To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
Kevin Mitnick is well known to those in the security field; he is notorious for the efforts that he made to find ways around security systems, sometimes by hacking, but often by social engineering. I was a bit ambivalent about buying the book; did I want to "reward" someone that had been responsible for a number of security breaches.
However, I am glad that I did; the book highlights the methods used to gain illegal access to sites, systems and processes. These can be used by the astute security professional to understand how hackers think and to than be able to consider their options for improving their own security.
Security is not a destination, it is a journey. No matter how good a job you do, someone will find a way to get around the most hardened of processes. It is necessary to constantly question if the specific process that you have introduced are working and if they are doing the job that you think they should. Books like this reveal just how important it is to be able to take that outsider's view to ensure that you do not become one of the victims.
It's a very readable book and I feel that it should be read by anyone involved at any level in the field of IT security.
( NB The author is Kevin Mitnick, despite Amazon's "all my reviews" showing it to be Steve Wozniak, Steve Jobs' partner in founding Apple. Woz merely wrote the foreword. )
I found this book very disappointing. After listening to an interview with the author, I was interested in learning more about his hacker background, and techniques he used to gain access to computer systems. As his new book is so excessively priced, I settled for a used copy of this, his earlier book.
At first it held my interest, as it describes how access to computer systems is gained by "social engineering" - posing as a company employee from one department, when phoning another department & extracting access infromation from employees like receptionists etc. who trust that you are genuine. It helps to be able to name drop managers' names too. He even persuades systems administrators to set him up with a "guest" account by posing as a visitor from another installation, within the same company.
Fascinating in as far as it went, but that's where it stopped. Subsequent episodes were all variations on the same theme, and soon I got bored with reading the same stuff over and over again, especially as each episode was also followed by an analysis of how it was done (not needed really, it was self-evident) and then recommendations on how to avoid being compromised by this kind of hack. So all this was repeated time and time again also.
The only time it raised a smile was when he talks about running a password harvesting program on a dumb terminal. This is a relatively simple hack which, as a college teacher of I.T. I was able to demonstrate to students on our Unix system, so the author brought back interesting memories.
I have a lot of respect for his chutzpah and nerve in carrying through what he did, and also his skill in penetrating systems, but am far less impressed by his ability as a writer. The book is heading for the charity (thrift) shop.
I bought this having thoroughly enjoyed Mitnick's "Ghost in the Wires", but it fell short of the original standard. My overall impression was that this book simply capitalised on Mitnick's reputation based on his "notoriety" and his previous literary success. I found myself skipping large chunks of it, but maybe the book would be useful as a checklist or reminder for those who work directly with internet security issues. Mitnick's "Ghost in the Wires" taught me a lot; this one added little more.
I wasn't really sure what I was getting myself in for getting this book, but I have to say that I really enjoyed it.
Kevin was what the movie's Hackers 1/2 was based on and this really does take you through his early life and how easy it was back then to get details of passwords and accounts etc. But also teaches of ways to counter also.
Overall I really enjoyed the book and often mention it in conversation about how social engineering can be used.
The stories told by Mitnick in this book are very entertaining to read, but I do think that businesses today (certainly enterprises) have done a lot of work in countering practices described by Mitnick. After a story, there is always an explanation of the con and what you can do about it (which is usually not much). These comments are very obvious most of the time. So of the 368 pages, there are about 200 that are an entertaining read. The last chapter covers how you can improve the security (and security procedures) of your company. Again, some are obvious, some of these notes are already widely implemented today. I must agree with another reviewer, the book hasn't aged well.
I'm sure that when this was first released, there were a number of surprises and good advice in there, but the book is badly out of date now.
There are references to dial-up modems, backing up the database to floppy disk, a memory stick which can store 32MB etc. which just seem quaint these days.
I'm also not convinced that many of the examples would hold true today - people are more alert and aware of possible scams which they are opening themselves to. The examples given have been fictionalised, so they don't really impress much - if they revealed some of the company names, then it might be more impressive. As it stands, a series of examples of a fictional person ringing a fictional receptionist in a fictional company and getting her to fax the information to him just serves to bore by the end of the book.