Thursday, October 07, 2010

Review: The Art of Deception: Controlling the Human Element of Security

I would assume that computer security books need to walk a fine line between giving enough detail to the reader to be useful, yet not so much detail that a hacker can use the information to wreak havoc. The Art of Deception: Controlling the Human Element of Security by the infamous Kevin Mitnick seems to completely disregard this principal. The book, to me anyway, comes across as a guide for social engineer hackers with a thin veneer of "hey, you can use this information to make your organization more secure" layered on top.

The book is structured as series of stories of successful social engineering hacks, where each one is deconstructed to see why it worked and what principals you can learn from it. To be totally blunt, it's basically a how to guide for committing fraud over the phone.

But, I have to admit, it sure made for a fun read. The stories in this book show how attackers can use a blend of clever techniques with pure chutpzah to pull off remarkable crimes. I wouldn't have thought a computer security book would be gripping, but this one was.

One could potentially criticize the book for being dated - many of the examples talk about computer technology that's ancient history now. But, it's fair to say, these techniques aren't about a particular system or technology. I have to think they'd work just as well today as they did 20 years ago (and 100 years ago, and 1000 years ago).

Whether you read the book to get a peek at the dark side, or just to arm yourself against being taken advantage of - it's definitely worth a read. Oh, and you definitely don't need to be a computer geek to appreciate this one.

No comments:

Post a Comment