To calculate the overall star rating and percentage breakdown by star, we do not use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
3.0 out of 5 starsAfter the first 50 pages you get the idea
28 February 2019 - Published on Amazon.com
Verified Purchase
The systematic approach to misleading and deceiving people is startling and eye opening at first, but the book's narrative style is smug and ham-handed. About half-way through you realize every story is the same. Why go on?
Good book on social engineering, material is still valuable if slightly dated. A lot of the different aspects centers around the ability to influence landlines, get into switch networks for phones, and work through various gaps in the phone systems which have been rendered OBE by the advent of cel phones. I recommend if you can find a used copy.
3.0 out of 5 starsAn interesting look at security's weak link
31 March 2003 - Published on Amazon.com
Verified Purchase
Kevin Mitnick has been arguably the most famous computer hacker out there. His story has been told by others in several books. But here Mitnick is not trying to really share his experiences - rather he calls upon his collection of acquaintances and others he knows to illustrate how people can be engineered. Most of the book is essentially a series of stories of social engineering (getting someone to do what you want without their realizing it) and then some superficial analysis of why it worked. He then tries to synthesize his earlier chapters into a set of practical security precautions, many of which are common sense, and most of which the reader would have already figured out from reading the book. The stories he chooses to share are fairly interesting, both in their daring and setup and in their simplicity. What this book would be best for would be handing it to a corporate manager and allow him or her a wake up call as to security. As we try to work together, have things automated and available on-line and as our organizations grow the catchword is results, even if you have to bend the rules a bit. This is what the social engineer can exploit. Many of the stories skate along the edge of the law, and Mitnick points out when it would cross into illegal. While interesting, after a while the book becomes more tedious in structure and what is being said. Still it is very accessible and would be a great book for someone not so familiar with computers and hacking to see how some of it is done. It should serve as a wake-up call for management as to some of the dangers we face every day. And while most of the stories presented are more in the spirit of curiosity, or fun, or revenge, it would be easy to take them up a notch into activities with serious corporate impact.
5.0 out of 5 starsSpeaks volumes on social engineering/makes you think!
18 November 2002 - Published on Amazon.com
Verified Purchase
After reading it, the book makes one more aware of what to be careful when giving out information of any kind and how to protect yourself and your company's assets. I've heard alot of "Don't ever give out your id/password", "Always have firewalls on your network." One hardly ever hears about 'make sure you're giving information to someone who's supposed to have it'. There's tons of books on security with respect to technology but this is the first one I've seen that actually focuses on the weakest link when it comes to security - the human element. All the firewalls and software can't prevent a social engineer from getting in if he/she knows justs how to act and/or what to say to get what they want. Reading the scenarios really opened my eyes. Theres a scenario where a social engineer pretended to be a manager of a video store. After enough talking to another employee at another branch, the social engineer was able to get enough information to obtain the credit card # of someone who owed money to the client the social engineer was hired by. In reading the scenarios, I'd seen examples where I'd asked for the type of information described for perfectly legitimate reasons. I'd never imagined how someone could take just 1 or 2 pieces of information and create chaos for a person or a company. If you're in the IT industry, or work in any kind of customer service, you really need to pick up this book. This book doesn't bash people for being as helpful as they can be (team player, etc). He's just saying to be more aware of what's going on and when giving out any kind of information, being a little cautious doesn't hurt. As humans, we're not perfect to begin with, but a little awareness will make it just a little harder for that social engineer to get what they want.
5.0 out of 5 starsSocial Engineering 101 - Highly Recommended
25 August 2008 - Published on Amazon.com
Verified Purchase
"The Art of Deception" was recommended to me by an instructor teaching a CISSP prep class. It is both an enjoyable and informative read. Mitnik is the "real deal" in exploiting social engineering techniques and his books should be required reading by corporate security policy makers (and I am sure it is for many already).
This book illustrates various techniques for bypassing established corporate physical and information security security policies. I have actually inadvertently used some of these techniques when troubleshooting network issues or having forgotten my passcard to gain access to systems and rooms. It is often easier to bypass the rules than to go through the steps needed to obtain proper access and people are surprisingly willing to cooperate "just this one time".
This book will help you sensitize your employees to the risks of bypassing security policy and recognize when this might be occurring.