The Art of Deception

determinedgerman

A couple of days ago I decided to go through all of the security forums on techexams.net to get the best links and see what else I have missed.
I found some very interesting posts and some were talking about Kevin Mitnick.
I had never heard of Kevin Mitnick before and the books got good reviews from a lot of people on here so I decided to order both:

The Art of Deception and The Art of Intrusion

I have read The Art of Deception and I am impressed. I would have never in my dreams thought about Social Engineering being such a big thing. I have only started looking into the security field a couple month ago and have finally found what I want to do. As soon as I am done writing this post I am going to start The Art of Intrusion. If it is only half as interesting as The Art of Deception than it was worth buying those two books. After I was done reading the book and thought about all the different places I have worked and how much information we have given out I am really intereseted if we have ever given out information to a Social Engineer.

Thank you for receommending the books! I think people should recommend books like that more often on here (Oprah, no punt intended)!

Here I guess comes the question that I have actually had. Who has ever been in a situation where a user actually had been confronted by a Social Engineer? (if it was discovered). All of you that worked in the security field for a while. How many instances have you had reports about attempts to get information?

Thanks,

Mike

keatron

Both of those books are very good indeed. I read them last year or the year before.

JDMurray

The Art of Intrusion came out around this time last year. I went to a book signing and lecture by Mitnick at a Borders Books & Music in Torrance, CA and got my copy signed by him. He's a very intelligent, professional, and entertaining guy.

Mitnick and his buddy Steve Wozniak are guests in the current TWiT (This Week in Tech) podcast with Leo Laporte. http://thisweekintech.com/

wirerat

I have the Mitnick books, but haven't read them yet. Glad to know they are going to be a good read. I absolutely recommend these three books:

Stealing the Network: How To Own the Box
Stealing the Network: How To Own a Continent
Stealing the Network: How To Own an Identity

I could not stop reading these books once I started on the first one. You can read them seperately, but it is very interesting to read them in the order I have listed.

KGhaleon

A lot of companies are getting cautious with things such as social engineering. I've been to a lot of companies, and most people you talk to treat you like an outsider and refuse to answer anything they don't want to or feel they should. I've applied at places like the sheriff's department, where you can't talk to anyone without giving some sort of ID and stating why your there.

It can be bothersome at times.

I was at lockheed the other day and you could tell that most of the people there were highly trained individuals who knew what they were doing. Being behind those walls felt like a prison...security can be a scary thing.

KG

keatron

I own the stealing the network series too. My favorite by far is how to own continent. These books give you good "what if" scenarios for lecture purposes. Concerning the CISSP and the CBK you can easily identify break downs in all 10 of the domains in this story.

Opi

Maybe we can all post information about good security related books that are readworthly?

Greetz

Sie

Have read both and think they are good books, makes you think of security in ways you hadn't before.

Well worth reading for security concious admins

Ten9t6

I have only read: The Art of Deception .....I plan on getting the other one sometime...

I agree, The Art of Deception, is a really good book.

Kenny