Social Engineering: The Art of Human Hacking Paperback – 17 Dec. 2010

Social engineering is used everyday, in every aspect of our life, without us even knowing at times! Not just by con men, hackers etc but sales reps, doctors, parents employers, teachers. Knowing and playing on human emotions is very powerful tool and can be used to manipulate people to do actions they normally would not do. The human brain is the CPU and hard-drive combined and this can be overloaded (human buffer attack) and manipulated by emotion triggering (which can be triggered by just bringing back a memory in the brain good/bad). Whether over the phone or in person (facial muscles perform certain twitches for every emotion, anyone watched Lie to Me?) the human is always open to attack.This book covers a wide range of topics, from how we use social engineering day to day in our personal lives, how the media/businesses use this globally and tests/case studies used by trained pentesters/social engineer auditors simply to just open peoples eyes to see this, its almost like our eyes are closed to all these techniques, as mostly done subconsciously.Would highly recommend having a read. I do believe the book is aimed at non-technical computer readers (as author really explains technical terms in layman) however even as a technical person this book still is very enjoyable read. It's all good breaking computer systems/networks but having the extra ability to break humans into giving you faster, direct, powerful entry is even more astonishing . This skill can be applied in every area of life, not just digitally, to ensure you are never ripped off (be it a sales man/media advertisements etc) and also helps you protect your family, work, business, investments, money and future as you will not be easily manipulated by this technique when you are aware.

A book containing the entire body of knowledge pertaining to Social Engineering is going to run to several volumes. Its such a wide subject encompassing a huge variety of topics that a single volume just isn't going to be able to cover them all in inordinate detail; even Microsoft canned Encarta when the Internet took off :). I therefore picked up this book hoping to gain an oversight into the field of Social Engineering, learn the most important aspects of it, and hopefully pick up some references for future study. It delivered on my expectations in spades.It first establishes the framework of social engineering, something that I think is incredibly important. Yes you can learn individual elements but without understanding where they sit in a framework (where they are most prudent, what inputs you need and what outputs you can expect) you limit your overall effectiveness as/understanding of a social engineer. It then proceeds to take you through each of the elements in turn, delivering a precis and expanding on specific salient points. Every section is accompanied with copious references for further research and its clear that the author is intimately familiar with his material. Moreover, its also clear that he has a passion for the subject matter and this comes across well in the book.Although written in a slight slant towards penetration testing, the author goes to great lengths to point out that in order to defend against something you need to understand how, where, and when someone will attack. Its something of an Infosec pastiche, but the Sun-Tzu quote "Know thine enemy better than one knows thyself" certainly applies here. As someone on the defence side, this book is invaluable in understanding how someone may use these techniques against us and should be a mandatory read for anyone tasked with creating an infosec program that really works.

It's informative and provides some classification on certain techniques that may well do without even realising when it comes to social interactions. Worth a read more than once I would say.

The book is packed with information. In fact I haven't finished reading it at the time of writing this. But I can say a few things. There is a lot of stuff you need to know contained within this book. But I have to say it is the scariest thing I've read. Then again there are a few things which didn't seem to right to me. One is that all it takes is an infected USB key to get into a large firm's servers. Why didn't it get stopped by the anti virus anti mal wear protection that is now ubiquitous? Further more, if you don't want employees using the USB ports, the computer administrator can disable them. If I was the CEO of a company and that nice man who left me a CD phones and asks what I thought of it. I would probabnly say I haven't got it back from security screening yet. All these things have to bee screened first before they can be put into our computers.If I was a company's receptionist or a first point of contact for outsiders I probably wouldn't put family photos on my desk, because that's just inviting people to ask questions about my home life and I am there to work and I believe in keeping strict boundaries between my work life and my home life.Does that mean I don't think I can be caught? That would be arogant and it's people who thing it can't happen to them, who are the first ones to get caught, isn't it?Too many things are on the internet these days and I agree with the author when he says they have no business being there. Things such as washing fridges, printers, a city's traffic light system. But corporate America wants to force more and more things onto the internet and people need to vote with their feet. I have a Hewlette Packard printer and recently HP have done something to the software so that the printer only works whilst it is connected to the internet. I am lothsome to replace a printer that is still working, but I can make sure it is switched off at the main when I am not using it. The book describes a new search engine which can locate any internet connected device and tell who owns it and more.In short I think everyone should get this book and protect themselves as best they can.As an adendum I think that all biometric login systems weaken security. A password is in your head or if it has to be written down it can be written in code. But hackers will soon find a way of using a video of your face to log into your computer account. The release of Windows 8.1 has made it necessary to be even more security conscious because your account isn't just local any more it is on the cloud where people could hack in from any machine and as you are forced to use your email as your log-in name anyone can get it.