Customer Rating:  
Summary: Very good with some shortfalls
Comment: Excellent content on what should be obvious security measures. It's a pretty quick read relying heavily on photographs. The two shortfalls were the price and the proofing. I would say $35-40 would have been a more appropriate price range. I was very suprised to see a large number of significant typos, to include misspelling of section and paragraph titles. Still a worthwhile purchase.
Customer Rating:
Summary: Almost as good as the live No Tech Hacking talk
Comment: No Tech Hacking (NTH) again demonstrates that the fewer the number of authors a Syngress book advertises, the better the book. With security star Johnny Long as the main author, the book adds a section in Ch 5 (Social Engineering) by Techno Security organizer Jack Wiles. The "special contributors" no doubt worked with Johnny to answer his questions, but it's clear that relying on a primary author resulted in a better-than-average Syngress title. (Harlan Carvey's Windows Forensic Analysis is another example of this phenomenon.)
I liked NTH. The book makes a good companion to titles like The Art of Deception and The Art of Intrusion by Kevin Mitnick, and The Art of the Steal by Frank Abagnale. (Mitnick wrote the foreword for NTH.) Johnny Long is a great author who knows how to tell a story in a captivating way. I agree with some of the criticism levied by previous reviewer Chris Gates about the badge story on p 24. If you aren't supposed to display a badge outdoors (true), and you aren't supposed to display it indoors (false), where do you display it? Maybe Johnny meant a badge-wearing employee should have noticed someone photographing her badge?
I dropped one star for two reasons, and could have dropped two stars if I didn't think Johnny Long is a great author otherwise. First, I was very disappointed to see 75 pages of Google Hacking reprinted as Ch 6 of NTH. The 285 page NTH would have been 210 without Ch 6, and definitely would not have merited the price on the back cover. This reprinting tendency is another Syngress problem.
Second, this book should have been published in color. A great deal of the book shows photographs or screen captures taken by the author while conducting penetration tests. The impact would have been much greater in color. Consider keeping the same price but removing Ch 6 and publishing in color next time. If Syngress has anything like a star author, it's Johnny Long. People attending his No Tech Hacking talks would snatch a color edition up without thinking twice. If you need a good example of a modern color security book, check out Security Data Visualization by Greg Conti, published by No Starch.
Overall, anyone who has some military experience in OPSEC (operational security) will recognize most of the vulnerabilities and exposures identified in NTH. If you need a way to teach your employees how to resist No Tech Hacking, this book is a great teaching tool.
Customer Rating:
Summary: An essential read for any Ethical Hacker/Red Team
Comment: It has been proven over the past few decades that physical security is one of the most over sighted areas in Information Security. It a system can be physically accessed, all the firewalls and other network devices mean nothing.
This book and its authors are all experts in their prospective areas of security. I can state that I have had the pleasure of interacting in one form or other with most of the authors over the last few years and I can attest that knowledge that is shared within the cover are only a glimpse of their individual knowledge set.
This book capitalized on the mind set of a hacker by thinking "outside of the box".
Customer Rating:
Summary: Simple Threats Can Cause Serious Problems
Comment: Johnny Long's book, "No Tech Hacking," brings new attention to overlooked aspects of information security. In his book, Long reveals how simple threats can cause serious problems, even in organizations prepared for a Mission Impossible-style attack scenario.
Long recounts how he and his team of ethical hackers consistently access sensitive information with no special equipment or technical skills. In fact, Long reveals how the ordinary (coat hangers, hand towels, drinking straws, baby powder, and aluminum cans) can result in extraordinary breaches of organizational security.
Long shares real world stories and cell-phone photographs from his adventures in people watching, shoulder surfing, dumpster diving, and vehicle observation.
Long and his colleagues go to great, conspicuous lengths to collect non-public information. While their targets should notice almost all of their activities, most do not. The closest thing to a consequence or confrontation they encounter is a glare from an airline passenger.
Why isn't Long confronted when others observe him surreptitiously taking pictures? Some people don't like to confront an unfamiliar person or don't know whom to report their concerns to. Others are complacent and don't expect negative events to occur. Action invites risk: risk of an awkward or unwarranted accusation, that one won't be taken seriously, and possible personal embarrassment. Sometimes, people feel that the safest action is no action at all. Unfortunately, that feeling of security is deceptive.
Thankfully, Long offers useful advice. He recommends that companies should:
1. Provide incentives for reporting suspicious activities, and
2. Make the desired response well-known and easy-to-do.
To follow these recommendations, organizations need to ensure that everyone knows what information to disclose and what information requires protection. Foremost, all organizations should create policies for verifying the identity of anyone who requests non-public information and adequately train all employees to recognize these situations and take appropriate actions.
In the next edition, it would be great to see more of the practical tips (perhaps even a detailed checklist for each chapter) about what do to protect against these simple, but damaging, threats.
Summary: This is a useful book for creating and spreading awareness of important and often overlooked aspects of information security.
Customer Rating:
Summary: Inacurate Page Count
Comment: I ordered this book after reading the description which said that it was a 480 page book, I recieved the book and it was 285 pages which ticked me. Although its a good book with a lot of useful information, I was hopeing to get more out of it. I Give it a 2 star rateing
|
|
