The Art of Deception is one of two books by famous hacker Kevin Mitnick, the other being "The Art of Intrusion". Intrusion focuses primarily on physicThe Art of Deception is one of two books by famous hacker Kevin Mitnick, the other being "The Art of Intrusion". Intrusion focuses primarily on physical or technological hacks, while this book focuses almost exclusively on social engineering attacks.
A number of problems prevented this book from being very good. The main problem is simply that Mitnick did not have enough material to fill an entire book. This book would have been better if it were shorter and simply one section in a larger book about security. A great deal of the book feels like padding, the anecdotes about various social engineering attacks seem repetitive and pointless - reading just one is often enough, but Mitnick consistently indulges himself with identical tale after identical tale.
I'm not entirely sure who the audience for this book could really be. It doesn't seem like it's for technical people, because the book goes out of it's way to define what things like "http" mean. The book claims to be geared toward nontechnical people or businesspeople, but the fact of the matter is that the subtle differences between a lot of the social engineering attacks will be missed by nontechnical people. To your average joe, 20 or so of the stories in the book will seem identical, testing the patience of the reader.
The book is also frustrating in its design. It's constructed as a book to help managers and businesspeople manage security at their companies. Every story about a social engineering attack is followed by a "Mitnick Message" where Kevin explains how to prevent the attack from happening to you. In reality, however, the real focus is the story itself - the attackers are consistently painted as the hero of the story, with the hapless victims being drawn as naive morons. It's clear that Mitnick admires the attackers in these tales, and the "Mitnick Message" feels like it's been forced into the book to keep up the ruse that the book is intended for anyone other than wannabe hackers. Mitnick's advice is a restated form of "verify the identity of the caller" in nearly every instance.
The book is, to put it simply, a bore. Reading it was a challenge, and I had to fight the frustration to skim or skip sections nonstop. The Art of Intrusion is far more interesting, and I recommend it over this book without reservation. There is value for businesspeople to read this book, but I imagine it will present a significant challenge to their patience.
As an aside, Mitnick offers terrible advice regarding passwords. He argues that passwords should not consist of a constant combined with a predictable variable, such as "kevin01", "kevin02", "kevin03". I agree. He also says that users should not write down their passwords and tape the paper to their monitor or under their keyboards. I agree again. He also, unfortunately, argues that passwords should expire every month. Well, that's terrible advice. Passwords need to be something people can remember, or they have to write them down. If they are going to be memorable, they can't change constantly. If they change constantly and must still be memorable, people have no choice but to add some predictable pattern to a memorable portion of a password. In short, of options A) Don't write passwords down B) Don't use a simple increment in a password C) Change passwords monthly, security administrators can pick any two. To try for all three is delusion....more
Dreaming in Code is a book about software development. As a software developer, I cannot tell you how many times I completely related to the proceedinDreaming in Code is a book about software development. As a software developer, I cannot tell you how many times I completely related to the proceedings. All of the mistakes, all of the problems, all of the concerns, all of the date slipping, everything. It all felt so familiar, so "been there, man". To some extent, that's the problem with the book.
I've tried to read Dreaming in Code on 3 separate occasions. The idea sounded interesting, and the title alone piqued my interest, so I purchased the hardcover book when it came out. I tried reading it, but simply was unable to get into it. A few years later, I acquired the ebook, so I could read it any time like on the bus or on my phone. I got a bit further, but still lost interest. Finally, I made it through the book by buying the audiobook version of it and listening while driving or working out. It somewhat perplexed me that I had such a hard time getting into the book, considering that I found "Masters of Doom", a very similar book about the struggles of a series of software projects (Wolfenstein, Doom, Quake, etc) to be one of the best books I read in the last year.
The difference between these two books lies in how they were written. Masters of Doom was written after the fact, by interviewing people associated with the projects and assembling an historical narrative from these accounts. Dreaming in Code was written by an embedded journalist, who was actually IN the offices where the software was being written, writing about it as it was being developed and eventually picking an arbitrary point in time to cut the book and release it. The difference is important, for one simple reason. Masters of Doom was allowed to be about some of the most groundbreaking games ever created, with the full knowledge of history at the disposal of the author. Dreaming in Code is about the development of a personal information manager called Chandler, which I never heard of before reading the book.
Masters of Doom was fun not only because I could relate to so many of the trials and tribulations of software development that it discussed, but also because I was familiar with the software itself and interested in its history. Chandler is just some Outlook-esque type program, some boring office software meant to emulate Lotus Agenda (which I had also never used). As such, there is nothing interesting about the software itself or its history, so all that's left in Dreaming in Code is the process of development software, and the issues that arise.
As a longtime software developer, these issues were so familiar to me that I found it almost boring. I was so familiar with these woes that it didn't feel like I was really learning anything or gaining new insight. There were occasional passages that I found enlightening, and I wound up definitely taking a handful of "look this up later" type notes, but they were few and far between in light of the book's considerable length. The book almost would be better suited for someone who was NOT familiar with the process of software development, but as countless conversations about my workday with my wife have indicated, nonprogrammers tend not to give a flying rat's fuck about the process of software development.
I would recommend this book, but not to developers, nor to people with no connection to development. I'd recommend it to anyone who works at a company that develops software, but who is not actually on the development team. Salespeople, customer support, maybe even high-level managers, those sorts of folks. I think the book sheds a lot of light on what goes wrong with development projects, and people whose lives are affected by development projects may well find it very interesting and clarifying. It might also be good for those who are interested in becoming software developers, or college students majoring in Software Engineering or Computer Science (but be warned, the Chandler project is particularly dysfunctional, and I recognized its problems mostly from the worst jobs I've ever had, not the best). Those who live this life will find it boring, as will anyone whose interactions with software are limited to its usage....more
The Numerati isn't a BAD book, it's just not a particularly interesting one. The book covers all the various ways that data miners are looking at hugeThe Numerati isn't a BAD book, it's just not a particularly interesting one. The book covers all the various ways that data miners are looking at huge volumes of data and how that data is being used.
Stephen Baker talks about the ways that grocery stores collect data on food purchases to keep track of inventory and make suggestions to consumers, the ways that politicians collect demographic data to predict how the campaign will change when running particular ads (effectively turning your vote into a purchasable commodity), how the medical community can use data-gathering tools (such as special carpets), how intelligence agencies use data mining to locate terrorists, how ad companies (like Google) use data mining to target ads at internet users, and how dating services use data mining to help people find mates.
I guess I found most of the book to be pretty standard - I was well aware of most of these applications for data mining, though the book did flesh out a number of details I was laking.
I think what bothered me the most was the inconsistent tone. Baker would take on an almost alarmist tone when discussing the privacy implications for a lot of data mining applications, but he would do so during chapters which I found wholly unalarming. His tone during the chapter on grocery stores keeping track of your purchasing habits had an insidious undercurrent. He talked about these corporations knowing when you buy personal items, or suggesting genital creams to you. I found this application of data mining completely benign and untroubling - recommendation engines are my favorite application of data mining.
The chapter on voting, on the other hand, had the opposite problem. I find it wholly disturbing that we are so predictable as a collective that politicians can figure out exactly how many votes can be purchased by spending a certain amount of money on a certain type of ad (this also disturbed me when I read about it in Al Gore's The Assault on Reason). Baker's tone, for the most part, seemed unperturbed by this, almost viewing it as a win for democracy.
For the most part, the book is good, but it's just not passionate or well-written enough to move it to "great." I recommend reading it for people who are interested in modern data mining or privacy, but I imagine it would be difficult to get through for someone who wasn't already interested in the material....more
Crowdsourcing is an informative book about the growing popularity of using large crowds to solve interesting problems or provide content. The term "crCrowdsourcing is an informative book about the growing popularity of using large crowds to solve interesting problems or provide content. The term "crowdsourcing" was actually coined by Jeff Howe, so this is a pretty authoritative book on the subject.
The book covers all sorts of things which fall under the very wide umbrella of crowdsourcing, such as Linux, Threadless, Myspace, Wikipedia, TopCoder, American Idol, iStockPhoto, and quite a great deal more.
The book is interesting, but never quite insightful. Most of the content is at a very superficial level, accurately describing the emergence of crowdsourcing in businesses, but without really providing a great deal of analysis of it. A few chapters provide advice for how to use crowdsourcing in your own business, but even these contradict themselves a bit. As a brief example, Howe tells the story of InnoCentive, a company that relies on the crowd to solve science stumpers. Howe points out cases where the solutions were found by people who were not scientists by training, but then in the section where he offers advice for businesses who wish to leverage crowdsourcing, he implies that you should ensure your crowd consists mostly of experts.
Overall, a very good book and worth a read, and while it covered a wider range of examples of crowdsourcing at work, I have to recommend the very similar Wikinomics above Crowdsourcing. Wikinomics has far fewer examples, but goes into quite a bit more detail with each example, providing a bit deeper of an analysis....more
When I was young, maybe 13 or 14, I picked up a book about a hacker named Kevin Mitnick. The book was called "The Fugitive Game" by Jonathan Littman.When I was young, maybe 13 or 14, I picked up a book about a hacker named Kevin Mitnick. The book was called "The Fugitive Game" by Jonathan Littman. Littman, who was able to talk to Mitnick while Kevin was in hiding, attempted to portray a fair and balanced view of Kevin Mitnick. He focused a great deal on the overzealous prosecution of Mitnick by the government and the general nonsense of the media portrayal of him, but he never presented Kevin in a particularly favorable light either. The Fugitive Game was one of the first nonfiction books I read as a kid, and I absolutely needed more. I tried reading "Takedown", the book by Tsutomu Shimomura, the eventual apprehender of Mitnick, but I found myself feeling like I was reading a book written by Darth Vader. Right or wrong, I had turned Mitnick into some kind of hero in my mind. Since then, I've had something of a fascination with Mitnick, watching the awful sequel to Hackers and reading his books The Art of Deception and The Art of Intrusion.
Ghost in the Wires is, for me, mana from above. Kevin Mitnick's entire life, from Kevin Mitnick's perspective. I found this book nothing short of enthralling. Every stage of his life, starting from his adolescent social engineering, up through his many different hacks that eventually led to him going into hiding, covering his time in Denver, Seattle, and Raleigh, and eventually his court case and imprisonment, is covered in great detail. Mitnick divulges huge amounts of details about his hacks, including the particular exploits used to perform many of the technological hacks as well as transcripts of conversations he had for his social engineering hacks.
He describes each piece of the puzzle, taking the reader step-by-step through acquiring each piece of information needed to complete a particular hack. This kind of detail probably isn't for everyone, but I loved it. Kevin is careful to explain the "why" of these pieces for laymen who don't understand what an "rhost" is, so the book would be readable for a non-techie, but I believe it would be far more satisfying from someone who works with computers or telecom.
The book is just stunning. I could barely put it down, and I found myself bummed when it was over, despite its 432-page length. When Kevin was describing how he decided where to move after Seattle, I felt a noticeable lump in my stomach drop when he decided on Raleigh, North Carolina, since I knew that's where he was eventually apprehended. I didn't want the adventure to be over, Kevin Mitnick is like Indiana Jones for someone with my nerdy tastes in technology.
If you're interested in hacking, computers, security, social engineering, or Kevin Mitnick in general, I simply cannot recommend this book highly enough. It's well-written, engaging, and downright fascinating. I think even someone who wasn't a Mitnick fanboy like myself would really enjoy it, though the hero-worship certainly makes it an even better experience.