Learn more Download now Shop now Pre-order now Shop now Shop now Shop now Shop now Shop now Shop now Learn More Learn more Shop Fire Shop Kindle Learn More Shop now Shop now Learn more

on 13 August 2013
Although a somewhat old book now at 8 years old, both the author and publication are well known subjects in the security world. No matter your opinion of the author who has collated the stories from various black hat sources (and who himself famously spent time in incarceration prior to this for IT systems penetration) it's worthwhile to read the publication in order to 'know your enemy' as Sun Tzu would have advised.

Since it's a collection of what appear to be true stories of penetrations of organisations systems, it's a welcome break from drier more technical publications that you might be used to as revision reference and similar. The book features less on technical procedures, checklists and exact tools/procedures and facts and more on the process and social engineering behind real world penetration attacks against the IT industry - as such the book ages well and is still insightful despite the age.

It feels like the majority of stories revolve around the attackers finding overlooked small flaws in a sites security, and then spending time turning this single flaw into a larger penetration, growing in depth of compromise over time. This is quite a contrast to the usual mainstream view of a single flaw causing the compromise of an organisation - the book implies that it's more likely a string of flaws, each on its own not a great issue (and probably existing due to lack of staff time or knowledge) but when combined they provide an attacker with a route in.

The story of the attacker who spends a year breaking into a company also challenges the traditional view of attackers that compromise a system, cause damage or send as much spam as possible until detected and then the issue is fixed by the IT staff. Instead the attacker gets access and spends time slowly moving through the network to get to the desired systems (in this case a source code repository).

Another eye opener is the scorn the attackers repeatedly give towards systems when the systems administrators dont take action against persistent obvious attacks. It's hard to read the book and not come away thinking that perhaps it really is time to cure the false positives coming from the organisations intrusion detection system and pay some real attention to configuring it. You think of your own organisations systems, and the minor outstanding security measures you've been meaning to spend time on but other tasks took priory. It's a healthy kick in the posterior to pay attention to both due care in setting up security prevention and detection systems and due diligence in monitoring the resulting logs (and taking action when necessary).

The book is an IT security classic which ages well in terms of technical content (due to the discussion of timeless subjects such as social engineering rather than software versions) and should be required reading for IT professionals, especially those who might be feeling that their IT security is impenetrable.
0Comment| One person found this helpful. Was this review helpful to you? Report abuse
on 14 August 2017
The stories illustrated within this book are very fascinating, however the style, and approach taken on this book isn't the greatest. The writer keeps referring back to himself and his days, in pretty much every chapter, that could be written in a book of its own.

For that, I give it a 3 star rating. Otherwise the approach is good, and the book is enjoyable.
0Comment|Was this review helpful to you? Report abuse
on 3 August 2005
I enjoyed this book. I was very much looking forward to it after reading The Art of Deception. This book follows the same format, with 11 chapters detailing a number of hackers/security consultants experiences breaking into systems in various ways. Unlike the Art of Deception which concentrated purely on social engineering techniques, this book (barring one chapter on social engineering) is largely more technical, detailing hack attacks from information gathering stage through to the hack itself and reporting (if this is done!). A couple of chapters do require technical knowledge, as whilst Mitnick describes a few technical terms, this certainly isn't done comprehensively to allow a novice to fully understand what is going on. As one other reviewer said, Mitnick does intersperse all the 'stories' with experiences from his own life, and whilst this could be construed as egotistical, I found it refreshing and often very funny. Each chapter also details how firms can protect against each attack mentioned, which is very useful, and makes this more than just another hacker culture reference.
0Comment| 9 people found this helpful. Was this review helpful to you? Report abuse
on 4 September 2006
This book is an amazing insight into the exploits and techniques used

by hackers, crackers and social engineers! it really is a truly gripping read which makes you think "Oh I'll read just one more chapter" I don't think I could pick out any real negative points in the book it was consistent throughout providing not only the great stories of the hacks but also offering some wonderful information,

this really is an absolute MUST for any IT or security fanatic and is well worth the money to add such an excellent book to your shelves!
0Comment| 3 people found this helpful. Was this review helpful to you? Report abuse
on 12 February 2006
A very interesting collection of stories if you want to look over the shoulders of people who one day may fancy "0wning you". You can get a fell for what they are capable of. Especially regarding patience, single-mindedness and inventiveness in worrying the locks - physical and virtual - until they break. Or in finding that one passage that non-one thought manageable, discoverable or exploitable. Reads like good heist stories without the steamy and ultra-violent parts. And with well-meaning advice to boot.
Some notions of networking required, but neophythes don't need to fear: the authors don't leave you hanging and try to explain the basics - sometimes not too successfully, but then this *is* a hairy subject. Hard-core network admins will not be surprised by anything in here but will get a view of the 'bigger picture' that lies beyond the suspicious activity seen in the log files.
The stories related in the book have, according to the authors, been well-checked an corroborated as explained in the preface. Technically they are absolutely believable.
So what do you get for your money:
Chapter 1: Buy a video poker machine, reverse-engineer it, find out it's predictable then make big bucks in Vegas.
Chapter 2: Try to break into the gov'nmt while being egged on by real (or fake?) Pakistani terrorists.
Chapter 3: Build your own Internet connection from inside prison while running rings around the wardens. The Shawshank Redemption, a bit differently.
Chapter 4: Break into Boeing while there is a computer forensics class in progress. Bad idea!
Chapter 5: The famous Adrian Lamo in action. The New York Times' network is opened up. The Gray Lady then goes into payback mode.
Chapter 6: Your company wants a penetration test? Think twice, you may get more than you bargained for. (There should be contest for guessing at the Real Names of the companies mentioned. Hmmm?)
Chapter 7: You bank is secure, right? Actually, no!
Chapter 8: Hello, operations? I thought this machine where we had our source code was secure. Now it's on a warez site!
Chapter 9: Hacking for profit: A forgotten console cable around a firewall and 'PC Anywhere' carelessly installed on a mobile computer eventually brings about the targeted companies's undoing.
Chapter 10: Social engineering. Ok, so we have seen this in Mitnick's previous volume.
Chapter 11: Odds and sods (i.e. assorted hacks).
Contrary to what wombatboy1975 says, Mitnick keeps the ego firmly in check (compare this to his erstwhile antagonists, the 'duo terrible' Shimomura/Markoff whose book was made unreadable among others by ego inflation).
The conclusion that you can draw from the stories is that hackers are not unlike a flu virus. If there is a surface protein that one of them can lock unto, one of them might do it tomorrow. Or never. Or maybe just not on your watch.
Work on reducing your systems's cross-section. And good luck.
0Comment| 6 people found this helpful. Was this review helpful to you? Report abuse
on 19 May 2005
The stories in this book are really interesting and the lessons learned very useful. But the writting style leave a lot to be desired. It always seems that Mitnick is trying to push his own exploits ahead of the people in the examples, there is too much "I know what he means" or "When I did that".
0Comment| 3 people found this helpful. Was this review helpful to you? Report abuse
on 6 October 2013
The book has been an extremely interesting read as well as a little bit of a history lesson. Under no circumstances is this an instruction book, but more of a look of where companies went wrong and ways we can all learn to mitigate these risks. Whether you're a professional or someone interested in security then I would happily suggest anyone reads this book.

This book not only looks at the technical challenges but also the physical and social ones; many areas covered.

As a placement student from reading this I have learnt a few things about how I should apply good practices in my work, "No one will go to the trouble of doing that, there is some kid that will.". Overall a good read.
0Comment|Was this review helpful to you? Report abuse
on 14 July 2005
Mitnick and Simon present a cogent and interesting account of people who have illegally intruded on cyberspace, mainly in the US. It is possible that some tales retailed by them are apocryphal.But most of them stand to reason. They are daring and highlight how human ingenuity keeps pace with technology. All systems administrators, CSOs, CIOs and CEOs must read this. If after reading this, they are slack and hesitate to upgrade their systems, only the Almighty can save them. I already look forward to Kevin's autobiography, which he can pen only after the Federal ban expires in 2007.
0Comment|Was this review helpful to you? Report abuse
on 24 October 2011
In the same writing style as The Art of Deception: Controlling the Human Element of Security, Kevin Mitnick gives us more stories which show the workings of a hacker's mind. In the stories I noticed the evolution of real technical hacking techniques to a combination of with social engineering. The stories are both interesting and amusing. Some technical knowledge will help you to understand these stories, although the mentioned technical concepts, ideas and technologies are explained too.
0Comment|Was this review helpful to you? Report abuse
on 26 February 2012
A concern overall is whether this is really a tongue in cheek guide for the "on the fringe" hacker, and rather than looking in deep dark chat rooms can find all they need here to launch the next latest and greatest exploit. There are no moral lessons or lecturing so one can only wonder whether the it's true that the best camouflage is broad daylight since he who laughs last, laughs best.
0Comment|Was this review helpful to you? Report abuse

Sponsored Links

  (What is this?)