Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent.
Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
©2003 Kevin D. Mitnick; (P)2009 Audible, Inc.
"interesting but repetitive..."
I was expecting more from this book but I have a background in IT Security and maybe that clouded my judgement. The target audience is not the InfoSec community but middle management.
The books contained many simplistic examples, with a few teases of information around potential social engineering resources (mainly US examples) but started to get very repetitive offering only high level solutions (e.g. have a security policy).
My advice - Once you've read the first few chapters you can put this book down and get on with your life. The book serves a purpose to highlight to the clueless how easily you can be convinced to part with information but I would imagine it would start to feel like a broken record to most readers.
Report Inappropriate Content
If you find this review inappropriate and think it should be removed from our site, let us know. This report will be reviewed by Audible and we will take appropriate action.