Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent.
Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
©2003 Kevin D. Mitnick; (P)2009 Audible, Inc.
This is the first book I have ever stopped listening to before finishing. The narrator was just soooo boring - it was like he was reading a text book.
I did read his other book Ghost in the Wires and it was fantastic - in fact that's the reason I decided to buy this book.
He was very, very monotone and boring. No excitement or inflection in his voice at points where there clearly should have been.
Yes - listen to a different book - any other book.
It's too bad they didn't use the same narrator from Ghost in the Wires - that narrator really had Mitnick down pat.
This book is a fun read (listen) with story after story mostly about how people get tricked into giving up passwords or dial up modem numbers. Some of the tricks would still work, but most would not in modern enterprises. This book does not come close to fully describing a modern threat landscape. I work in InfoSec, and found this to be an excellent history lesson, with a few instances and situations where the human element of security threats still exist, such as the types of scams run to gain physical access.
No, it's more text book than a story and I was hoping for a bit more charm. I had previously listened to 'Ghost In The Wires' by Kevin Mitnick and enjoyed it quite a bit. I had hoped that this book would be just as enjoyable but that wasn't the case. It's not without its merits thought and some people may find the straightforward nature more helpful.
Fine, more straightforward, if you're in security it's definitely worth reading otherwise I'd read Ghost In The Wires since they're basically the same book.
I found the narrator a bit condescending.
I'm not sure what the previous reviewers were looking for in this book, as an IS & Audit specialist I found this book thought provoking and entertaining. It really opened my eyes to the power of social engineering and made me see that I was not only prone to being a victim, but a perpertrator of such activity.
Recommended reading for anyone in an IS role or looking to gain insight into how the other half use their social skills to get around hardened security measures, highly engineered processes and even armed guards.
This material is dated and the narrator doesn't pronounce many of the terms correctly. DEC is simply stated as deck. You don't spell out the characters. There were other words that were not pronounced correctly.
On Stranger Tides
Save your credit or money for Kevin Mittnick's other book, Ghost in the Wires. A much better book and highly recommended.
You can read the entire book here: Two decades ago you could call people at work, claim to be someone else, ask for their help, and with a little piece of information trick someone else to get their secrets. Everything is about the phone and "hacking" phone lines, with no technical explanations. Oh, and there is some good advice on not downloading unusual email attachments. Once you hear the first two hours, you've heard it all. I returned it after 6 hours.
Mitnik did a solid job of laying out how scoundrels can work their way into your IT systems for malevolent purposes. Amazingly, most of the techniques involve cracking the "people" rather than cracking the "code."
First of all, change the narrator. Boring.
I think the premise in this book was captured better in his other book, Ghost in the Wires. This is more of a textbook version, without all the drama of the biography.
No, although Ghost in the Wires could be.
If you are interested in Kevin Mitnick's story and want the entertaining version, read "Ghost in the Wires". This book is good, but more specific to the needs of a company trying to prevent the types of attacks Kevin did back in the day. I read this second and don't have a role in the company's security, so this book was a let down. Not because it isn't a good book, just not what I needed. Great book as a manual for security!
Much of what is discussed was fine...for 2002. I loved "Ghost in the Wires" and many, if not most of the anecdotes in this book were also used in "Ghost". "Ghost in the Wires" was far more entertaining and relayed much of the same information.
"interesting but repetitive..."
I was expecting more from this book but I have a background in IT Security and maybe that clouded my judgement. The target audience is not the InfoSec community but middle management.
The books contained many simplistic examples, with a few teases of information around potential social engineering resources (mainly US examples) but started to get very repetitive offering only high level solutions (e.g. have a security policy).
My advice - Once you've read the first few chapters you can put this book down and get on with your life. The book serves a purpose to highlight to the clueless how easily you can be convinced to part with information but I would imagine it would start to feel like a broken record to most readers.
"Same story but in a very generic presentation,."
Didn't finish it but it has the same story as 'Ghost in the Wires' but given in a less detailed business like factual way. only for IT Managers.
Report Inappropriate Content