Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent.
Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
©2003 Kevin D. Mitnick; (P)2009 Audible, Inc.
This is the first book I have ever stopped listening to before finishing. The narrator was just soooo boring - it was like he was reading a text book.
I did read his other book Ghost in the Wires and it was fantastic - in fact that's the reason I decided to buy this book.
He was very, very monotone and boring. No excitement or inflection in his voice at points where there clearly should have been.
Yes - listen to a different book - any other book.
It's too bad they didn't use the same narrator from Ghost in the Wires - that narrator really had Mitnick down pat.
This book is a fun read (listen) with story after story mostly about how people get tricked into giving up passwords or dial up modem numbers. Some of the tricks would still work, but most would not in modern enterprises. This book does not come close to fully describing a modern threat landscape. I work in InfoSec, and found this to be an excellent history lesson, with a few instances and situations where the human element of security threats still exist, such as the types of scams run to gain physical access.
No, it's more text book than a story and I was hoping for a bit more charm. I had previously listened to 'Ghost In The Wires' by Kevin Mitnick and enjoyed it quite a bit. I had hoped that this book would be just as enjoyable but that wasn't the case. It's not without its merits thought and some people may find the straightforward nature more helpful.
Fine, more straightforward, if you're in security it's definitely worth reading otherwise I'd read Ghost In The Wires since they're basically the same book.
I found the narrator a bit condescending.
I'm not sure what the previous reviewers were looking for in this book, as an IS & Audit specialist I found this book thought provoking and entertaining. It really opened my eyes to the power of social engineering and made me see that I was not only prone to being a victim, but a perpertrator of such activity.
Recommended reading for anyone in an IS role or looking to gain insight into how the other half use their social skills to get around hardened security measures, highly engineered processes and even armed guards.
You can read the entire book here: Two decades ago you could call people at work, claim to be someone else, ask for their help, and with a little piece of information trick someone else to get their secrets. Everything is about the phone and "hacking" phone lines, with no technical explanations. Oh, and there is some good advice on not downloading unusual email attachments. Once you hear the first two hours, you've heard it all. I returned it after 6 hours.
This material is dated and the narrator doesn't pronounce many of the terms correctly. DEC is simply stated as deck. You don't spell out the characters. There were other words that were not pronounced correctly.
On Stranger Tides
Save your credit or money for Kevin Mittnick's other book, Ghost in the Wires. A much better book and highly recommended.
Mitnik did a solid job of laying out how scoundrels can work their way into your IT systems for malevolent purposes. Amazingly, most of the techniques involve cracking the "people" rather than cracking the "code."
Most security focuses on making the system "un-hackable" by invasive programmers. That is NOT the biggest problem! It makes no difference how the door is barred ... because your own people will unknowingly let the enemy inside.
This book tells how the enemy does it. Corporations especially won't want to know that smart technology cannot overcome the human element. :) The book explains how only well-prepared people can keep the most damaging predators at bay.
I just could not get into this book like I did Ghost in the wires, i listened to it twice and the second time wasnt any easier than the first, Its hard to explain
The accounts given in this book are pretty amazing - they closely resemble the accounts given in Mitnick's "Ghost in the Wires", which are also interesting. The main point of this book, however, is that no organization with human beings as members is ever completely safe. While it lists numerous ways to help mitigate some of the issues, we're still never going to be able to secure anything completely.
"interesting but repetitive..."
I was expecting more from this book but I have a background in IT Security and maybe that clouded my judgement. The target audience is not the InfoSec community but middle management.
The books contained many simplistic examples, with a few teases of information around potential social engineering resources (mainly US examples) but started to get very repetitive offering only high level solutions (e.g. have a security policy).
My advice - Once you've read the first few chapters you can put this book down and get on with your life. The book serves a purpose to highlight to the clueless how easily you can be convinced to part with information but I would imagine it would start to feel like a broken record to most readers.
"Same story but in a very generic presentation,."
Didn't finish it but it has the same story as 'Ghost in the Wires' but given in a less detailed business like factual way. only for IT Managers.
There are no listener reviews for this title yet.
Report Inappropriate Content