凯文曾经是 FBI 的头号通缉犯之一,因为他只是为了挑战而入侵了 40 家大公司,现在,凯文是财富 500 强和世界各国政府值得信赖的安全顾问。
Kevin 和他的 Global Ghost Team™ 现在保持着 100% 的成功记录,他们能够利用技术漏洞和社会工程的组合来渗透他们付费入侵的任何系统的安全性。作为世界上最先进的精品安全公司之一的首席执行官和首席“白帽”黑客,凯文在社会工程的理论和实践方面为领导者、高管和员工提供指导,他是全球领先的权威。凯文还帮助消费者——从学生到退休人员——学习如何使用易于理解的术语和友好的方法保护他们的信息和他们自己免受伤害。
凯文对时事的见解备受追捧,导致数百次媒体露面。他曾在 CNN、CNBC、半岛电视台、福克斯新闻、CBC、BBC、莫斯科广播电台、科技电视、国家公共广播电台、花花公子、早安美国和 60 分钟等节目担任评论员、安全分析师或采访对象——仅举几例一些。他已被传唤到国会(众议院和参议院)就影响美国的安全事务作证。 Kevin 还与 KnowBe4 合作制定广受好评的安全意识培训计划,以对抗社会工程并提高安全有效性。
凯文的书包括“入侵艺术:黑客、入侵者和欺骗者利用背后的真实故事”和“欺骗的艺术:控制安全的人为因素”,这些都是安全专业人士的必读读物。他的自传《电线上的幽灵:我作为世界头号通缉黑客的历险记》是纽约时报的畅销书,现已有 15 种语言版本。
The art of deception: controlling the human element of security pdf 凯文·米特尼克
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Amazon.com Review The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.
After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.
Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.
Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance.