22 April 2013

Everyone's a Critic

Book Review
"The Art of Deception” By Kevin D. Mitnick & William L. Simon

M. J. Banks
Monsters University
Spring 2013
ITS 20000-01 Ethical & Legal Issues


           This review will entail observations of “The Art of Deception” by By Kevin D. Mitnick and William L. Simon; overall, it will portend the quality of the book. While assessing tactical hacking and the authors’ suggested approaches at stopping the malicious intents relayed, foremost the personable affectations needed to deceive the deceivers, and relaying how the book presents itself for the layperson. The amount of intrigue given from the book is acceptable to hobbyist and analogue readers alike, proffering enough useful knowledge for IT managers also, in entirety can become excessive to the uninitiated techie, and outlines the certainty of the dichotomy of hacker and security professional. This inroad to technical security oftentimes panders to all readers with isolated scenarios that touch upon literary noire elements, simple altruistic tales that illumine otherwise trivial elements of the technical world as the perils that they are and can be, validated by proven security measures it maintains standing as designed, a partial manual to avoid human error. Infamous Mr. Mitnick relies as much on his criminal past as he does the gathered solutions written in the book to prove the value of the guide. Balanced against humble brags and common knowledge the book is a descent read for people of the nerd community.

Book Review: “The Art of Deception”
           ‘Deception’ begins with a close focus on threats based in the computer world and a call to acknowledge, define, and prevent them. Slowly it brings the readers on a journey that eventually forces the reader to realize the necessity of network hardware firewalls, intrusion detection systems (IDS), antivirus (AV) software, and other security protocols digital and physical, each in individuated experiences. Each serial foray into a security threat is predictably simple, which allows the reader to learn typical solutions to the most typical problems, distinguishing the book as persuasive rather than rigidly technical. Easily enough to read, it has many explanations for novice readers and can at times redundantly explain things. In other instances, the writers impose lulls to security scenarios with elongated personal attestations, which served to explain the flaw of neglecting dangers of a mere unfortunately trusted and unattended hackers. The prose points balanced with the technical aspects make for a descent book to read, but probably a better audiobook.
In the book, Mitnick explains his role in becoming a famous hacker, by means of a national FBI search due to ruining several millions of dollars in the monies of corporate America through his hacking skills, duly ending in incarceration by the federal government, and since has strived for legitimate business ventures. My assessment being that he intimates in his writing sympathy for hackers in his own way, yet now consults corporate institutions and security firms around the world to the malicious hacker element. Logically inundated with a need for IT security these companies hire security admins to propose, design, implement, maintain, and improve the valuable networks they implement for large amounts of commerce all day every day. The book scenarios define users and a network, credentials and insecure situations, showing that hacking has the simplicity of stolen passwords as much as the complex actions of network intruders. In regards to detection, threats found case-by-case present as autonomous and predictable threats, dealt with formulaically to stop the intrusion. Given to the forthcoming information, the threats remain unto themselves human.
The book’s subtitle, “Controlling the Human Element of Security” is a certainty to the narrative, from personal confessions to common threats, a good handbook to moral legality in a growing network, formal it continues to educate the reader to the shocking industrious nature of a hacker, eventually telling that threats from within a company are as viable as from without. Commonly the book paints the same pictures as do today’s spy movies, wherein patient thieves wait for the time to strike, using falsified data and pretenses, under the auspices of professional courtesy. Before explaining how to be suspicious in each scenario, each life lesson styled chapter stresses the importance of security through secrecy in the aspects of personal info, passwords, badges, etc.
It’s not exactly the most informative of books for a student with a degree in computer sciences, but does discuss many techniques and insights, the balanced views of hacker and security professional give the book weight, and the depth of hacker profiling compartmentalized by chapter gives an interesting twist to an otherwise textbook. In attempts to leave little to the imagination a descent compilation of hacker events and social engineering crimes are presented in an entertaining book that deserves a second read, but not a third, worthy of recommendation to the generation prior to millennials, and moderate approval among them, given that the examples are plausible hypothetical. 
          Not to spoil the finer points of anarchy the book reveals, some favorite points included beating speeding tickets with a holiday, bypassing a rotating password with inclement weather, top-level clearance with a fake persona, and gaining restricted access by exploiting kindness, among many other hacker exploits. It is a very ‘spy-world’ book that enlightens obvious circumventions unknown to the average well-mannered individual and goes as far to explain why a person becomes victim in each scenario, thus making the book fairly useful to modern corporate interests.