Wednesday, February 10, 2010

The Art of Intrusion by Kevin D. Mitnick & William L. Simon (2005)

The Art of Intrusion by Kevin D. Mitnick & William L. Simon (2005)Save time and effort trying to gather good reads about hacker exploits circa 2005 on your own and grab this book instead. 'The Art of Intrusion' brings the reader on engaging trips, gaining the mind set of hackers as they go about on their hacking projects. The hackers in this book include those that made news headlines for their exploits and also hackers whose exploits were not published by the mainstream media but nonetheless executed profound computer network compromises. Be forewarned that 'The Art of Intrusion' is not a book to find detailed hacking methods being disclosed. Instead, the reader can gain knowledge of an entire hacking process in a more conceptual and architectural sense.

Title: The Art of Intrusion
Author / s: Kevin D. Mitnick & William L. Simon
Year published: 2005
Pages: 291
Chapters: 11, each with its own story / stories
Format: Third party story-telling with first party experience inserts
Estimated reading completion [part-time]: 2 weeks
Target niche: hacker wannabes, information security professionals, computer enthusiasts concerned of hacker intrusions

'The Art of Intrusion' Content Glimpses
  1. Alex Mayfield and his team’s 1990s Las Vegas casino slot machine hacking exploit
    • Countermeasures: difficult firmware access, hashing, checksum routine
  2. Comrade & ne0h hacks into Boeing and tries for the Secret Internet Protocol Router Network (SIPRNET) of the US military for Khalid Ibrahim (suspected Pakistani militant / FBI double agent)
    • Countermeasures: operating system updates, DMZ (defense in depth model), second-level authentication
  3. Prison inmates William and Danny sets up a computer and web network inside a Texas prison
    • Countermeasures: insider threat awareness & mitigation, password management, “Dead” cubicles and other access points, prevent installation of unauthorized hardware, audit systems for software integrity, no excessive user privileges
  4. Don Boelling, a Boeings security spokesman catches Matt and Costa red-handed hacking into the US District Court in Seattle and into Boeing
    • Countermeasures: employee computer security awareness training, no default / static passwords, good password practice
  5. Pieter Zatko aka “Mudge”, a highly respected computer security outfit; l0pht Heavy Industries, the software package called l0phtCrack, and the penetration test done on “Newton” consultant firm
    • Countermeasures: source port & firewall issue, using programs based on cryptographic protocols like ssh, network jacks placement, control physical entry
  6. Gabriel the Canadian hacker breaks into a bank in Dixie (a state in the southern United States), gaining capability to initiate an unauthorized wire transfer
    • Countermeasures: web page source code flaw, limit the amount of user input that is passed to a server-side script, network monitoring
  7. Whurley, a security consultant hired by a Vegas resort group executes social engineering approach to perform a variety of security audits
    • Countermeasures: mitigate social engineering attacks - establishing appropriate security protocols and then motivating employees to adhere to the protocols

*Note: You can probably find this book ‘on the cheap’ over the internet by using your favorite search engine.

No comments:

My latest images for sale at Shutterstock:

My most popular images for sale at Shutterstock: