I was tidying up my books yesterday as we have an inspection tomorrow. I had this huge pile of books by the bed and they ended up in a box while we were away. So, now I’m sorting through the box.
Found an old library book that I borrowed ages ago, Kevin Mitnick’s book The Art of Deception is all about Social Engineering — human ways of beating security systems and getting access to things you aren’t supposed to. The book is intriguing as it decribes a series of cons, a series of techniques for getting access and information that you aren’t supposed to get by convincing people to give it to you, or setting up the circumstances around the call or request so people just trust you.
The idea is not to use these techniques to go and con people, but to get an awareness of what is possible and how easy it can be to break security when there is somebody you can call up and convince them to give you the password or something
People implementing any sort of IT systems need to read this. Typically we build IT security without considering the human element much. And people who are interested in cons and tricks will enjoy the descriptions of the techniques involved and the stories.