Top critical review
11 of 11 people found this helpful
Falls flat on control advice
on December 6, 2010
Johnny takes us on a cook's tour through the basics of social engineering and a few other non-technical methods of compromising a target organization.
In most aspects, the coverage is distinctly superficial, barely scratching the surface. In the cover blurb, the author claims to be disclosing super-cool secrets but in reality the book falls well short of disclosing anything really novel.
Other common social engineering methods, for example the psychological manipulation techniques often described by Kevin Mitnick, phishing and many other types of frauds and scams perpetrated through a variety of communications media (email, phone, letter, FAX, SMS, even paper notes left on a windshield ...), are barely mentioned. The author doesn't explain the process of non-technical hacking very well, in other words the stages normally involved in identifying, researching and exploiting a target. That a social engineer or intruder would fear detection and would almost certainly have pre-planned a cover story and escape route, for example, is only vaguely hinted at.
As seems to be the way with Syngress books, the print quality is poor. Most of the monochromatic photographic images are dark and indistinct, barely good enough even to make out the fields that have not been deliberately blurred by the author.
The social engineering chapter has a different style to the rest of the book, which is not surprising given that it was written by Jack Wiles (who for some reason is not acknowledged as an author on the cover). Jack's contribution is above average so it's a shame he didn't collaborate with Johnny on the rest. Johnny's parts of the book are straightforward enough and appear accurate as far as they go. The writing style is informal throughout.
With so many photos in the book and a large font, the average page has only about 100 words, hence I was able to read the book cover-to-cover in about 4 hours. This is no heavyweight academic textbook, with hardly any actual references or even acknowledgments outside the hacking subculture.
It's hard to figure out to whom the book might appeal. It is too superficial to be of much value to actual non-tech hackers unless they are very new to the game, and it lacks the pragmatism and sound advice on countermeasures that would be of some worth to information security and risk management professionals. Maybe it would interest members of the general public, but again it expounds on the risks without really helping anyone counteract them.
Although the author ably describes some simple non-technical attack methods, it is a shame he doesn't present a more compelling call-to-action. Readers can and indeed should be more aware of, and ideally resistant to, the methods described. The book presents the basic information but doesn't really motivate readers to respond, leaving it rather flat.