The Art of Deception

[SonicDragon]

I finished The Art of Deception by Kevin Mitnick a while back and forgot to recommend it! The Art of Deception is all about social engeneering and how to protect yourself or your company from it. Lots of good-to-know stuff.

[Stryder]

Been meaning to read that. I have followed his whole story pretty closely. That is one very slick, talented, ingenious guy.

[SonicDragon]

Yea. It seems like he has turned his act around though. He is giving security speaches and of course, the book on preventing social engeneering. But, who knows what he does when he's not in the public.The Condor is free at last *que horror music*

[Guest LilBambi]

Been meaning to read that. I have followed his whole story pretty closely. That is one very slick, talented, ingenious guy.

Me too Stryder ... would be interested to see how far he really exposes the whole thing. * Moved to Security and Networking *

[SonicDragon]

would be interested to see how far he really exposes the whole thing. 

You mean his story?So far, not much about it. He has been free for a while now...There wasn't much about his story in the book either.

[Guest LilBambi]

Not really, would be interested in reading that too ;)But I actually meant how far he really exposes the whole shooting match of vulnerabilities out there and how unethical hackers are taking advantage of them. You know, does he just give a splattering of info, or does he really go whole hog and really explain it.I have a feeling that since he probably wrote the book for corporate executives to explain it enough to get some business for his company, that he may not have felt it appropriate to go into a lot of detail.

[SonicDragon]

He goes into pretty good detail. The book is 350 + pages, including a complete security policy to implement. It's basically 300 pages of senarios and analizing them and then a 50 pg security policy

[Guest LilBambi]

Impressive! I think I'd definitely like to read that!Thanks.

[zox]

I dug up the old thread on Slashdot from February 5th, where Kevin directly answers to posted questions by community.A week or so before that everyone was able to submit their questions and Slashdot picked the most interesting ones.Here are the Q and Answers by Kevin Mitnick:http://interviews.slashdot.org/article.pl?...tid=123&tid=172

[SonicDragon]

Great Article! Very informative!Kevin: "A rock star? That's funny. My senior editor at Wiley had said the same thing when I was at the RSA security conference last year. I don't feel like a rock star, at least my bank account doesn't reflect it. Maybe I should partner up with Eminem?"LOL!!!!!!!!

[Guest genaldar]

I couldn't finish the book. Half way through the first chapter all I could think was that this guy was a con artist. Not just a con artist, but an egotistical one too. It boggles my mind that because he was involved with computers he is a hero to some people. If he was just a common con artist no one would care.

[SonicDragon]

I couldn't finish the book.  Half way through the first chapter all I could think was that this guy was a con artist.  Not just a con artist, but an egotistical one too.  It boggles my mind that because he was involved with computers he is a hero to some people.  If he was just a common con artist no one would care.

Your right, he was a con artist...buthe admits what he did was wrong and that he should have been punished for it.he has turned his act around and is teaching people about security nowhe was (from what i hear) mistreated by the government and denied his constitutional rights (correct me if i'm wrong on that one, i'm no lawyer)he claims that he never purposely destroyed anything. He claimes that he was doing what he did for the trill of being able to do it, to try to find out how computer systems really work.He also claims that the punishment did not fit the crime.and who says you can't learn from con artists?

[Martini Lover]

with the way that people come through the back door, (all the MS Updates) I would rather just have a party. COME ON IN. Just don't hurt me.

[Guest genaldar]

I couldn't finish the book.  Half way through the first chapter all I could think was that this guy was a con artist.  Not just a con artist, but an egotistical one too.  It boggles my mind that because he was involved with computers he is a hero to some people.  If he was just a common con artist no one would care.

Your right, he was a con artist...buthe admits what he did was wrong and that he should have been punished for it.he has turned his act around and is teaching people about security nowhe was (from what i hear) mistreated by the government and denied his constitutional rights (correct me if i'm wrong on that one, i'm no lawyer)he claims that he never purposely destroyed anything. He claimes that he was doing what he did for the trill of being able to do it, to try to find out how computer systems really work.He also claims that the punishment did not fit the crime.and who says you can't learn from con artists?

It doesn't matter if he admits what he did is wrong he is still profiteering from committing a crime. Sure he isn't writing a tell all, but lets face it if he didn't commit the crimes no one would've heard of him and no one would've offered him a book deal.About being mistreated by the government in his own version of the story (which hasn't been cooberated by anyone mind you) he says they offered him something every couple of months if he was willing to waive specific rights. That is legal. Without that right suspects in custody could never talk without their lawyer present, they have to wave their miranda rights before they can talk. No laws or procedures were broken. He's just a whiner.I don't care if he never destroyed anything. What if someone breaks into your home and just walks around, is that still a crime? Yes. And he didn't do just that. It's like he broke into your home, walked around and looked into all your cabinets, drawers and closets.I don't know enough of the law to say if the punishment fit the crime, but some of the documents he made copies of were protected by patent laws. In some versions I've heard he also made copies of classified federal documents. If he did make copies of classified documents he got off light.I never said you couldn't learn from con artists, I just pointed out the fact that his ego prevented me from doing so. Besides its not like its groundbreaking stuff. It was people dumb enough to believe a fast talker.My question is if he was a traditional con artist and took millions from the dumb and the old. Gaining fame along the way. Would anyone be reading his book? Or would people care that he was profiting from his crimes (which is illegal btw).

[jbredmound]

[My question is if he was a traditional con artist and took millions from the dumb and the old.  Gaining fame along the way.  Would anyone be reading his book?  Or would people care that he was profiting from his crimes (which is illegal btw).

Are we talking about Bill Gates? Oh, I love talking about Bill Gates! Can I join in?

[Jeber]

I happened across an advance copy last October, read it, had to keep smiling. Kevin didn't just write about social engineering, he wrote "in" social engineer. The whole book is a marvelous example of text-based social engineering. He is an addict to the con. He hasn't changed his habits, he's just redirected his aim and selected a safer target. I enjoyed his book but wouldn't want him to work for me.