Customer Reviews


85 Reviews
5 star:
 (41)
4 star:
 (27)
3 star:
 (12)
2 star:
 (4)
1 star:
 (1)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


31 of 34 people found the following review helpful
4.0 out of 5 stars A rare glimpse into the underbelly of the computer world
Love him or hate him Kevin Mitnick is the most celebrated hacker of our time. The Art of Intrusion gives the public and security practitioners a rare glimpse into the minds of hackers and their dedication in accomplishing their work.

This book is highly entertaining for everyone, security practitioner or not. I've never hacked my way into a video poker machine,...
Published on March 24, 2005 by Eric Barna

versus
14 of 14 people found the following review helpful
3.0 out of 5 stars Same idea, different perspective
These are all tales from the crypt - known exploits in some shape or form. The book simply "personalizes" them a bit more and adds a bit of color.

Continuing to use his legacy, Kevin Mitnick continues to give us his best Rod Serling tour of the dark side of the internet. He goes out of his way in the introduction to thank William Simon who did a good job...
Published on June 28, 2005 by Cyberdude


‹ Previous | 1 29 | Next ›
Most Helpful First | Newest First

31 of 34 people found the following review helpful
4.0 out of 5 stars A rare glimpse into the underbelly of the computer world, March 24, 2005
Love him or hate him Kevin Mitnick is the most celebrated hacker of our time. The Art of Intrusion gives the public and security practitioners a rare glimpse into the minds of hackers and their dedication in accomplishing their work.

This book is highly entertaining for everyone, security practitioner or not. I've never hacked my way into a video poker machine, but Kevin Mitnick and William Simon made me feel as if I had been there with a wearable computer in my shoe tapping out the codes that would let me beat the casino. Mitnick and Simon do a great job of breaking down technology in terms everyone can understand.

Chapters 1-5 take you along with hackers as they beat the casinos in Vegas, hack for terrorists, create a network out of nothing in a Texas prison and break into the New York Times.

Chapter 6 takes a slight detour to discuss penetration testing, used to legitimately test vulnerabilities at companies. This was a very insightful chapter for me and some of the techniques will be helpful to me. Some companies will never know (and sometimes don't want to know) how vulnerable they are. It is always better to find out your vulnerabilities from the "white hats" instead of finding out about vulnerabilities from the "black hats". One is a fixed cost the other isn't.

Chapters 7 through 9 take you back into the world of the hackers as they hack into banks, steal intellectual property and hack a prison transport company.

Chapter 10 describes social engineering attacks and countermeasures. If you want to learn about social engineering, what better source the Kevin Mitnick, the world's most notorious social engineer.

Chapter 11 contains a few short takes on some hackers which, I guess, Mitnick and Simon didn't feel deserved a full chapter.

I was a little dismayed to read in Chapter 6 about Robert, the "respected security consultant", who plays hacker at night. I think the term, respected, must be only in this hackers mind. A better term would have been "deceptive security consultant". I was not satisfied with argument that this person hacked into computers out of curiosity and the need for a challenge. There are many legitimate (and paying) ways to satisfy your curiosity and challenge that are completely legal.

If you take anything from this book it must be the tenacity of the hackers. Some of the compromises took months or years to carry out. In the process of committing the compromise the hacker learned more about the systems than the people charged with taking care of them on a daily basis. The hackers went undetected for months and years, sometimes grabbing information from the CEO's computer. This is very disturbing.

I highly recommended reading Art Of Intrusion for everyone. The book immerses the reader into a world very few of us will ever see, one of the underbellies created by our reliance of technology. The problem of hackers will only get worse and the Art of Intrusion lets us know what we are up against.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


76 of 90 people found the following review helpful
4.0 out of 5 stars How much would you pay to get inside the enemy's mind?, March 23, 2005
Over two years ago I read and reviewed 'The Art of Deception,' also by Mitnick and Simon. I thought that book was 'original, entertaining, [and] scary.' Those same adjectives apply to 'The Art of Intrusion' (TAOI). While I also add 'disappointing' and 'disturbing' to the description of TAOI, sections of the new book make it an absolute must-read. If you want to understand the consequences of systematic, long-term compromise of your enterprise, you must read and heed the lessons of TAOI.

This book may provide the closest look inside an intruder's mind the security community has yet seen. There is simply no substitute for understanding the methodology, goals, and determination of a skilled intruder. Chapter 8 brings the world of the enemy to life, describing separate incidents where crackers stole intellectual property from enterprise networks. These intruders were patient and methodical, taking months to locate, acquire, and transfer their prey. I have encountered this sort of adversary as a real security consultant (explanation follows), but never read supposed first-hand accounts from the enemy's point of view. Chapter 8 alone makes the book worth purchasing.

Why is the book 'disappointing' and 'disturbing' then? I was repeatedly disgusted to read about so-called 'security consultants' who are 'published authors on security topics' (p. 168), who describe themselves as 'white-hats' but acknowledge defacing sites 'where security was so shoddy someone needed to be taught a lesson (p. 143), and who are 'respected security professionals by day and become a black-hat hacker by night, honing the skills that pay their mortgage by hacking into the most resilient software companies on the planet' (p. 166). Attaching the label 'security professional' to these criminals -- still active by some accounts -- is a crime itself. At least Mitnick perpetrated his crime and did his time. These people, however skilled, are a black mark on the security community -- they literally perform the crimes for which their 'skills' are then required. The mitigating factor for me is that these intruders shared their stories for the benefit of the community. For that I am grateful, but I'd also like to hear they've hung up their black hats!

In some places Mitnick seems to close to his subjects to render a fair opinion of their skills. Chapter 5 talks about Adrian Lamo, named by Mitnick 'The Robin Hood Hacker.' It begins with a story about rescuing a kitten from a 'dirty storm drain' that belongs in an after-school TV special, and smells of social engineering on Mr. Lamo's part. After reading about this 'purist... the thinking man's hacker,' we learn his only real skill was 'exploiting misconfigured proxy servers.' When asked what operating system the New York Times was running when he infiltrated it via proxy server, 'Adrian answered that he doesn't know. 'I don't analyze a network that way.' I doubt someone who 'secured' a proxy server at Excite@Home by cutting the cat 5 cable to the box knows anything more than how to use his 'favorite tool... ProxyHunter' and his 'intellectual gift of finding misconfigured proxy servers' (p. 112). This mischaracterization of Adrian Lamo hurts the authors' credibility, at least as far as chapter 5 goes. I felt the same sense of being too close to the characters when reading of 'two convicted murderers' in chapter 3, although their story should catch the eyes of prison wardens everywhere.

Besides the war stories in TAOI, I found many of the authors' insights appropriate and helpful. In places Mitnick and Simon describe how victims never believe they are compromised, and when they are shown proof, they 'figure they just dropped the ball on this one occasion' (p. 216). Repeatedly through the book, network security monitoring is offered as a means of incident detection and response. I wish those who advocate the supposed defender's advantage of knowing their network would read this gem on p. 164: 'I knew their network better than anyone there knew it. If they were having problems, I could probably have fixed them.' This is so true, because the intruder's interest goes so much deeper than an administrator who sees security as part of his over-stressed and under-resourced job.

Not all of the book was written from the perspective of black hats masquerading as 'security professionals' by day. Chapter 4 features a tale by former Boeing employee Don Boelling, a real security professional. Other chapters present the stories of unnamed penetration testers, all of which I found intriguing.

Despite my negative opinion of the ethics of some of this book's contributors, I still highly recommend reading TAOI. I suspect the validity of some of the earlier reviews, as three are posted by people whose only review is for TAOI and one is by TAOI co-author W.L. Simon! Does the social engineering never end?
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


14 of 14 people found the following review helpful
3.0 out of 5 stars Same idea, different perspective, June 28, 2005
By 
These are all tales from the crypt - known exploits in some shape or form. The book simply "personalizes" them a bit more and adds a bit of color.

Continuing to use his legacy, Kevin Mitnick continues to give us his best Rod Serling tour of the dark side of the internet. He goes out of his way in the introduction to thank William Simon who did a good job increasing the readability. Although there are some technical parts, they're not excruciatingly unbearable and Simon does a good job eliminating much technical jargon.

The question is though who to recommend this book to? The seasoned pros know it all, the novices are too busy exploring on their own.

It's probably best suited as supplemental reading for a course on enterprise security management and I would include it in my class since the vignettes make interesting case studies and as a professor I could easily springboard into many a security concept above and beyond the basics of the chapter.

Mitnick, being the consummate social engineer, couldn't help but include a section on this topic and you can see how comfortable he is with this. It flows naturally.

A concern overall is whether this is really a tongue in cheek guide for the "on the fringe" hacker, and rather than looking in deep dark chat rooms can find all they need here to launch the next latest and greatest exploit. There are no moral lessons or lecturing so one can only wonder whether the it's true that the best camouflage is broad daylight since he who laughs last, laughs best.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


13 of 14 people found the following review helpful
3.0 out of 5 stars entertaining but not groundbreaking, April 17, 2005
Mitnick's followup to his excellent Art of Deception is a collection of hacker stories, mostly attributed to pseudonyms, each followed up with a description of how the successful exploitation of vulnerabilities could have been prevented.

The stories are mixed in quality and plausibility, but the defensive advice is generally quite good and on-target. The story from the l0pht is particularly amusing, the story of company that enters into negotiations to purchase them, only to make the mistake of agreeing to a no-holds-barred penetration test of their infrastructure as a preliminary.

The initial story in the book, about hacking slot machines, seems rather implausible, especially given the apparent necessity of a plus-or-minus 5 ms accuracy in response time (p. 8), since human beings take 10-20 times that amount of time to perceive and respond to a stimulus.

Particularly disappointing was that Mitnick gave so much space and sympathy to "Robert," a seriously ethically challenged hacker in chapter 8. "Robert" is a hacker who worked for porn spammers by breaking into porn websites to collect email addresses, yet allegedly works in security for a "very religious and upstanding company" (p. 168).

This book doesn't quite measure up to its predecessor, but it is an entertaining book. Most of the defensive advice is old hat for security professionals, but could prove useful to executives, small business owners, and novices interested in security.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


15 of 17 people found the following review helpful
4.0 out of 5 stars Not to be ignored!, February 10, 2006
The Art of Intrusion is an excellent book. It is entertaining, informative, and helps you in understanding your threat level as an IT manager of your company. Who else can be a better teacher than Kevin Mitnick? Kevin, was an excellent social engineer, and if you will read more about him, you will also know that most of his attacks were not so technical, but he pulled them out successfully because of his social engineering skills.

Don't expect this book to teach you some hacking skills. But, this one will sure make you aware of the situations when human beings turn weak and give an opportunity to social engineers who with their skills in computers can wipe or steal all the information stored on your company's IT systems. If you are managing a large IT Department, don't ignore this book.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


14 of 16 people found the following review helpful
3.0 out of 5 stars This Book Hacks It, May 14, 2006
This book gets fairly technical about the ways of computer hackers. Without giving away quite enough detail so that you could do hacking damage yourself if you don't already know how - it gives some ideas about how hackers patiently search for points of entry into the most confidential files of corporations, research agencies, and private citizens.

After a bad-boy history, author Mitnick went over to the good side and started to work as a professional hacker, hired by individuals to check their systems. He found that usually, the more cocksure a client was that all vulnerabilities had been eliminated, the easier it was to hack into that system.

I personally wasn't able to follow a lot of the explanation in this book. But I did get a general briefing about ISP ports, the use of proxy providers so that your hacking activities are hard to trace, etc.

Then everyone will be able to follow Mitnick's sections on "social engineering." Here he tells how he and his team manipulate people into allowing them access to Company strongholds and to network computers. He talks about trailing casually in behind legitimate employees when they walk to and from the cafeteria. He talks about conning security into issuing him temporary ID badges. He suggests some distracting, ingratiating small talk patter anyone can use to sound as if they have a legitimate reason for being on the scene, accessing network systems.

There are loads of typos in this book, almost one a page, that might cause you to stumble along a little. And professional hackers will likely already know most of the tricks of the trade explained here, while novices such as myself will be lost much of the time. So it's probably intermediary computer enthusiasts who can best enjoy this book and profit from it. And if there isn't enough here to turn you into a master hacker yourself, you will at least get some idea about how not to be hacked.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5 of 5 people found the following review helpful
4.0 out of 5 stars Think like an intruder; Behave as a professional, March 22, 2006
It is my first purchased book about hacking and intruder stories. In the past, I just glanced over other books with difficult English and without any technical details. However, The Art of Intrusion gives an impressive content by interviewing various hackers of their real intrusion and hacking experience with technical highlights. In addition, the authors provide countermeasures for the case study, it is not just a story.

Frankly speaking, learning from my peers or groups, it is hard to meet the one with descriptive step-by-step intruder's experience. Meanwhile, I always raise a question in my mind: How to know my implemented controls could withstand attack? This book comes to me and I could understand what a real hacker could do in the real world. In the book, it quotes a statement from The Art of War from Sun Tzu in Chapter 8 about stealing intellectual property:

"Know thyself and know thy enemy; in a hundred battles you will never be imperil"

Back to the book outline, there are totally ten stories ranging from breaking into New York Times network, hacking banking system, software vendor and soft drink machine to undergoing penetration test. From the book, you could understand how determined and persistent a hacker could be. He could fix and intrude company network for two years to steal the software. Afterwards, the hacker does not want to be traced and alert the administrator by scanning the target's port with patience and keep it in small volume. Modifying the program code in assembly level to disable input validation and overwriting the one in production readily spark me an alarm for integrity check. I strongly recommend chapter 7 - 9 for your study and peers discussion.

There are some more points for us to think with about the ethics of being a professional. In the book, there is a number of hackers are working as a respected security professional in a corporation but working on criminal hacking at night time for money return. This is also a reminder or challenge to all of us to maintain our professional integrity and judgment.

Apart from learning theories and best practices, as security professionals, we do need real stories of intruders; it is very helpful to our vision towards our existing and future security control proposal and practice. Again, if you have got approval from management what you are doing, it is deemed as ethical, otherwise, without authorization, you are an intruder.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


7 of 8 people found the following review helpful
2.0 out of 5 stars A banal slog, August 12, 2011
By 
Robert H. Stine Jr. "Bob" (Arlington, VA United States) - See all my reviews
(REAL NAME)   
This review is from: The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (Paperback)
"The Art of Intrusion," by Kevin Mitnick, tells of the people and strategies behind some ten successful hacks of government or business systems. Each chapter gives the setting and timeline of a particular hack, and then concludes with advice about how to prevent such an attack. Mitnick, by the way, is a notorious hacker gone straight, following a stiff prison sentence for his crimes.

Although the book does not detail the hacks by organized crime or by foreign powers, it is nevertheless chilling. Determined hackers worm their way into systems by stages, often using a forgotten or innocuous host as a staging ground for attacking the high value systems. In one case, a laptop that was only powered on a few hours a day was the springboard for stealing vital corporate information.

This is not, however, a book that I can recommend. It is not technical enough to be useful as a work resource, but it is not interesting enough to be a good recreational read. Many of the author's admonitions are banal, and reading through the book was a tedious slog. Mitnick seems to be coasting, relying on his notoriety rather than producing a book of substance.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
4.0 out of 5 stars Oh So You Think You Are Untouchable?, September 1, 2005
2002's The Art of Deception, by Kevin Mitnick and William L. Simon, is a definitive title on the art of social engineering that I consider to be a must read. The latest title by this duo, The Art of Intrusion (Mitnick and Simon, 288 Pages, J. Wiley, 2005, ISBN 0764569597) is now on this list as well. From the start, they provide real-life stories of intrusions in a way that can be easily understood by nontechnical readers, while at the same time provide a solid reference to explore more technical solutions to the threats illustrated. There are a few times that Mitnick seems to slip into an apologist role for hackers, but this is tempered by his simple advice that perhaps at times we should embrace hackers and what we can learn from them, instead of prosecuting them from the get go.

What makes this book an excellent resource is that each chapter is a stand-alone incident that really happened. Through interviews with the participants, it is easy to read and understand what happened and what the threats really are. I find this important because it is one thing to talk (sometimes until you are blue in the face) about potential threats and the need to defend against them, it is another to read about real incidents and the aftermath. The story of the state prison inmates will either leave you in stitches or shocked at the inadequacy of prison security.

In the book, there is an all important and true quote: "The adage is true that the security systems have to win every time, the attacker only has to win once". This quote is appropriate because like their first book, the authors take the time to explain each intrusion in detail. They then follow each one with specific recommendations as to how they could be defended against. One important thing I took from the book deals with penetration testing. Doing these tests is much like a companies balance sheet: it is only a snapshot in time of the current situation. You may pass this time, but it does not mean that you are safe in the future.

This book really is a companion book to The Art of Deception, but it can stand alone. But if you take the lessons, policies and plans from the two books, you will be much better of than if you haven't. And who better to learn from then the original hacking "bad boy". Do not expect a deep technical read, because that is not what this book is about. It is about learning to crawl before you can walk.

Who Should Read This Book?

This book should be read by pretty much the same people who I recommended read The Art of Deception. This includes information security officers and consultants need to read this book so they can incorporate the lessons into their own best practices. CIOs and CEOs need to read this book, which is very readable, to understands the nature of the threats and why they cannot dismiss it as non-important.

The Scorecard

The book does get a minor hit for the apologist tone, but still rates a

Birdie on a Long Par 5 playing into the wind.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
5.0 out of 5 stars Must read for anyone with an interest in computer security, August 7, 2006
Verified Purchase(What's this?)
While these stories describe different exploits they all provide different lessons and are from that POV well worthwhile. Several of the stories are quite funny (the hacked Coke machine for instance--the password jumped out at me as soon as they said no one could ever guess it) but still worth while. There is too much tendency to depend on hardware solutions when folks don't realise that those are computers too and they can be hacked just as easily or even more so than a PC. Some of the stories are probably exaggerated as Mitnick admits he was unable to verify all of them particularly the shorts at the end of the book. Some of chapter 10 is probably exaggerated but I used to do pen tests and its certainly overall credible. A very valuable book overall. I can sympathise when some of the "white hat" security experts turn vigilante and deface websites etc. out of frustration. The reason that I left the field was because often my big decision after an audit was "do I just dust off the report I did 2 years ago or do I write a new one" because more often than not nothing had changed and none of the holes had been plugged. Most of the times I wrote a new report were because new vulnerabilities had been added.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 29 | Next ›
Most Helpful First | Newest First

Details

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
$16.95 $12.72
In Stock
Add to cart Add to wishlist
Search these reviews only
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.