Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "The Art of Intrusion", Kevin D. Mitnick/William L. Si

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "The Art of Intrusion", Kevin D. Mitnick/William L. Simon
Date: Wed, 27 Jul 2005 10:08:38 -0800 
BKARTINT.RVW   20050607

"The Art of Intrusion", Kevin D. Mitnick/William L. Simon, 2005,
0-7645-6959-7, U$27.50/C$39.99/UK#17.99
%A   Kevin D. Mitnick
%A   William L. Simon
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2005
%G   0-7645-6959-7
%I   John Wiley & Sons, Inc.
%O   U$27.50/C$39.99/UK#17.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0764569597/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0764569597/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0764569597/robsladesin03-20
%O   Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   270 p.
%T   "The Art of Intrusion"

This book is a collection of stories that Kevin Mitnick got blackhats
and intruders to send him.

Kevin Mitnick is a speaker and trainer, interested in the betterment
of all mankind, and persecuted by the government because he dared to
try to tell the unsuspecting public ... something.

Thus saith the "Acknowledgements."

He is also concerned about the number of people who have attempted to
promote and enrich themselves at the expense of the "Myth of Kevin
Mitnick."  Arguably one of the most assiduous of those is Kevin
Mitnick.

Chapter one is a very complex and involved story about cheating
casinos by accessing and reverse engineering the on-board programming
on a slot machine, and then using the information obtained about the
machine's workings to predict likely payout conditions.  This data is
utilized in an intricate scheme involving distractors, convoluted
shift operations, and special purpose computers built into shoes. 
Despite all of this detail, the only "countermeasures" suggested are
to use tamper-resistant chips and boards on proprietary devices.  Some
crackers break into government and military computers, in chapter
two's story.  (Possibly at the behest of terrorists, maybe on request
by an FBI informant.  One of the lessons to be learned from this is
that if you idolize Kevin you won't get caught: but all your friends
will.)  Chapter three gives the story of a couple of guys who learned
about computers in prison: it's a bit of a relief that, while they
were breaking rules, they weren't up to no good.  (Lots of
countermeasures are listed for this one, most having very little to do
with the narrative.)  The interesting thing about chapter four is that
the story is told from both sides of the fence.  Chapter five tells
the story of Adrian Lamo.  A couple of penetration test stories are in
chapter six, neither as interesting as the ones in Winkler's "Spies
Among Us" (cf. BKSPAMUS.RVW).  A couple of foreign intruders provide
brief anecdotes in chapter seven.  Chapter eight describes two
targeted intrusions, and a bit about crackers and software piracy
"warez" sites.  Some details of scanning a network are given in
chapter nine.  Mitnick basically reprises "The Art of Deception" (cf.
BKARTDCP.RVW) in chapter ten, with a socially engineered penetration. 
Some miscellaneous stories are in chapter eleven.

In the preface, Mitnick is keen to let us know that blackhats
everywhere are dying to get a fraudulent story past the king of social
engineering, and so they check out every story for confirmatory
details.  Most of the stories can't be confirmed in much detail.  They
sound like good stories, but the particulars are sometimes unlikely. 
In the prison tale, for example, why could the principals get lots of
network adapters and cabling (as well as sound cards), but have such a
hard time with modems?  If they were able to set up one networked
computer with remote access, why not another?

Ultimately, as with the earlier book, the tales develop a tiring
sameness.  Boy meets computer, boy hacks computers, boy either goes to
jail or loses interest.  The reader will probably lose interest much
more quickly.

copyright Robert M. Slade, 2005   BKARTINT.RVW   20050607


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
 Lotteries are a tax on the arithmetically impaired.
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "The Art of Intrusion", Kevin D. Mitnick/William L. Simon, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  Re: [CISSP-D] Re: Work factor of Birthday attacks, Larry D. Weiner
Next by Date:  [CISSP-D] Any update on www.CISSP.com ???, horndviking
Previous by Thread:  [CISSP-D] Work factor of Birthday attacks, Labib Ramy
Next by Thread:  [CISSP-D] Any update on www.CISSP.com ???, horndviking
Indexes:  [Date] [Thread] [Top] [All Lists]