Paranoia in the work place

Posted on September 14, 2005
Filed Under Geeeek Stuff

A few years back I read a great book by Kevin Mitnick. For those of you who don’t know who he is, he’s an ex-hacker who was sent to prison for breaking in to various computer systems. After his release from prison, he did what any hard working hacker would do… started a security company and wrote some books.

The first (and at the moment, only) book of his I read is called, The Art of Deception : Controlling the Human Element of Security. If you own your own company, or work for a company that you care about, I strongly suggest you read this book. What you’ll find is that every electronic security system, firewall, encryption method, etc, etc, etc in the world is no match for a smooth talking guy (or gal) and a telephone. Kevin tells tales of breaking in to systems the easiest way possible… ask somebody for the password. Did he work at the company? No. Did he know the people he was asking? No. Was he able to manipulate them in to giving him the password (or a key piece of needed information)? Over and over again…

For most of us, it’s programmed in to us to try and be helpful. When somebody calls you on the phone, says they work in some other office of your company and is working late trying to get something done so they can get home to their kids but they’ve lost a vital piece of info, you’d be surprised how many people, without actually knowing who was on the other end of the line, could relate to the situation and would go out of their own way to provide them the help needed. All of this without so much as confirming who was on the other end of the phone.

I recently found that Kevin has another book out - The Art of Intrusion : The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers. If it’s half as informative (and eye opening) as the first, it’ll be well worth the read.

Share and Enjoy: