Five Sentence Abstract:
With most of the stories, which almost the entire book is made up of, coming from the 1990s, and maybe even 80's, this book is dated to say the least. Given the age, the stories seem believable; from an era where security and connectivity were only starting to really flourish. The technology is extremely dated, cell phones are barely mentioned and smart phones have not even been invented. Still, the end of story analysis and prescribed security policies are interesting. More of a walk down memory lane than anything technically useful.
Thoughts:
The stories got stale quickly. They are barely different. Social engineer makes
a few phone calls, marks give up requested info, stick a fork in it.
The material is so very out-dated. PBX telephones, and fax machines, and dial
up modems, oh my!
The only 'useful' material is the reasonable policies to stop social engineers.
Actually, the basic social engineering tactics could be useful if you had no
idea how to manipulate someone. Probably better off reading How to Win Friends
and Influence People in that case though.
Overall: yawn.
Notes:
Table of Contents
01: Security's Weakest Link
02: When Innocuous Information Isn’t
03: The Direct Attack: Just Asking for It
04: Building Trust
05: “Let Me Help You”
06: “Can You Help Me?”
07: Phony Sites and Dangerous Attachments
08: Using Sympathy, Guilt, and Intimidation
09: The Reverse Sting
10: Entering the Premises
11: Combining Technology and Social Engineering
12: Attacks on the Entry-Level Employee
13: Clever Cons
14: Industrial Espionage
15: Information Security Awareness and Training
16: Recommended Corporate Information Security Policies
- // Pages numbers from the pdf.
page 22:
- Security is too often merely an illusion
page 26:
-
In the United States most of all, we’re not trained to be suspicious of each
other. We are taught to “love thy neighbor” and have trust and faith in each
other.
-
// How much difference 15 years, and 'terrorism'
makes.
page 28:
- The attacks on New York and Washington, D.C., in September 2001 infused
sadness and fear into the hearts of every one of us—not just Americans, but
well-meaning people of all nations. We’re now alerted to the fact that there
are obsessive terrorists located around the globe, well- trained and waiting to
launch further attacks against us.
page 60:
-
You may notice I refer to social engineers, phone phreaks, and con-game
operators as “he” through most of these stories. This is not chauvinism; it
simply reflects the truth that most practitioners in these fields are male. But
though there aren’t many women social engineers, the number is growing. There
are enough female social engineers out there that you shouldn’t let your guard
down just because you hear a woman’s voice. In fact, female social engineers
have a distinct advantage because they can use their sexuality to obtain
cooperation.
-
// 2002 and this bullshit is present. I wonder, was
Mitnick an agent? From the beginning? Did they turn him?
page 185:
- You always want people to underestimate you, not see you as a threat.
page 226:
- Just install and configure the application remotely, and you have an instant
computer wiretap! The FBI must love technology.
page 338:
- Another option is the consonant-vowel method, which provides an
easy-to-remember and pronounceable password. To construct this kind of password
substitute consonants for each letter C and vowels for the letter V, using the
mask of “CVCVCVCV.” Examples would be MIXOCASO; CUSOJENA.