Joined: 01 Sep 2004
|Posted: Mon Jun 13, 2005 1:01 am Post subject: Book Review - The Art of Intrusion
The Art of Intrusion - The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
Author(s): Kevin D. Mitnick (and William L. Simon)
Publisher: WILEY http://www.wiley.com
Date Published: 2005
Book Specifications: Hardcover, 270 pages
Category: Computer Security
Publisher's Suggested User Level: All
Reviewer's Recommended User Level: All
Suggested Publisher Price: £17.99 UK
Amazon.com: The Art of Intrusion - The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
Amazon.co.uk: The Art of Intrusion - The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
Blurb from back cover:
Enter the hostile world of computer crime from the comfort of your own armchair. Mitnick presents ten compelling chapters, each the result of an interview with a real hacker about a real attack. A must read for anyone with an interest in information security.
As most of us are aware Mitnick is quite the Internet celebrity, especially amongst people within the InfoSec community so his second book was always bound to have a bit of a following. Due in no small part to his first attempt being quite excellent in both content and style and in turn on the infamy gained from his hunt and arrest, then subsequent rights issues he faced as a guest of the US justice system.
I was very interested in this book and had discussed it with Mitnick prior to it's release and had an idea of his vision for the book. When the book was released and I managed to get round to getting a copy I was hoping for the same sort of insight in to the security world he showed in The Art of Deception. Sadly however this was not the case.
The book lacked the one thing I and most other people bought it for. We wanted to see the outlook of someone who had been on all sides of the fence in respect to intrusions. Mitnicks credentials include being a succesful intruder, excellent social engineer, previously published author, fugitive of the law, captured and convicted criminal, security consultant and company CEO. Quite the resume to bring to a text that focuses on one of the most controversial modern industries. However none of this unique insight comes through, or so very little as to make it meaningless. The views he had born of his multiple engagements and quite public life could have filled more than one book and could have given the reader something to really bite in to and discuss, We should have been learning all the way, either about Mitnick or about the subjects of the stories - or maybe even about the techniques used. We got nothing more than an introduction to all of these.
He managed to convey more than 10 stories and all the expected insight in only 270 pages! it could hardly have been considered complete. For non-technical readers it serves as a gentle introductory text to the world of security and has merit in that function - it's target audience were within the security industry and they probably gained nothing from this book.
The stories themselves were sometimes interesting from a fictional point of view such as the story of the gamblers cheating the house, but as a means of gaining knowledge of security methods, or breech of security methods, it didn't quite meet that requirement. It was neither technical or insightful, it was billed as "the real stories" and the only proof of that is in the fact that one or two of them made the news headlines at the time they occured, but to be honest the mainstream media coverage of these stories was more insightful than Mitnicks.
Style and Detail
The structure of the book basically consisted of the story of some, often outlandish and slightly contrived sounding, breech of security. This was followed up by very brief and rarely insightful comment by the author and some mitigation advice for the specific or generic example portrayed in the story. While this was similar in structure to The Art of Deception it was definitely not similar in insight. It appeared from reading the books that Mitnick was an extremely skilled social engineer but lacked the technical expertise required to comment coherently on the more technical attack, which is something I would never have beleived. I know Mitnick has a high degree of technical knowledge - although it is not evident from this book. The book should have had more detail from Mitnick on the attack, more of his personal view and a lot more pages. Getting technical details about the UK telephone system blatantly wrong didn't add to the books legitimacy either.
After all that you would be surprised to learn that I advise everyone to read it, not because it is great, insightful or useful. Merely because it will be known as one of the defining books of the information age, solely based on the authors reputation however and not on it's own merit. Also if you have a partner struggling to understand the industry you work (and possibly LIVE) in, then this may help explain why you find it such a fun and rewarding career to have.
There is also the chance that when his legal restrictions, which prevent him talking of his own crimes, expire "The Art of Getting Caught" could be a better read, I will definitely buy it.
This book receives an honored SFDC Rating of 4/10.
Keywords: Mitnick, Intrusion, Hackers
This review is copyright 2005 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Joined: 27 Mar 2005
|Posted: Mon Jun 13, 2005 2:20 am Post subject:
The book sometimes felt like it was written with your average computer illiterate person in mind, constantly explaining every day terms and never actually going into the real gritty details that I expect most geeks would like to read about.
Mitnick's previous book "The art of Deception" at least gave some minor insight into common tricks employed by con artists, but this book only left me more ignorant then I was when I started reading. It tries to much to appeal to Average Joe and in the process fails to please anyone.