精選書評:The Art of Deception


作者:Kevin Mitnick
出版社:John Wiley & Sons

文章難度: ★★★☆☆

● 對駭客來說,盜取個人隱私易如反掌。想知道網路世界的漏洞?讓金盆洗手的資深駭客告訴你。
● 本書作者是駭客奇才,16歲起就因為駭客行為多次入獄。最後一次出獄後,他創立了網路安全顧問公司。
● 關於本書的概念,可以參考作者2011年在 Talks at Google 的座談影片


If you work in IT or any job that requires a modicum of security, this is a skill book to check out. Legendary hacker Kevin Mitnick inscribes his talent for breaking into systems. He does this through stories that use practical examples to demonstrate his fascinating core ideas about personal security. This book shows how, with strategy and preparation, anyone can deflect an attack by a “social engineer”. (“Social engineer” is what Mitnick labels the type of hacker who uses the skills described herein.)

如果你在資訊科技產業打拼,或是你工作上有資訊安全的需求,可以看一下這本傳授技巧的書。本書的作者,傳奇駭客Kevin Mitnick最擅長駭入系統。關於個人安全,他有一套令人著迷的核心思想,書中他透過了許多實例向讀者解釋。本書也提到,在充分的策略和預備下,人人都可以反制「社交工程師」的攻擊。


Kevin Mitnick was more commonly known in the 90s when his exploits as a hacker were front page news. In its day, the FBI’s search for the elusive Mitnick was the most exhaustive FBI manhunt to date. When he was finally caught, it was with a box in his refrigerator labeled “FBI DONUTS” ready to serve. Sadly, his fun and games mightily annoyed them, and he was cast into solitary confinement. There he immediately hacked the prison’s phone system during his periodic “one phone call” so he could make personal phone calls to whoever he wanted.

作者Kevin Mitnick在90年代時較廣為人知,他以網站的首頁新聞為主要攻擊目標,神出鬼沒的Mitnick是當時最令美國聯邦調查局頭痛的人物。在他落網前,他預知自己住處即將被搜索,故將物證清空,只在冰箱裡放了一盒甜甜圈,寫著「FBI DONUTS」對警方開了個玩笑。很不幸地,這舉動招惹了FBI,使他服刑時被關了禁閉。但身為駭客的他,他在獄中仍藉著久久一次的電話時間,駭入電話系統改變設定,讓自己能愛打給誰就打給誰。


Mitnick explains that the most common security hole in any organization is the human element. Each story in the book describes an attack and then goes over it procedurally to explicitly lay out the dirtiest secrets of network insecurity. The book includes the exact processes that thieves use to gain vital information, and provides an excellent and engaging overview of fundamental corporate security. You can preview some of his ideas for yourself by looking up Kevin Mitnick’s Google Talk, which is free to watch online. This text’s clever ideas show how it takes a thief to catch a thief, and grants an eye into a sneak’s perspective.

Mitnick解釋,任何組織中,最容易出現安全漏洞的幾乎都是「人」的因素。書中的每一個故事,都有條理地詳述了駭客攻擊的手法,並赤裸地揭露網路安全中,那些骯髒的秘密。本書詳細記載了駭客盜取重要資訊的手段,並且提供對於企業基本安全,卓越有效的綜覽。你可以先藉由作者Kevin Mitnick的Google座談影片來初步了解他的想法。本書分享了駭客們諜對諜的秘訣,並讓我們一窺駭客眼中的世界。



文/ Max Power

收錄於英語島 2018年10月號
