Side Channels

Subtitle: Controlling the Human Element of Security.

Kevin Mitnick is a talented social engineer with a frank admission that some of the myths regarding his activities are simply not true. “Social engineering is the practice of obtaining confidential information by manipulation of legitimate users.” In this (3 year old) book Mitnick outlines social engineering attacks and recommends how to help prevent them, or make them more difficult to execute. The book has some organizational flaws that make it both fascinating and boring.

The first thing I learned when “they” tried to beat English writing into me in college was to define an audience. Mitnick hasn’t done that; his audience range from the casual reader through a security professional to a social engineer looking for new tricks. This book should have been split into two shorter volumes. One with a description and storytelling of social engineering attacks for the casual interested reader (fascinating) and the other for information security professionals who are looking for a guide on how to manage information vulnaribilities (boring.)

So, if you got the time and interest in social engineering, I’d read the first 2/3 of this book. If you are someone looking for defining a security policy for your corporation, you’d probably be better off with a book dedicated solely to this topic (or read the whole book as a good addition.)

If there is one sentence you should take from this book, this is it:

“The truth is that there is no technology in the world that can prevent a social engineering attack.” p.245

SaarStars: 2.5/5

Authors: Kevin D. Mitnik and William L. Simone.
ISBN: 076454280X
Amazon, BN
Kevin’s company: kevinmitnick.com

This entry was posted on Monday, October 17th, 2005 at 5:36 am and is filed under reviews, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.