I recently finished reading The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick. I enjoyed the book, especially all the examples of how people could/have used social engineering to get what they wanted despite “security” designed to stop them.
I’ll admit the book wasn’t what I thought. I didn’t bother to read any descriptions of the book (I’ve seen it referenced as a good book numerous times) so I was a bit surprised to see what it was really about. I thought it was going to be a book on how to better deceive people, so as to recognize when it was happening to you. Instead, it’s about information security.
Still, Mitnick’s writing style never annoyed me, and he seems particularly adapt at telling security stories. I recognized some security practices I’ve seen before (or needed to see), but some of the stories are really quite eye opening.
Note: There are more reviews coming in the next few days as I finish a little backlog of posts I’ve been meaning to write.
