About book The Art Of Intrusion: The Real Stories Behind The Exploits Of Hackers, Intruders & Deceivers (2006)
The adage is true that the security systems have to win every time, the attacker only has to win once. – Dustin Dykes Art of Intrusion by Kevin D. Mitnick, the legendary cyber desperado turned computer security consultant, is a compilation of security related case studies presented as fascinating anecdotes or techno-thriller stories, which explains some of the real-life methodologies and exploits that are employed in computer break-ins and cyber crimes. What makes these stories valuable is the fact that instead of writing fictitious accounts of cyber crimes to illustrate each threat these anecdotes are a result of the interviews that Mitnick and his co-author William L. Simon conducts with former hackers, phone phreaks and hacker turned cyber security specialists. Through Art of Intrusion, Kevin Mitnick attempts to make the reader aware of the common threats in the cyber domain and give him insights on counter-measures that can be employed against these threats. Mitnick describes this goal in the acknowledgement section of Art of Intrusion. We wanted to write a book that would be both a crime thriller and an eye-opening guide to helping businesses protect their valuable information and computing resources. We strongly believe that by disclosing the common methodologies and techniques used by hackers to break into systems and networks, we can influence the community at large to adequately address these risks and threats posed by savvy adversaries.Each of the scenarios that Mitnick presents are detailed with insider information on real-life descriptions and methods of breaching security and at times getting pretty technical. The Insights and Countermeasures section that follows each anecdote will provide the reader with essential tips on preventing such attacks. Each of the exploits and the related anecdotes that are discussed in this book adds to the arsenal of a Security/ Information Security professional, as it will give him a change of perspective about the ingenuity shown by the attacker. It can help the security professional in cultivating an attitude of resolve and to shed the dangerous lethargy of overconfidence. Some of the technical aspects of these exploits that Mitnick discusses in this book may be outdated and software or hardware vulnerabilities that are taken advantage of are patched and made secure from the current viewpoint – not surprising since these incidences are from pre 2006 – but there is one true lesson that every information security professional can take from this book; those who try to breach any system will continue to do so by discovering brand new vulnerabilities and crafty methods to exploit those weaknesses. Learning this mindset will make him prepared and able to cope with cyber crimes and much of the concepts are still relevant, especially those that exploit the human trust to perform a security breach.This book is recommended for anyone with an interest in information security, corporate security and law enforcement. Since the contents can be a bit technical, having some background in the information security arena is desired, else the book may seem confusing or even hard to follow.
First of all this book is very old. Newest OS mentioned was, I suppose, Windows XP, and as I remember - only once. Rest of stories was about hacking much, much older computers. But on the other hand some things do not change, and reading about may learn us about mistakes - as it are human mistakes. But here comes "but". For me, as an IT guy, and not even spec of web, it was extremely hard to read all this explanations for "normal" people. It was just so boring, and so long, and so obvious... Only two last chapters, where there were no explanation, because of "complication level", was readable. I of course understand that it is technical language and not everybody must to know them, and that it has to be added to get more readers, but it is my subjective opinion - it was just hard to force myself to read it.Third thing was very annoying. Especially at the end of the book, there started to write "example is in my previous book", "this was explained in my previous book", and all this "it is same thing I done when (...) described in my first book". Come on! Not every body read your book, not everyone needs to remember it if they read, some people do not know you, and didn't know your previous book! I've never seen such author behaviour, and I thing it is just pathetic. Please have respect to the reader!Also maybe not everybody knows the lesson what comes from the book, but I did. So nothing new and exciting there.So in short: If you are an IT guy - you may read this, but prepare for suffering! Non It guys - sorry I'm not one of you so I do not know.
Do You like book The Art Of Intrusion: The Real Stories Behind The Exploits Of Hackers, Intruders & Deceivers (2006)?
This was an interesting book that reminds you, in several different ways, of the importance of defense in depth. A few of the attacks were vague (as warned of by the author who collated the tales), and others just lacked relevant technical details. For example, "the outfit was running a Sun workstation, which is familiar ground for every hacker." - which type of hardware? What was the OS level? Was it unpatched? Still, the stories were entertaining.My biggest gripe with the book was the lack of date ranges. The book was published in 2004, so I know they're all older than that - but with very few exceptions, I didn't know if an individual tale was taking place in 1992 or 2002. This makes a difference for understanding what types of attacks were being used and how relevant such an attack would still be today.An overall fun read - not condescending to technical readers, but also provides details on the subject matter for a non expert. My friends and I did get some pretty good discussions out of a few of the stories.
—Valerie
(3.0) Good but Mitnick gets way too much in the wayMitnick walks us through a few self-reported hacks from other hackers. Some are interesting. I actually thought the first one about slot machines was the coolest. The others Mitnick tries to insert himself, his crimes, his books and website WAY too much. It felt pretty dirty and self-promoting, especially for a book that's really not supposed to be about him.I also found it a bit inconsistent that he ostensibly spends thought and time devoted to telling people how to prevent these attacks from working on them...but he's clearly telling the stories from the perspective of a hacker. He refers to them "unfortunately" getting caught. He reminds us never to trespass from our own home: always do it from a library or coffee shop where the IP will be difficult to tie back to you. He spends a fair amount of time defending the hackers who got the book thrown at them when they were white-hat hacking (or mostly...they were trespassing but handed over the information to the victims instead of stealing/defacing).I might read his new one, but that one actually WILL be about Mitnick, so I can sort of imagine how it's going to feel. Next stop: Ego City.
—Brian
Very interesting stories but very heavy computer jargon. Ranging from hacking casinos to children helping terrorists, these hackers' tales would likely be hits on the big screen. The only problem with this book is that the author's target audience is a somewhat-seasoned computer user with knowledge of basic computer science.An ordinary reader with no technological background would probably end up skimming a fourth of the book and still enjoy it, just not as well. If you're one of those people that wants to "digest" every section of every chapter, then I would advise against this book; if you don't mind skipping a paragraph every few paragraphs, then it will be worth it.A great read, just heavy jargon.
—Armand
