
Title: The Art of Intrusion
Author / s: Kevin D. Mitnick & William L. Simon
Year published: 2005
Pages: 291
Chapters: 11, each with its own story / stories
Format: Third party story-telling with first party experience inserts
Estimated reading completion [part-time]: 2 weeks
Target niche: hacker wannabes, information security professionals, computer enthusiasts concerned of hacker intrusions
'The Art of Intrusion' Content Glimpses
- Alex Mayfield and his team’s 1990s Las Vegas casino slot machine hacking exploit
- Countermeasures: difficult firmware access, hashing, checksum routine
- Comrade & ne0h hacks into Boeing and tries for the Secret Internet Protocol Router Network (SIPRNET) of the US military for Khalid Ibrahim (suspected Pakistani militant / FBI double agent)
- Countermeasures: operating system updates, DMZ (defense in depth model), second-level authentication
- Prison inmates William and Danny sets up a computer and web network inside a Texas prison
- Countermeasures: insider threat awareness & mitigation, password management, “Dead” cubicles and other access points, prevent installation of unauthorized hardware, audit systems for software integrity, no excessive user privileges
- Don Boelling, a Boeings security spokesman catches Matt and Costa red-handed hacking into the US District Court in Seattle and into Boeing
- Countermeasures: employee computer security awareness training, no default / static passwords, good password practice
- Pieter Zatko aka “Mudge”, a highly respected computer security outfit; l0pht Heavy Industries, the software package called l0phtCrack, and the penetration test done on “Newton” consultant firm
- Countermeasures: source port & firewall issue, using programs based on cryptographic protocols like ssh, network jacks placement, control physical entry
- Gabriel the Canadian hacker breaks into a bank in Dixie (a state in the southern United States), gaining capability to initiate an unauthorized wire transfer
- Countermeasures: web page source code flaw, limit the amount of user input that is passed to a server-side script, network monitoring
- Whurley, a security consultant hired by a Vegas resort group executes social engineering approach to perform a variety of security audits
- Countermeasures: mitigate social engineering attacks - establishing appropriate security protocols and then motivating employees to adhere to the protocols
*Note: You can probably find this book ‘on the cheap’ over the internet by using your favorite search engine.
No comments:
Post a Comment