0 out of 5 stars A good book for managment, 20 Aug 2003
Kevin Mitnick begins The Art of Deception by telling the reader about securities weakest link - people, and throughout the book he continues to labour this point, constantly reminding us that no matter how well computers are protected against potential hackers, it will 99% of the time be the employees who give away passwords, codes and other secret, and important information to people who will quite simply just have to ask for it.
The book is very easy to read, it isn't full of computer jargon, which I personally thought it would be. The stories are told from the point of view of the hacker, an introduction describing each situation is given first, phone conversations are written down, the con is analyzed, and then Mitnick tells us how to avoid situations like that happening by 'preventing the con'.
It is very easy to see when reading this book how the people (note, not the technology) get tricked or persuaded into giving away such vital information, the key is social engineering. These people believe that the hacker is someone within the organisation who should have access to this information anyway so no harm will come from giving it away, but how can they tell simply from one phone call?
All in all, this book is an education in information security, it tells us that having firewalls, anti-virus software and other security equipment installed will help to protect your information system, but this alone will not be enough, the updates are a very important element in securing your information, and without these, your system will be even more vulnerable from attack by outsiders. Employees, without being educated in information security, can let you down, simply by being too trusting and not knowing who they are giving the information away to!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
4.0 out of 5 stars Well worth the read, 26 Dec 2003
By 
Keith Appleyard "kapple999" (Brighton, UK) - See all my reviews
(VINE VOICE)    (REAL NAME)   
There was little material in here that I didn't already know, so I gave it 4*, for its use as refresher. For those unfamiliar with the topic, it probably does rate 5* as a primer.
Like other reviewers I didn’t enjoy Mitnick's self-congratulatory / self-apologetic tone.
What it did remind me of is the lack of security at my own company :

* our employee car park beneath the building is permanently unmanned, so multiple passengers could enter the building piggybacking – and they have direct access to the office space behind the 'firewall' of the reception desk.
* in common with many companies we know have outsourced lots of things, including our Systems Security. So who's protecting who? I get lots of requests to send e-mails of commercially sensitive material outside our network to developers in India; but I refuse. Of course their own staff based onshore could be forwarding it on, and we wouldn't know.
I recommend everyone reads this book to see if they can improve upon their own security.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


11 of 12 people found the following review helpful
4.0 out of 5 stars Easy to read, lacking in detail - One for the management,, 12 Feb 2003
Easy to read, lacking in detail - One for the management.
This statement is not meant to be critical of either the book or of IT\business managers. It is a potential strength of this book. It should have a wide appeal as it is not filled with too much technical detail, and as such could potentially be the catalyst for gaining\increasing management "buy-in" to raising security awareness in an interesting way.
Mitnik's book outlines the key concepts of the most common forms of social engineering attacks and makes the point (several times in fact) that the weakest security link is people and process and not technology. A common theme communicated by many IT security writers and professionals alike.
This is the strength of the book, not as a technical resource or a detailed review of historic attacks and countermeasures, but as an easy to read eye-opener. It is fun to read and leaves the reader with a slightly uncomfortable view of the world, but it does make you think the next time someone asks you one of those seemingly innocent questions.
The most valuable sections are the closing chapters, these contain some good guidelines and ideas for policies, training and awareness raising.
Definitely worth a read, I enjoyed it.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


10 of 11 people found the following review helpful
4.0 out of 5 stars Entertaining Read, 6 Dec 2004
By 
Russell (London, England) - See all my reviews
The Art of Deception provided more of an entertaining read, than a "How To" book. Whilst I would reccomend the book to anyone interested in network security, I wouldnt reccomend it to those who physically want to go and do it themselves. The book is influenced more on to defending yourself, than attacking others.
The book is full of entertaining little stories about how 'social engineers' are able to obtain sensitive information, just by 'asking for it', along with explainations of the techniques used, why it worked, and how you can prevent something similar happening to you.
Given the content, and the quality of the book, it is definitely worth the money. Just dont be dissapointed if you were looking to be able to go and do it yourself.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 3 people found the following review helpful
2.0 out of 5 stars Outdated, unsurprising, 20 Jan 2011
By 
Alexander Haynes "alex_haynes" (London, UK) - See all my reviews
(REAL NAME)   
Like many other reviewers here I disliked the "tone" of the book. Granted, it is clearly written for the American market, but because a lot of the "examples" are fictional, it's hard to empathise. What you notice very quickly is that the book is written for the most basic audience. If you don't know what a trojan is or what a root user is, then maybe you'll learn something. Other than that, the techniques repeat themselves and some of the examples are hopelessly out of date ie. I can't use the internet because I'm on the phone and it's a dial-up connection!
Take this book as a basic explanation of social engineering techniques, and some countermeasures, but nothing more.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


8 of 9 people found the following review helpful
5.0 out of 5 stars Packed With Knowledge!, 22 Jun 2004
By 
Rolf Dobelli "getAbstract" (Switzerland) - See all my reviews
(TOP 500 REVIEWER)    (REAL NAME)   
In The Art of Deception, Kevin D. Mitnick, a corporate security consultant who was once arrested for computer hacking, has written a fascinating book about how to control security lapses due to the "human element." With writer William L. Simon, he describes how con artists use social engineering to gain information by lying to pass themselves off as insiders. By being sensitive to human behavior and taking advantage of trust, they learn to bypass your security systems. The book teaches you how to ward off such threats and educate employees. Yet, problematically, this information could also help con artists be more sophisticated. In any case, this highly informative, engaging book includes sample conversations that open the door to information, along with tips about how various cons are used and what to do about them. We recommend this book to corporate officers, information managers, human resource getAbstract. directors and security personnel, but don't tell anybody.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


23 of 27 people found the following review helpful
4.0 out of 5 stars Tales of human gullibility, 25 Nov 2002
By A Customer
Most security books are of the 'textbook' type, which can be very tedious reading, but Mitnick's book is a 'real good read'. Apart from Bruce Schneier's 'Secrets and Lies', this is the only security book which I've read straight through from page 1 to the end. The tales of human gullibility will give every security professional a headache.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
5.0 out of 5 stars A must read for anyone in Security, 9 Oct 2012
By 
Mole "Mole" (UK) - See all my reviews
(TOP 500 REVIEWER)   
Verified Purchase(What is this?)
Kevin Mitnick is well known to those in the security field; he is notorious for the efforts that he made to find ways around security systems, sometimes by hacking, but often by social engineering. I was a bit ambivalent about buying the book; did I want to "reward" someone that had been responsible for a number of security breaches.

However, I am glad that I did; the book highlights the methods used to gain illegal access to sites, systems and processes. These can be used by the astute security professional to understand how hackers think and to than be able to consider their options for improving their own security.

Security is not a destination, it is a journey. No matter how good a job you do, someone will find a way to get around the most hardened of processes. It is necessary to constantly question if the specific process that you have introduced are working and if they are doing the job that you think they should. Books like this reveal just how important it is to be able to take that outsider's view to ensure that you do not become one of the victims.

It's a very readable book and I feel that it should be read by anyone involved at any level in the field of IT security.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
5.0 out of 5 stars Very good - needless to say more, 10 Nov 2008
By 
Rafal Gruszczynski (Warsaw Poland) - See all my reviews
(REAL NAME)   
A must read for all of those who are even a bit interested in the security aspects.
Highly recommended.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 2 3 4 | Next ›
Most Helpful First | Newest First

This product

Only search this product's reviews