To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
( NB The author is Kevin Mitnick, despite Amazon's "all my reviews" showing it to be Steve Wozniak, Steve Jobs' partner in founding Apple. Woz merely wrote the foreword. )
I found this book very disappointing. After listening to an interview with the author, I was interested in learning more about his hacker background, and techniques he used to gain access to computer systems. As his new book is so excessively priced, I settled for a used copy of this, his earlier book.
At first it held my interest, as it describes how access to computer systems is gained by "social engineering" - posing as a company employee from one department, when phoning another department & extracting access infromation from employees like receptionists etc. who trust that you are genuine. It helps to be able to name drop managers' names too. He even persuades systems administrators to set him up with a "guest" account by posing as a visitor from another installation, within the same company.
Fascinating in as far as it went, but that's where it stopped. Subsequent episodes were all variations on the same theme, and soon I got bored with reading the same stuff over and over again, especially as each episode was also followed by an analysis of how it was done (not needed really, it was self-evident) and then recommendations on how to avoid being compromised by this kind of hack. So all this was repeated time and time again also.
The only time it raised a smile was when he talks about running a password harvesting program on a dumb terminal. This is a relatively simple hack which, as a college teacher of I.T. I was able to demonstrate to students on our Unix system, so the author brought back interesting memories.
I have a lot of respect for his chutzpah and nerve in carrying through what he did, and also his skill in penetrating systems, but am far less impressed by his ability as a writer. The book is heading for the charity (thrift) shop.
I bought this having thoroughly enjoyed Mitnick's "Ghost in the Wires", but it fell short of the original standard. My overall impression was that this book simply capitalised on Mitnick's reputation based on his "notoriety" and his previous literary success. I found myself skipping large chunks of it, but maybe the book would be useful as a checklist or reminder for those who work directly with internet security issues. Mitnick's "Ghost in the Wires" taught me a lot; this one added little more.
The stories told by Mitnick in this book are very entertaining to read, but I do think that businesses today (certainly enterprises) have done a lot of work in countering practices described by Mitnick. After a story, there is always an explanation of the con and what you can do about it (which is usually not much). These comments are very obvious most of the time. So of the 368 pages, there are about 200 that are an entertaining read. The last chapter covers how you can improve the security (and security procedures) of your company. Again, some are obvious, some of these notes are already widely implemented today. I must agree with another reviewer, the book hasn't aged well.
I'm sure that when this was first released, there were a number of surprises and good advice in there, but the book is badly out of date now.
There are references to dial-up modems, backing up the database to floppy disk, a memory stick which can store 32MB etc. which just seem quaint these days.
I'm also not convinced that many of the examples would hold true today - people are more alert and aware of possible scams which they are opening themselves to. The examples given have been fictionalised, so they don't really impress much - if they revealed some of the company names, then it might be more impressive. As it stands, a series of examples of a fictional person ringing a fictional receptionist in a fictional company and getting her to fax the information to him just serves to bore by the end of the book.
Like many other reviewers here I disliked the "tone" of the book. Granted, it is clearly written for the American market, but because a lot of the "examples" are fictional, it's hard to empathise. What you notice very quickly is that the book is written for the most basic audience. If you don't know what a trojan is or what a root user is, then maybe you'll learn something. Other than that, the techniques repeat themselves and some of the examples are hopelessly out of date ie. I can't use the internet because I'm on the phone and it's a dial-up connection! Take this book as a basic explanation of social engineering techniques, and some countermeasures, but nothing more.
Kevin Mitnick, it seems, has a tenuous grasp of morality: he argues (p.xii & p.83) that it's OK to steal someone else's property if you're motivated by curiosity and your intentions are benign. I confess that I'm less comfortable with the idea of breaking in to someone's computer system and "snaring copies of files" or "searching emails for passwords" and, I suppose, that's why I think Mitnick's claim to be "a changed person" lacks credibility.
That's not to say that there's nothing to learn from The Art of Deception - far from it - only that the reality is that the book is almost certainly of more use to grifters and conmen rather than "governments, businesses, and individuals" (p.xiii). Throughout, Mitnick provides society's dishonest with templates for deceiving the unwary and his advice for preventing, detecting, and responding to information-security threats never really exceeds a, remain vigilant at all times message. Of course, security awareness among employees and individuals is a good thing, but it hardly needs 352 pages to convey such a message. Given Mitnick's rather childish style, endlessly recycled scenarios, unworkable procedures, and simplistic message, The Art of Deception is probably two-hundred pages too long!
If you really must revel in the gullibility of the masses, I suppose that you might enjoy this book. However, if you're serious about security, try Bruce Schneier's, Schneier On Security or Secrets and Lies.