可借阅:*
图书馆 | 资料类型 | 排架号 | 子计数 | 书架位置 | 状态 | 图书预约 |
---|---|---|---|---|---|---|
正在检索... Government Records | Book | QA 76.9 .A25 M58 2002 | 1 | Stacks | 正在检索... 未知 | 正在检索... 不可借阅 |
链接这些题名
已订购
摘要
摘要
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
评论 (2)
出版社周刊评论
Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying. (Oct.) Forecast: Mitnick's notoriety and his well-written, entertaining stories should generate positive word-of-mouth. With the double appeal of a true-crime memoir and a manual for computer security, this book will enjoy good sales. (c) Copyright PWxyz, LLC. All rights reserved
《图书馆杂志》(Library Journal )书评
The world's most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22-month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software. He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state-of-the-art security software can't protect businesses from the dangers of human error. With Mitnick's recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. [This should not be confused with Ridley Pearson's new thriller, The Art of Deception. Ed.] Joe Accardi, William Rainey Harper Coll. Lib., Palatine, IL (c) Copyright 2010. Library Journals LLC, a wholly owned subsidiary of Media Source, Inc. No redistribution permitted.
目录
Foreword | p. vii |
Preface | p. ix |
Introduction | p. xv |
Part 1 Behind the Scenes | p. 1 |
Chapter 1 Security's Weakest Link | p. 3 |
Part 2 The Art of the Attacker | p. 13 |
Chapter 2 When Innocuous Information Isn't | p. 15 |
Chapter 3 The Direct Attack: Just Asking for It | p. 31 |
Chapter 4 Building Trust | p. 41 |
Chapter 5 "Let Me Help You" | p. 55 |
Chapter 6 "Can You Help Me?" | p. 77 |
Chapter 7 Phony Sites and Dangerous Attachments | p. 93 |
Chapter 8 Using Sympathy, Guilt, and Intimidation | p. 105 |
Chapter 9 The Reverse Sting | p. 133 |
Part 3 Intruder Alert | p. 147 |
Chapter 10 Entering the Premises | p. 149 |
Chapter 11 Combining Technology and Social Engineering | p. 173 |
Chapter 12 Attacks on the Entry-Level Employee | p. 195 |
Chapter 13 Clever Cons | p. 209 |
Chapter 14 Industrial Espionage | p. 225 |
Part 4 Raising the Bar | p. 243 |
Chapter 15 Information Security Awareness and Training | p. 245 |
Chapter 16 Recommended Corporate Information Security Policies | p. 259 |
Security at a Glance | p. 331 |
Sources | p. 339 |
Acknowledgments | p. 341 |
Index | p. 347 |