Category Archives: Books

Ghost In The Wires – Kevin Mitnick – Book Review

It took me a while to finally get through Kevin Mitnick’s latest book – Ghost In The Wires. Though, this was not due to it not being a page turner. Fact is it was!

It took me what felt like so long, as I had been trying to squeeze in the reading time in between everything else. Every time I turn around there is something else to learn or look at elsewhere. Still, beats being bored so can’t complain!

If you had never heard anything about Kevin or other hackers of that time you might find this video useful for a little background

The book is very interesting from a few perspectives. There is the personal component and the security/technology component.

The personal component gives you an idea of the way Kevin had to live his life, the impact on his family and a sense of a world in which trust was at times very scarce. It is hard to imagine in some ways, especially around how tough it must have been inside for so long or the fear I would imagine at facing a very long time locked away.

I enjoyed gaining an insight into the thinking behind some of the attacks or techniques he used when gaining access to a variety of systems (the list is quite astounding) or when he was trying to avoid capture. Surprised often by what, when you read it seems like simplicity, you almost think that would never work, but it did!

For anyone who is not that technical, you won’t have to worry, the details are not to heavy and the book does a decent job I think of explaining anything that is even the slightest bit technical in way anyone one familiar with using computers and the Internet should be able to understand.

From a security perspective it should be an alarm bell to many at the very least. Social Engineering, is alive and kicking. It is also something that many don’t seem to have enough awareness of, still to this day.

Matters in fact often appear to be getting worse as everyone rushes to share all of their intimate personal details all over the place, almost like trusting every stranger is now a good idea.

When you think about the kind of information and access he had, many times by simply asking for it, in others situations by doing enough research on targets and gathering enough relevant information to be extremely convincing and exploiting that element that companies pride themselves on with their staff, helpfulness.

I cant help but wonder how would many local businesses fair today. Especially as I see them rush out to splatter everything they can online in an effort to boost their page ratings. Often I am guessing without a thought about the potential risks.

The book mentions a documentary that I really need to check out called Freedom Downtime

Perhaps another day.


Social Engineering The Art of Human Hacking – Review

So I have just completed Chris Hadnagy’s book and now I am a social engineering master. Well perhaps a master of this art is an exaggeration on my part, but I certainly believe I have learned a great deal from reading what is in my view, an essential guide to the inner workings of social engineering, be it used for good or evil.

The book does not claim to turn anyone into a master. It does though give you a broad and deep understanding and will point you to many other areas of research if becoming a master is your end goal. Considering the years of research gone into various disciplines discussed and skills you would need to cover, I wish you happy researching if this is your end game. I certainly plan to return to many of the areas out of interest myself.

As the web has recently started to develop into the social monster we see today, its teachings I believe may become even more important to many of us in the years to come. It should certainly convince people that a good security awareness program must be adopted everywhere and continually tested/updated.

Just observing my students and others I know online; day to day and seeing the kind of information they share without a thought of the impact this may have for their own personal security, never mind the organisations they may work for, really makes me think it could become open season for crime, in many different ways.

Hopefully they are all lucky and don’t fall victims or perhaps they listen to my constant warnings to take more care.

Thinking back to my own perception of social engineering before I read the book, I had a good idea of what I considered relatively simple types of attack, unfortunately though many people still seem to fall for these sweeping attacks.

For many of us experienced web users we tend to spot these or our spam filters sweep them away so we don’t have to endure yet another delete button press. But what about a targeted attack? How many of us would fall victim then?

I imagine a very high proportion of people would. In fact given enough information about the target and the right set of circumstances we all could quite easily and if you think “no way, not I” then you are probably the most likely to fall for one.

The book outlines the lengths that individuals or groups resort to, in order to tailor an attack customised especially just for you.

Essentially gathering your information from just about any resource they can, coming into contact with you in person or others around you, reading your face, emotions and behaviours like a book and then using all of this minute detail to manipulate you into giving further information away or perhaps fully compromising your systems in a variety of different ways including sending malicious files, dropping off at your office CD/DVD or USB devices with more nasty stuff, convincing you to browse to nasty websites or stealing your systems from right under your nose!

In actual fact it could be quite scary reading for many.

The book also offers good advice in terms of what you can do about it all to what to look for in an auditor if you have already started to think how these attacks my affect your business and would like to test/improve your performance.

The book promotes something which I truly think is important “be aware, educated and prepared”

I have heard recently there is “no patch for human stupidity”, well there is no immediate fix but we can certainly receive constant updates: Through Education.

Tagged , , , ,