Winter Driving Best Books of the Month Men's Leather Watches Learn more nav_sap_SWP_6M_fly_beacon $5 Albums All-New Amazon Fire TV Beauty V-Day Valentine's Day Cards Bring a little greenery into your home Amazon Gift Card Offer jstfd6 jstfd6 jstfd6  Amazon Echo All-New Fire Kindle Paperwhite Lisa Loeb AMO Shop Now Sale

Customer Reviews

4.3 out of 5 stars21
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

on June 7, 2008
No Tech Hacking (NTH) again demonstrates that the fewer the number of authors a Syngress book advertises, the better the book. With security star Johnny Long as the main author, the book adds a section in Ch 5 (Social Engineering) by Techno Security organizer Jack Wiles. The "special contributors" no doubt worked with Johnny to answer his questions, but it's clear that relying on a primary author resulted in a better-than-average Syngress title. (Harlan Carvey's Windows Forensic Analysis is another example of this phenomenon.)

I liked NTH. The book makes a good companion to titles like The Art of Deception and The Art of Intrusion by Kevin Mitnick, and The Art of the Steal by Frank Abagnale. (Mitnick wrote the foreword for NTH.) Johnny Long is a great author who knows how to tell a story in a captivating way. I agree with some of the criticism levied by previous reviewer Chris Gates about the badge story on p 24. If you aren't supposed to display a badge outdoors (true), and you aren't supposed to display it indoors (false), where do you display it? Maybe Johnny meant a badge-wearing employee should have noticed someone photographing her badge?

I dropped one star for two reasons, and could have dropped two stars if I didn't think Johnny Long is a great author otherwise. First, I was very disappointed to see 75 pages of Google Hacking reprinted as Ch 6 of NTH. The 285 page NTH would have been 210 without Ch 6, and definitely would not have merited the price on the back cover. This reprinting tendency is another Syngress problem.

Second, this book should have been published in color. A great deal of the book shows photographs or screen captures taken by the author while conducting penetration tests. The impact would have been much greater in color. Consider keeping the same price but removing Ch 6 and publishing in color next time. If Syngress has anything like a star author, it's Johnny Long. People attending his No Tech Hacking talks would snatch a color edition up without thinking twice. If you need a good example of a modern color security book, check out Security Data Visualization by Greg Conti, published by No Starch.

Overall, anyone who has some military experience in OPSEC (operational security) will recognize most of the vulnerabilities and exposures identified in NTH. If you need a way to teach your employees how to resist No Tech Hacking, this book is a great teaching tool.
0Comment20 of 20 people found this helpful. Was this review helpful to you?YesNoReport abuse
on March 12, 2008
Johnny Long has a great knack for taking what should be common sense observations on human vulnerabilities and making them unique, entertaining, and most importantly actionable. The book really seems to be a book to go along with his numerous "No Tech Hacking" talks he has given at several security conferences. If you want an example check out the 2007 Shmoocon Archives: [...]

Here are the chapters:

Dumpster Diving
Tailgating
Shoulder Surfing
Physical Security
Social Engineering with Jack Wiles
Google Hacking
P2P Hacking
People Watching
Kiosks
Vehicle Surveillance
Badge Surveillance
Epilogue

All of the chapters are pretty good, I particularly liked the Physical Security, P2P Hacking, and Kiosks (even though it was a short chapter). Again, a lot of what he talks about is common sense and taken from his talks he gives a security conferences. But it comes from a guy that gets paid to break into buildings for a living so you can trust the advice and situations to be pretty close to reality.

Things I liked about the book:
-The Physical Security section talks about defeating different types of locks and security systems. It was good relevant content with good advice on how to fix it. The Kiosk chapter talks a little bit about breaking out of Kiosks and information you can gather. Using P2P to look for sensitive documents is a good idea as well. Really all the chapters had valuable information in them. In plain words he sums up relevant and dangerous security issues that target the human element of security.
-The large font and lots of pictures make the book a quick read. I also like that there were pictures to go along with all the points he was trying to make. His "arrest me face" on page 95 is the best.
-The book is pretty much without typos and editing issues which says a lot for a syngress book.
-The book is useful for both technicians and managers, I feel like i can give the book to both the techies and management and have them both get something out of it.

Some things I didn't like about the book:
-The book has a slight condescending tone. I think this is the author's attempt to be funny, and in person I think he could have pulled it off. But in print it really comes across as a "you are dumb, so dumb I have to write a book about hacking you without technology to show you how dumb you are." It doesn't make the book "bad" its just annoying at times.
-The tailgating section (page 24) slams a person for wearing their badge INSIDE and says she is not security conscious. Why would you NOT where your badge inside? On one hand he complains about people not challenging him because of his fake badge or lack of a badge and then he says that wearing a badge inside is an opportunity for someone who sneaks in to take pictures of it, well guess what, they are already inside, there are other bigger issues now. In my opinion, badge on inside=good, badge on outside at lunch=bad.
-The book suffers a bit from the "Everything must be secure... damn the functionality" problem that a lot of security researchers and hard core security proposals suffer from. What I mean by all that is sometimes security people lose sight of why things are they way they are or the fact that changing the way things are done would hinder actually getting work done. The best example I can come up with from the book is his discussion of DoD decals on cars (in the vehicle surveillance chapter) and how they give away too much information. While not arguing his point on giving away information, I'd like to see his proposal for a better solution to access control on DoD bases. I'd also argue that oil change stickers showing where I got my oil changed (that may give you some information on where I live or work) are far less dangerous than that person just following me to home or work now that they have me and my car associated with one another.
0Comment25 of 26 people found this helpful. Was this review helpful to you?YesNoReport abuse
on December 6, 2010
Johnny takes us on a cook's tour through the basics of social engineering and a few other non-technical methods of compromising a target organization.

In most aspects, the coverage is distinctly superficial, barely scratching the surface. In the cover blurb, the author claims to be disclosing super-cool secrets but in reality the book falls well short of disclosing anything really novel.

Other common social engineering methods, for example the psychological manipulation techniques often described by Kevin Mitnick, phishing and many other types of frauds and scams perpetrated through a variety of communications media (email, phone, letter, FAX, SMS, even paper notes left on a windshield ...), are barely mentioned. The author doesn't explain the process of non-technical hacking very well, in other words the stages normally involved in identifying, researching and exploiting a target. That a social engineer or intruder would fear detection and would almost certainly have pre-planned a cover story and escape route, for example, is only vaguely hinted at.

As seems to be the way with Syngress books, the print quality is poor. Most of the monochromatic photographic images are dark and indistinct, barely good enough even to make out the fields that have not been deliberately blurred by the author.

The social engineering chapter has a different style to the rest of the book, which is not surprising given that it was written by Jack Wiles (who for some reason is not acknowledged as an author on the cover). Jack's contribution is above average so it's a shame he didn't collaborate with Johnny on the rest. Johnny's parts of the book are straightforward enough and appear accurate as far as they go. The writing style is informal throughout.

With so many photos in the book and a large font, the average page has only about 100 words, hence I was able to read the book cover-to-cover in about 4 hours. This is no heavyweight academic textbook, with hardly any actual references or even acknowledgments outside the hacking subculture.

It's hard to figure out to whom the book might appeal. It is too superficial to be of much value to actual non-tech hackers unless they are very new to the game, and it lacks the pragmatism and sound advice on countermeasures that would be of some worth to information security and risk management professionals. Maybe it would interest members of the general public, but again it expounds on the risks without really helping anyone counteract them.

Although the author ably describes some simple non-technical attack methods, it is a shame he doesn't present a more compelling call-to-action. Readers can and indeed should be more aware of, and ideally resistant to, the methods described. The book presents the basic information but doesn't really motivate readers to respond, leaving it rather flat.
22 comments11 of 11 people found this helpful. Was this review helpful to you?YesNoReport abuse
on April 8, 2008
Johnny Long's book, "No Tech Hacking," brings new attention to overlooked aspects of information security. In his book, Long reveals how simple threats can cause serious problems, even in organizations prepared for a Mission Impossible-style attack scenario.

Long recounts how he and his team of ethical hackers consistently access sensitive information with no special equipment or technical skills. In fact, Long reveals how the ordinary (coat hangers, hand towels, drinking straws, baby powder, and aluminum cans) can result in extraordinary breaches of organizational security.

Long shares real world stories and cell-phone photographs from his adventures in people watching, shoulder surfing, dumpster diving, and vehicle observation.

Long and his colleagues go to great, conspicuous lengths to collect non-public information. While their targets should notice almost all of their activities, most do not. The closest thing to a consequence or confrontation they encounter is a glare from an airline passenger.

Why isn't Long confronted when others observe him surreptitiously taking pictures? Some people don't like to confront an unfamiliar person or don't know whom to report their concerns to. Others are complacent and don't expect negative events to occur. Action invites risk: risk of an awkward or unwarranted accusation, that one won't be taken seriously, and possible personal embarrassment. Sometimes, people feel that the safest action is no action at all. Unfortunately, that feeling of security is deceptive.

Thankfully, Long offers useful advice. He recommends that companies should:

1. Provide incentives for reporting suspicious activities, and
2. Make the desired response well-known and easy-to-do.

To follow these recommendations, organizations need to ensure that everyone knows what information to disclose and what information requires protection. Foremost, all organizations should create policies for verifying the identity of anyone who requests non-public information and adequately train all employees to recognize these situations and take appropriate actions.

In the next edition, it would be great to see more of the practical tips (perhaps even a detailed checklist for each chapter) about what do to protect against these simple, but damaging, threats.

Summary: This is a useful book for creating and spreading awareness of important and often overlooked aspects of information security.
0Comment9 of 10 people found this helpful. Was this review helpful to you?YesNoReport abuse
on October 19, 2010
This is a fine book, no doubt about it. And it offers some interesting and much-needed alternative perspectives on security.

The book could have had one or two additional stars, but it lacks a caring editorial hand.
The book is obviously written by several authors, and lacks structure between the individual chapters, consistency in presentation and language.

Overall, each chapters are interesting but in some chapters the authors seem more motivated to show off how smart they are and desire to share the outcry over the information they can get near.
The authors appear more fascinated by their own achievements, however minor they may be (Hey look, I've found out that my fellow passenger is a soldier! - Hey look, I found a bill and it says how much something has cost) than to disseminate security threats and their significance

This book has the potential to be a fantastic eye-opener - a new classic in safety. But it fails and delivers petty smugness, instead of new thinking and inspiration.

I am looking forward to revision 2 - I am sure it will be great.
0Comment3 of 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on March 3, 2008
Johnny Long is keeping up with his reputation, I have read many of his articles and his book "Google Hacking" and must say I will add this to the list of great books for corporate higher-ups, system administrators and people whom are curious about things of this nature. I have read the first 1/4 and will say that very little of this requires any tech knowledge to understand (unless you decide to do research on the Van Eck phreaking, which is well worth its time). Requires little tech knowledge, easy to read, and suited for anyone who likes their data to remain their own, or would like to make someone else's data their own. would recommend it to anyone interested in security from a business perspective, not relating to computers.
0Comment7 of 9 people found this helpful. Was this review helpful to you?YesNoReport abuse
on January 9, 2011
This book is loaded with info that every sys/network admin needs to know. I just got through reading it and wish I would have read it sooner. I found several of the described physical security vulnerabilities in and around my data center. I've been a sys admin for many years. Because of my technical focus, the non-technical threats that were present in my IT environment got over looked. I'm now working to mitigate these issues that put my high tech security system at risk. I've invested countless hours and my company has invested thousands of dollars in building a layered security system. All these efforts could potentially leave us defenseless to the non-tech attacks described in this book. This book was published a few years ago but the info here is still valid because of the human element present in the IT infrastructure. I can't wait to read some more of Johnny Long's books!
0Comment1 of 1 people found this helpful. Was this review helpful to you?YesNoReport abuse
on January 5, 2012
First off the best part of this book is it is written in a funny and exciting way. This is not a boring book that will take you a month to get through but you will be drawn by the authors words and finish it quickly.

Second it's got some great concepts and is a very good beginning place. You are not going to learn deep technical methods, but you will get your mind thinking.

Since reading this book I have had several new "no tech hacking" events just pop up, because now my mind is seeing them.

Thank you for giving us this book cause I loved it!

Justin - Author of "A cop's guide to overcoming fear."
0CommentWas this review helpful to you?YesNoReport abuse
on March 21, 2008
Johnny Long does it again! This book is a scary read into the world of underground penetration testing. The different ideas he and his henchmen use to gain physical access into very secure buildings is scary and ingenious, especially the cloth on the hanger trick! This book is a very easy read! I sat down initially and read the first 40 pages before lunch! Go out and get this book, if it doesn't scare the hell outta you, then you either don't work in computer security, or you are a moron!
0Comment2 of 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on March 3, 2010
Very useful book, teaches a lot about being aware of your environment at all times and paying attention to details
as Johny Long takes you on an exciting adventure of different methods that can seem trivial at first glance, but will result in a lot of information gathering for the pen-tester, highly recommended.
0CommentWas this review helpful to you?YesNoReport abuse