I’ve started to try to actively learn from books rather than just read them. I’m posting my book summaries online to keep myself accountable to my “book a week” goal and hopefully to encourage others to read more too.
This Week’s Book Title [Week 32] : The Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon, Steve Wozniak (Foreword by)
PDF (bought through the Humble Bundle I mentioned last week). This was my first time reading a PDF book in iBooks on an iPad mini.
I found it harder to set aside time to sit down with an iPad than with a physical book even though that makes no sense whatsoever. I also found it harder to figure out how far along I was in the book/how far to the end of the chapter. Maybe that’s an iBooks thing. Or a novice eBook reader thing. I’ll probably try a different app next time. I’d love to hear your recommendations.
First impressions (from last week)
The author paints a very bleak picture of no system being secure because there is a human element in every system, and that human element can be conned into releasing information. That piece of information on it’s own may not seem like such a big deal, but combined with other data the bad guy can find elsewhere, it could be the last piece of the puzzle.
Quote: “Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.”
Most of the book describes different types of social engineering attacks (or cons), following the format of:
- Story of a con
- Breakdown of each step
- What could be done to avoid the problem
A lot of the stories mention dialling-in to a computer or faxing something out and I had to check what year the book was published – 2002 – to realise why. That didn’t make me dismiss the book out of hand or de-value it in any way. I’m sure that the same cons are being run today with more up-to-date technology in play.
The story format made what even the author admits in the book – Information Security – which can be quite a boring topic – interesting. I would never have thought of some of the inventive work-arounds the grifters in the book used to get the access/information they need. I will now!
The last part of the book covers Information Security training and Policies that the author recommends that companies implement. I recognise most of them in place already where I work and it’s a good checklist for smaller businesses and those starting up a business.
In conclusion: Mitnick provides valuable insight into the less ethical methods of gathering data and into human behaviour. He shows just how easy it is to get past a lot of common phone/computer safeguards that are in place and the effect of letting your own guard down too when it’s not appropriate to do so.
Next week’s book
In case you want to read along with me, here’s what I’m planning for the upcoming week.
Assuming Ready Player One (Science Fiction) or The Miracle Morning (Personal Development) still don’t come through from the Library, I have Humble Inquiry: The Gentle Art of Asking Instead of Telling (Personal Development) in my hand right now to get started on right away.
13 Aug 2017: Updated the calendar week number to the correct one