The Art of Deception und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr


oder
Loggen Sie sich ein, um 1-Click® einzuschalten.
oder
Mit kostenloser Probeteilnahme bei Amazon Prime. Melden Sie sich während des Bestellvorgangs an.
Jetzt eintauschen
und EUR 1,15 Gutschein erhalten
Eintausch
Alle Angebote
Möchten Sie verkaufen? Hier verkaufen
Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden

 
Beginnen Sie mit dem Lesen von The Art of Deception auf Ihrem Kindle in weniger als einer Minute.

Sie haben keinen Kindle? Hier kaufen oder eine gratis Kindle Lese-App herunterladen.

The Art of Deception: Controlling the Human Element of Security [Englisch] [Taschenbuch]

Kevin D. Mitnick , William L. Simon , Steve Wozniak
3.3 von 5 Sternen  Alle Rezensionen anzeigen (3 Kundenrezensionen)
Preis: EUR 12,70 kostenlose Lieferung. Siehe Details.
  Alle Preisangaben inkl. MwSt.
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Nur noch 7 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon. Geschenkverpackung verfügbar.
Lieferung bis Montag, 4. August: Wählen Sie an der Kasse Morning-Express. Siehe Details.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 9,99  
Gebundene Ausgabe EUR 29,00  
Taschenbuch EUR 12,70  

Kurzbeschreibung

17. Oktober 2003
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

Hinweise und Aktionen

  • Studienbücher: Ob neu oder gebraucht, alle wichtigen Bücher für Ihr Studium finden Sie im großen Studium Special. Natürlich portofrei.

  • Amazon Trade-In: Tauschen Sie Ihre gebrauchten Bücher gegen einen Amazon.de Gutschein ein - wir übernehmen die Versandkosten. Mehr erfahren


Wird oft zusammen gekauft

The Art of Deception: Controlling the Human Element of Security + The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers + Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
Preis für alle drei: EUR 31,10

Die ausgewählten Artikel zusammen kaufen

Kunden, die diesen Artikel gekauft haben, kauften auch


Produktinformation

  • Taschenbuch: 368 Seiten
  • Verlag: John Wiley & Sons; Auflage: 1. Auflage (17. Oktober 2003)
  • Sprache: Englisch
  • ISBN-10: 076454280X
  • ISBN-13: 978-0764542800
  • Größe und/oder Gewicht: 23 x 15,2 x 2,5 cm
  • Durchschnittliche Kundenbewertung: 3.3 von 5 Sternen  Alle Rezensionen anzeigen (3 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 39.233 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Produktbeschreibungen

Amazon.de

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk -- Dieser Text bezieht sich auf eine andere Ausgabe: Gebundene Ausgabe .

Pressestimmen

"...a fascinating read..." (ForTean Times, June 2004)
"...a lot of interesting cautionary tales..." (New Scientist, January 2004)

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


In diesem Buch (Mehr dazu)
Einleitungssatz
a company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business. Lesen Sie die erste Seite
Mehr entdecken
Wortanzeiger
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis | Rückseite
Hier reinlesen und suchen:

Kundenrezensionen

3.3 von 5 Sternen
3.3 von 5 Sternen
Die hilfreichsten Kundenrezensionen
12 von 13 Kunden fanden die folgende Rezension hilfreich
Format:Gebundene Ausgabe
In seinem Buch "The Art of Deception" beschreibt Kevin D. Mitnick die Seite der Anwendungssicherheit, die nicht über Software geregelt (oder gestört) wird, sondern über das nicht zu kontrollierende Element Mensch.
Kevin verdeutlicht, daß mangelnde Sorgfalt, fehlende Unternehemens Policies im Umgang mit Kommunikation und Angst vor Fehlern seitens der Angestellten einem Unbefugten Zugriff auf Informationen ermöglichen, die er besser garnicht haben sollte.
Insgesamt ist das Buch sehr locker und informativ geschrieben und verfügt über genügend detailierte Beispiele um das, was Kevin vermitteln möchte, glaubhaft rüber zu bringen (Auch wenn man allgemein glauben möchte, dass der Amerikaner an sich eher etwas leichtgläubiger ist als ein Europäer, die geschilderten Fälle passieren in dieser Form überall auf der Welt).
Leider versteht Kevin es manchmal auch mit Beispielen etwas zu übetreiben und man fühlt, daß der Autor etwas auf der Stelle tritt. Als ungeduldiger Leser - der ich nunmal bin - neige ich hier und dort schon mal dazu "Es reicht, ich habe es verstanden" zu rufen.
Insgesamt ein gutes und informatives Buch, das gut zu lesen ist und Zugreisen, sowie Flüge, zu verkürzen versteht.
War diese Rezension für Sie hilfreich?
4 von 6 Kunden fanden die folgende Rezension hilfreich
1.0 von 5 Sternen A hugely boring book - not worth the money 20. Juni 2009
Format:Taschenbuch
I hugely enjoyed Mitnick's last book, The Art Of Intrusion, but this book by comparison is completely BORING. Mitnick just tells stories of people who conned companies and people over the phone and after a while, the stories get very boring and repetitive. Yeah, we get it Kevin - don't assume anything over the phone, and don't give out sensitive material to people you don't know. You don't need to bore us to death with 350 pages just to get those two central points across.

Avoid this book - unless you're looking for a strong sedative to put you to sleep at night.
War diese Rezension für Sie hilfreich?
0 von 1 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Wenn man sehen will 17. Juni 2014
Format:Gebundene Ausgabe
wie man eine komplett erfundene Story zum Bestseller machen kann, dann ist das ein gutes, ein sehr gutes Beispiel.

Sieht mir eher aus wie eine CIA-Hollywood-Operation um uns zu erklären, wie Hacker funktionieren.

Totale Scheiße!
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.2 von 5 Sternen  183 Rezensionen
64 von 67 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Interesting cons, but repetitive and ego-trippy 24. März 2006
Von Luke Meyers - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
Mitnick has his own reputation to live up to with this book, which sets a pretty high bar for the audience who knows him as the "World's Most Notorious Hacker." Unfortunately, while he knows the material cold, his skills as an author are less stellar.

The vignettes describing various cons are, in the large, very entertaining. They're fictionalized, and sometimes the dialogue feels artificial. This book is supposed to convince us how easily people are victimized by social engineers. When the victim's dialogue plays too obviously into the con man's hands (for the purpose of illustrating the point relevant to the enclosing chapter/section), this goal is to some extent defeated. It's too easy to read unnatural dialogue and use that as an excuse to tell oneself, "I don't have to worry about that sort of attack -- I'm not that dumb!" More effort could have been expended in fictionalizing these scenarios without making them so difficult to relate to. Seeing how a con is performed is kind of like learning how a magic trick works -- it holds a similar fascination. Imagine seeing an amazing magic trick performed on television, wondering how it was possibly accomplished, and then learning that the trick was all in the video editing. That really sucks the fun out of the magic -- analogously, when the "trick" in one of these cons is just that the victim does something obviously stupid at just the right moment, the believability and enjoyment are damaged.

Despite what I've said, the cons are definitely enjoyable to read and do offer some genuine insights. Not all suffer from believability problems. However, the supporting material discussing these scenarios is pretty weak. There's a rigid format ("Analyzing the con," "Preventing the con," etc.) which leads the author to repeat the same points over and over again with very little variation, at times seemingly just to fit the format. The purpose of all this material is to give useful security recommendations and proper motivation for following them. The recommendations are on-target, but repeated ad nauseum.

The descriptions of social engineers also suffer from a tendency to stroke the author's own ego -- the bigger the con, the thicker the language about how smart, handsome, and clever the con man is. I'd like to be convinced by facts, not hyperbole.

I think this would really have worked better as two books, for two different audiences. One for entertainment, to read about all the cons and how they work, to get a little history of social engineering. And one for serious security discussion. The blend of the two leads to a schizoid work that's simply mediocre.
62 von 68 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Interesting & timely about the dangers of social engineering 15. Oktober 2002
Von Ben Rothke - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
Kevin Mitnick says "the term 'social engineering' is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole for them to slip through." It's suitable that Mitnick, once vilified for his cracking exploits, has written a book about the human element of social engineering - that most subtle of information security threats.
Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption.
The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering.
Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information.
The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios. At the end of each chapter, the book analyzes what went wrong and how the attack could have been prevented.
The book is quite absorbing and makes for fascinating reading. With chapter titles such as The Direct Attack; Just Asking for it; the Reverse Sting; and Using Sympathy, Guilt and Intimidation, readers will find the narratives interesting, and often they relate to daily life at work.
Fourteen of the 16 chapters give examples of social engineering covering many different corporate sectors, including financial, manufacturing, medical, and legal. Mitnick notes that while companies are busy rolling out firewalls and other security paraphernalia, there are often unaware of the threats of social engineering. The menace of social engineering is that it does not take any deep technical skills - no protocol decoders, no kernel recompiling, no port scans - just some smooth talk and a little confidence.
Most of the stories in the book detail elementary social engineering escapades, but chapter 14 details one particularly nasty story where a social engineer showed up on-site at a robotics company. With some glib talk, combined with some drinks at a fancy restaurant, he ultimately was able to get all of the design specifications for a leading-edge product.
In order for an organization to develop a successful training program against the threats of social engineering, they must understand why people are vulnerable to attack in the first place. Chapter 15 explains of how attackers take advantage of human nature. Only by identifying and understanding these tendencies (namely, Authority, Liking, Reciprocation, Consistency, Social Validation, and Scarcity), can companies ensure employees understand why social engineers can manipulate us all.
After more than 200 pages of horror stories, Part 4 (Chapters 15 and 16) details the need for information security awareness and training. But even with 100 pages of security policies and procedures (much of it based on ideas from Charles Cresson Wood's seminal book Information Security Policies Made Easy) the truth is that nothing in Mitnick's security advice is revolutionary - it's information security 101. Namely, educate end-users to the risks and threats of non-technical attacks.
While there are many books on nearly every aspect of information security, The Art of Deception is one of the first (Bruce Schneier's Secrets and Lies being another) to deal with the human aspect of security; a topic that has long been neglected. For too long, corporate America has been fixated with cryptographic key lengths, and not focused enough on the human element of security.
From a management perspective, The Art of Deception: Controlling the Human Element of Security should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature.
23 von 25 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Great Book for Stopping Hackers and Social Engineers! 15. Oktober 2002
Von Erica Phillipson (Hawaii) - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe|Verifizierter Kauf
Now that Kevin Mitnick is out of prison he has written "The Art of Deception". I rate this book as four stars. Has good insight regarding how Kevin was able to gain large company employee's trust by using social engineering methods. He gives great examples of how he would simply use a telephone to gain user id's and passwords, even from high tech security departments.
Most employee's don't think they are allowed to say 'no' to giving out information over the phone or email in the name of great customer service. There may be company policies but they 'still try to do the right thing' to help a co-worker regain access to the system, when in fact the person is a hacker.
Many solutions are offered to help small and large companies balance the choice of customer service over security and trust. One funny chapter was how Mr. Mitnick's used the same social engineering methods in prison to get additional phone calls, better food, and increase family visits. Classic... He didn't stop even in prison.
I recommend this book.
18 von 19 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Great book that shows what is possible! 31. Oktober 2002
Von Dr Anton Chuvakin - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
I waited for the book of the famous hacker Kevin Mitnick for a long
time, checking my mailbox every day after my pre-order was
completed. The book was almost worth the wait!
Its a fun book with lots of entertaining and education stories on what
is possible by means of social engineering attacks. The characters
clearly push the limits of this "human technology".
One of the articles I have read on the book called it "Kevin Mitnick's
Latest Deception" due to his downplaying of technology security
controls and emphasizing people skills and weaknesses. However, the
human weaknesses do nullify the strengths of technology defenses and
humans are much harder to "harden" than UNIX machines.
The attack side is stronger in the book than the defense side,
naturally following from the author's background. However, there are
some great defense resource on policy design, awareness and needed
vigilance. However, there is this "minor" issues with defense against
social engineering: one of the definitions called it a "hacker's
clever manipulation of the natural human tendency to trust". The word
"natural" is key; if we are to believe the definition, all defenses
against social engineering will be going against _nature_ and, as a
result, will be ineffective for most environments. Author also
advocates social engineering penetration testing, which appears to be
the best way to prepare for such attacks. Security awareness, while
needed, will get you so far.
The book's stories show examples of hackers defeating firewalls,
passwords, token and two-factor authentication systems, multi-layer
defense, financial institutions security, armed guards and many other
commonly believed to be effective security controls. While some of the
stories first seem to defy common sense, upon more detailed
investigation there are clearly believable. Dialogs, stories,
situations are described with terrifying reality behind them: "So what is the money transfer code for today? - Its this-and-that..." Social
engineers bravely attack and conquer on the pages of this great book!
The book will give lots of ideas to those involved in penetration
testing. Using the book, it is possible to extract a structure of a
successful attack, gather some target selection criteria, learn how to
combine social and technical attacks and then use it for the
pentesting.
The biggest shortcoming of the book is that it has no "attack HOWTO"
part. It has zero content on developing, improving and polishing the
social engineering skills. While it might seem that natural ability is
all it takes, the author _knows_ that there are methods to develop
social engineering skills, but chose not to disclose them and I regret
his decision to withhold such information.
Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. In his spare time he maintains his
security portal info-secure.org
28 von 32 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Amazing! This book will make you think 9. Oktober 2002
Von Ein Kunde - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
I went into this book thinking I knew a fair amount about security in general. You know, don't leave your network password on a post-it on your bulletin board, be aware of strangers in your office, that kind of thing. Then, I finished reading the book, and realized that it challenged all the assumptions that I had about the way I react in these situations. Mitnick's right - we as human beings are conditioned to be polite and trusting, and as horrible as it seems, that's not always right. But you don't have to become nasty and distrustful, just aware. That's what this book is talking about. The examples are wonderful - they really do read like a mystery thriller. And the advice is really sound. It doesn't mention it here, but there is a great flowchart in the back of the book that I've copied for everyone in my office. It details what to do if someone calls you for information that you are not sure they need or should be getting. All in all, The Art of Deception is a must read for many of us.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden


Ihr Kommentar