The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Kevin Mitnick is a legend among computer hackers - and his unique position as a former world class computer hacker turned security consultant lends him credibility to the hacker community. Because of this, he has the trust of the most skilled computer hackers in the world (many who have not yet been caught) - giving him access to these stories. I am a network administrator and I have learned much from this book. It is basically a compilation of stories of different particularly elaborate hacks. Each chapter includes a story of how a particular individual beat the system. At the end, he analyzes the failures and includes suggestions on how to prevent a similar exploit in your company. I particularly liked the Casino hack, in which a group of techies crack the code to particular slot machine and use it to predict when the next winning hand would come.

I picked up this book on a whim, I wanted to learn more about hacking and Kevin Mitnick. It wasn't all about him, but it was still quite good. The stories in this book are very good, I enjoyed reading, and I've passed it on to other people.

While these stories describe different exploits they all provide different lessons and are from that POV well worthwhile. Several of the stories are quite funny (the hacked Coke machine for instance--the password jumped out at me as soon as they said no one could ever guess it) but still worth while. There is too much tendency to depend on hardware solutions when folks don't realise that those are computers too and they can be hacked just as easily or even more so than a PC. Some of the stories are probably exaggerated as Mitnick admits he was unable to verify all of them particularly the shorts at the end of the book. Some of chapter 10 is probably exaggerated but I used to do pen tests and its certainly overall credible. A very valuable book overall. I can sympathise when some of the "white hat" security experts turn vigilante and deface websites etc. out of frustration. The reason that I left the field was because often my big decision after an audit was "do I just dust off the report I did 2 years ago or do I write a new one" because more often than not nothing had changed and none of the holes had been plugged. Most of the times I wrote a new report were because new vulnerabilities had been added.

As a network administrator for a state and federal agency, I am always concerned about the security of my network. Mitnik, while not Hemmingway, has an simple, interesting and fluid writing style that lends itself to even the most technically challenged. I have thoroughly enjoyed this book and recommended it to all my colleagues. It left me wanting more, and wanting to watch my network more.

If you try to make your systems foolproof, there is always one more fool who is more inventive than you. - The Art of Intrusion, p. 143 Formidable book from Kevin Mitnick here, so I give it an unreserved two thumbs up. Grab a copy of The Art of Intrusion from your local bookstore shelves, and make a mad dash for the registers, or -- more casually -- find a comfortable stuffed chair and plop down in it, devour your Mandarin Orange Muffin and sip on your piping-hot Starbucks while you copy down some interesting URLs from the pages of this tome. Because you'll enjoy this work if you're into computers, have dabbled at hacking, or are currently making a living by defending a network of any type. And you may even find one particular chapter -- Social Engineers - How They Work and How to Stop Them -- to be extremely beneficial in preventing regular or identity theft. At the very least, you'll be able to pick up on warning signs when someone is trying to manipulate either you, your data, and your PC or Mac. Real examples of hacking are usually hard to document, for obvious reason. Firstly, nobody wants to be 'caught out' or get in trouble for things they did in the past. Secondly, they could be punitively prosecuted for something that was not all that malicious -- especially if they reveal their name, location, tradecraft or exploits to any ordinary journalist. Because author Kevin Mitnick served a lengthy sentence in a Federal Prison for his hacking, he's actually become a person that members of the underground hack community can look up to, and trust. That may be an example of inverse logic, but nevertheless it is true. And it is only through this layer of explicit confidence that certain of these accounts would've ever likely seen print. Even if these accounts are mildly doctored to protect someone's identity, they do possess the ring of truth. For example, four buddies descend on Sin City in Chapter One, and figure out how to swindle more than a million bucks from the video poker machines -- this after a visit to the reading room of the Patent Office in Washington D.C., the legitimate purchase of a 10 year-old Japanese slot machine, and a little reverse engineering. Even more interesting is Chapter Two -- When Terrorists Come Calling -- which sketches the terrifying report of a Pakistani terrorist, by the name of Khalid Ibrahim, that was interested in recruiting young American hackers in 1998 to break into .gov and .mil websites. Khalid offered an American hacker ne0h $1k if he would hack into a Chinese university and give him names of students in the database. An obvious test of ne0h's skills. Using inference, and rudimentary social engineering skills, ne0h proved to Khalid Ibrahim that he was up to the task. This lead to a hack at the Bhabha Atomic Research Center in India. Then another intrusion at Lockheed Martin to obtain certain Boeing airplane schematics. The hacker penetrated three layers into Lockheed before he ran into the DMZ. Kha