Home · Book Reports · 2018 · The Art of Deception
- Author :: Kevin Mitnick, William Simon
- Publication Year :: 2002
- Read Date :: 2018-06-19
- Source :: Kevin_Mitnick-The_art_of_deception(2003).pdf
designates my notes. / designates important.
Thoughts
The stories got stale quickly. They are barely different. Social engineer makes a few phone calls, marks give up requested info, stick a fork in it.
The material is so very out-dated. PBX telephones, and fax machines, and dial up modems, oh my!
The only ‘useful’ material is the reasonable policies to stop social engineers.
Actually, the basic social engineering tactics could be useful if you had no idea how to manipulate someone. Probably better off reading How to Win Friends and Influence People in that case though.
Overall: yawn.
Table of Contents
- 01: Security's Weakest Link
- 02: When Innocuous Information Isn’t
- 03: The Direct Attack: Just Asking for It
- 04: Building Trust
- 05: “Let Me Help You”
- 06: “Can You Help Me?”
- 07: Phony Sites and Dangerous Attachments
- 08: Using Sympathy, Guilt, and Intimidation
- 09: The Reverse Sting
- 10: Entering the Premises
- 11: Combining Technology and Social Engineering
- 12: Attacks on the Entry-Level Employee
- 13: Clever Cons
- 14: Industrial Espionage
- 15: Information Security Awareness and Training
- 16: Recommended Corporate Information Security Policies
- Pages numbers from the pdf.
· 01: Security’s Weakest Link
page 22:
- Security is too often merely an illusion
page 26:
-
In the United States most of all, we’re not trained to be suspicious of each other. We are taught to “love thy neighbor” and have trust and faith in each other.
-
How much difference 15 years, and ’terrorism’ makes.
page 28:
- The attacks on New York and Washington, D.C., in September 2001 infused sadness and fear into the hearts of every one of us—not just Americans, but well-meaning people of all nations. We’re now alerted to the fact that there are obsessive terrorists located around the globe, well- trained and waiting to launch further attacks against us.
· 02: When Innocuous Information Isn’t
· 03: The Direct Attack: Just Asking for It
· 04: Building Trust
page 60:
-
You may notice I refer to social engineers, phone phreaks, and con-game operators as “he” through most of these stories. This is not chauvinism; it simply reflects the truth that most practitioners in these fields are male. But though there aren’t many women social engineers, the number is growing. There are enough female social engineers out there that you shouldn’t let your guard down just because you hear a woman’s voice. In fact, female social engineers have a distinct advantage because they can use their sexuality to obtain cooperation.
-
2002 and this bullshit is present. I wonder, was Mitnick an agent? From the beginning? Did they turn him?
· 05: “Let Me Help You”
· 06: “Can You Help Me?”
· 07: Phony Sites and Dangerous Attachments
· 08: Using Sympathy, Guilt, and Intimidation
· 09: The Reverse Sting
· 10: Entering the Premises
page 185:
- You always want people to underestimate you, not see you as a threat.
· 11: Combining Technology and Social Engineering
· 12: Attacks on the Entry-Level Employee
page 226:
- Just install and configure the application remotely, and you have an instant computer wiretap! The FBI must love technology.
· 13: Clever Cons
· 14: Industrial Espionage
· 15: Information Security Awareness and Training
· 16: Recommended Corporate Information Security Policies
page 338:
- Another option is the consonant-vowel method, which provides an easy-to-remember and pronounceable password. To construct this kind of password substitute consonants for each letter C and vowels for the letter V, using the mask of “CVCVCVCV.” Examples would be MIXOCASO; CUSOJENA.