Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Rob Slade, doting grandpa of R
July 27, 2005, 8:50 pm
rate this thread
"The Art of Intrusion", Kevin D. Mitnick/William L. Simon, 2005,
%A Kevin D. Mitnick
%A William L. Simon
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$27.50/C$39.99/UK#17.99 416-236-4433 fax: 416-236-4448
%O (Amazon.com product link shortened)
(Amazon.com product link shortened)
%O Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 270 p.
%T "The Art of Intrusion"
This book is a collection of stories that Kevin Mitnick got blackhats
and intruders to send him.
Kevin Mitnick is a speaker and trainer, interested in the betterment
of all mankind, and persecuted by the government because he dared to
try to tell the unsuspecting public ... something.
Thus saith the "Acknowledgements."
He is also concerned about the number of people who have attempted to
promote and enrich themselves at the expense of the "Myth of Kevin
Mitnick." Arguably one of the most assiduous of those is Kevin
Chapter one is a very complex and involved story about cheating
casinos by accessing and reverse engineering the on-board programming
on a slot machine, and then using the information obtained about the
machine's workings to predict likely payout conditions. This data is
utilized in an intricate scheme involving distractors, convoluted
shift operations, and special purpose computers built into shoes.
Despite all of this detail, the only "countermeasures" suggested are
to use tamper-resistant chips and boards on proprietary devices. Some
crackers break into government and military computers, in chapter
two's story. (Possibly at the behest of terrorists, maybe on request
by an FBI informant. One of the lessons to be learned from this is
that if you idolize Kevin you won't get caught: but all your friends
will.) Chapter three gives the story of a couple of guys who learned
about computers in prison: it's a bit of a relief that, while they
were breaking rules, they weren't up to no good. (Lots of
countermeasures are listed for this one, most having very little to do
with the narrative.) The interesting thing about chapter four is that
the story is told from both sides of the fence. Chapter five tells
the story of Adrian Lamo. A couple of penetration test stories are in
chapter six, neither as interesting as the ones in Winkler's "Spies
Among Us" (cf. BKSPAMUS.RVW). A couple of foreign intruders provide
brief anecdotes in chapter seven. Chapter eight describes two
targeted intrusions, and a bit about crackers and software piracy
"warez" sites. Some details of scanning a network are given in
chapter nine. Mitnick basically reprises "The Art of Deception" (cf.
BKARTDCP.RVW) in chapter ten, with a socially engineered penetration.
Some miscellaneous stories are in chapter eleven.
In the preface, Mitnick is keen to let us know that blackhats
everywhere are dying to get a fraudulent story past the king of social
engineering, and so they check out every story for confirmatory
details. Most of the stories can't be confirmed in much detail. They
sound like good stories, but the particulars are sometimes unlikely.
In the prison tale, for example, why could the principals get lots of
network adapters and cabling (as well as sound cards), but have such a
hard time with modems? If they were able to set up one networked
computer with remote access, why not another?
Ultimately, as with the earlier book, the tales develop a tiring
sameness. Boy meets computer, boy hacks computers, boy either goes to
jail or loses interest. The reader will probably lose interest much
copyright Robert M. Slade, 2005 BKARTINT.RVW 20050607
email@example.com firstname.lastname@example.org email@example.com
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev /
or mirror http://sun.soci.niu.edu/~rslade /
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to firstname.lastname@example.org