BKARTINT.RVW 20050607 "The Art of Intrusion", Kevin D. Mitnick/William L. Simon, 2005, 0-7645-6959-7, U$27.50/C$39.99/UK#17.99 %A Kevin D. Mitnick %A William L. Simon %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2005 %G 0-7645-6959-7 %I John Wiley & Sons, Inc. %O U$27.50/C$39.99/UK#17.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0764569597/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0764569597/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0764569597/robsladesin03-20 %O Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation) %P 270 p. %T "The Art of Intrusion" This book is a collection of stories that Kevin Mitnick got blackhats and intruders to send him. Kevin Mitnick is a speaker and trainer, interested in the betterment of all mankind, and persecuted by the government because he dared to try to tell the unsuspecting public ... something. Thus saith the "Acknowledgements." He is also concerned about the number of people who have attempted to promote and enrich themselves at the expense of the "Myth of Kevin Mitnick." Arguably one of the most assiduous of those is Kevin Mitnick. Chapter one is a very complex and involved story about cheating casinos by accessing and reverse engineering the on-board programming on a slot machine, and then using the information obtained about the machine's workings to predict likely payout conditions. This data is utilized in an intricate scheme involving distractors, convoluted shift operations, and special purpose computers built into shoes. Despite all of this detail, the only "countermeasures" suggested are to use tamper-resistant chips and boards on proprietary devices. Some crackers break into government and military computers, in chapter two's story. (Possibly at the behest of terrorists, maybe on request by an FBI informant. One of the lessons to be learned from this is that if you idolize Kevin you won't get caught: but all your friends will.) Chapter three gives the story of a couple of guys who learned about computers in prison: it's a bit of a relief that, while they were breaking rules, they weren't up to no good. (Lots of countermeasures are listed for this one, most having very little to do with the narrative.) The interesting thing about chapter four is that the story is told from both sides of the fence. Chapter five tells the story of Adrian Lamo. A couple of penetration test stories are in chapter six, neither as interesting as the ones in Winkler's "Spies Among Us" (cf. BKSPAMUS.RVW). A couple of foreign intruders provide brief anecdotes in chapter seven. Chapter eight describes two targeted intrusions, and a bit about crackers and software piracy "warez" sites. Some details of scanning a network are given in chapter nine. Mitnick basically reprises "The Art of Deception" (cf. BKARTDCP.RVW) in chapter ten, with a socially engineered penetration. Some miscellaneous stories are in chapter eleven. In the preface, Mitnick is keen to let us know that blackhats everywhere are dying to get a fraudulent story past the king of social engineering, and so they check out every story for confirmatory details. Most of the stories can't be confirmed in much detail. They sound like good stories, but the particulars are sometimes unlikely. In the prison tale, for example, why could the principals get lots of network adapters and cabling (as well as sound cards), but have such a hard time with modems? If they were able to set up one networked computer with remote access, why not another? Ultimately, as with the earlier book, the tales develop a tiring sameness. Boy meets computer, boy hacks computers, boy either goes to jail or loses interest. The reader will probably lose interest much more quickly. copyright Robert M. Slade, 2005 BKARTINT.RVW 20050607