Other Sellers on Amazon
+ Free Shipping
+ $3.99 shipping
+ $3.99 shipping
The Art of Deception: Controlling the Human Element of Security Paperback – October 17, 2003
Explore your book, then jump right back to where you left off with Page Flip.
View high quality images that let you zoom in to take a closer look.
Enjoy features only possible in digital – start reading right away, carry your library with you, adjust the font, create shareable notes and highlights, and more.
Discover additional details about the events, people, and places in your book, with Wikipedia integration.
Ask Alexa to read your book with Audible integration or text-to-speech.
"Manage Your Day-to-Day" by 99U
Stop doing busywork. Start doing your best work. | Learn more
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Frequently bought together
"...a lot of interesting cautionary tales..." (New Scientist, January 2004)
- Publisher : Wiley; 1st edition (October 17, 2003)
- Language : English
- Paperback : 368 pages
- ISBN-10 : 076454280X
- ISBN-13 : 978-0764542800
- Item Weight : 15.4 ounces
- Dimensions : 6 x 1 x 9 inches
- Best Sellers Rank: #30,671 in Books (See Top 100 in Books)
- Customer Reviews:
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
All the firewalls and software can't prevent a social engineer from getting in if he/she knows justs how to act and/or what to say to get what they want. Reading the scenarios really opened my eyes. Theres a scenario where a social engineer pretended to be a manager of a video store. After enough talking to another employee at another branch, the social engineer was able to get enough information to obtain the credit card # of someone who owed money to the client the social engineer was hired by.
In reading the scenarios, I'd seen examples where I'd asked for the type of information described for perfectly legitimate reasons. I'd never imagined how someone could take just 1 or 2 pieces of information and create chaos for a person or a company. If you're in the IT industry, or work in any kind of customer service, you really need to pick up this book. This book doesn't bash people for being as helpful as they can be (team player, etc). He's just saying to be more aware of what's going on and when giving out any kind of information, being a little cautious doesn't hurt. As humans, we're not perfect to begin with, but a little awareness will make it just a little harder for that social engineer to get what they want.
This book illustrates various techniques for bypassing established corporate physical and information security security policies. I have actually inadvertently used some of these techniques when troubleshooting network issues or having forgotten my passcard to gain access to systems and rooms. It is often easier to bypass the rules than to go through the steps needed to obtain proper access and people are surprisingly willing to cooperate "just this one time".
This book will help you sensitize your employees to the risks of bypassing security policy and recognize when this might be occurring.
Top reviews from other countries
However, I am glad that I did; the book highlights the methods used to gain illegal access to sites, systems and processes. These can be used by the astute security professional to understand how hackers think and to than be able to consider their options for improving their own security.
Security is not a destination, it is a journey. No matter how good a job you do, someone will find a way to get around the most hardened of processes. It is necessary to constantly question if the specific process that you have introduced are working and if they are doing the job that you think they should. Books like this reveal just how important it is to be able to take that outsider's view to ensure that you do not become one of the victims.
It's a very readable book and I feel that it should be read by anyone involved at any level in the field of IT security.
I found this book very disappointing. After listening to an interview with the author, I was interested in learning more about his hacker background, and techniques he used to gain access to computer systems. As his new book is so excessively priced, I settled for a used copy of this, his earlier book.
At first it held my interest, as it describes how access to computer systems is gained by "social engineering" - posing as a company employee from one department, when phoning another department & extracting access infromation from employees like receptionists etc. who trust that you are genuine. It helps to be able to name drop managers' names too. He even persuades systems administrators to set him up with a "guest" account by posing as a visitor from another installation, within the same company.
Fascinating in as far as it went, but that's where it stopped. Subsequent episodes were all variations on the same theme, and soon I got bored with reading the same stuff over and over again, especially as each episode was also followed by an analysis of how it was done (not needed really, it was self-evident) and then recommendations on how to avoid being compromised by this kind of hack. So all this was repeated time and time again also.
The only time it raised a smile was when he talks about running a password harvesting program on a dumb terminal. This is a relatively simple hack which, as a college teacher of I.T. I was able to demonstrate to students on our Unix system, so the author brought back interesting memories.
I have a lot of respect for his chutzpah and nerve in carrying through what he did, and also his skill in penetrating systems, but am far less impressed by his ability as a writer. The book is heading for the charity (thrift) shop.
Kevin was what the movie's Hackers 1/2 was based on and this really does take you through his early life and how easy it was back then to get details of passwords and accounts etc. But also teaches of ways to counter also.
Overall I really enjoyed the book and often mention it in conversation about how social engineering can be used.