".authoritative." ( Retail Systems , December 2005) Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie WarGames . Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. Its not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, its a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone.

As entertainment, its like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, its a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnicks description of how he actually hacked into systems. As a manual for a would-be hacker, its dated and nonspecific -- better stuff is available on the Internet-but it teaches the timeless spirit of th e hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxication sense of power that comes from stalking and spying. (Oct.) Forecast: Mitnicks notoriety and his well written, entertaining stories should generate positive word-of-mouth. With the double appeal of a true-crime memoir and a manual for computer security, this book will enjoy good sales. ( Publishers Weekly , June 24, 2002) ".

an interesting read." (www.infosecnews.com, 17 July 2002) ".highly entertaining.will appeal to a broad audience." ( Publishing News , 26 July 2002) The worlds most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22-month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software.

He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state-of-the-art security software cant protect businesses from the dangers of human error. With Mitnicks recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. [This should not be confused with Ridley Pearsons new thriller, The Art of Deception . -Ed]-Joe Accardi, William Rainey Harper Coll. Lib., Palatine, IL ( Library Journal , August 2002) He was the FBIs most-wanted hacker.

But in his own eyes, Mitnick was simply a small-time con artist with an incredible memory, a knack for social engineering, and an enemy at The New York Times . That foe, John Markoff, made big bucks selling two books about Mitnick - without ever interviewing him. This is Mitnicks account, complete with advice for how to protect yourself from similar attacks. I believe his story. ( WIRED Magazine, October 2002) Kevin Mitnick spent five years in jail at the federal authorities behest, but The Art of Deception: Controlling the Human Element of Security (Kevin Mitnick and William Simon), reveals that he was no lowly grifter. Rather, by impersonating others in order to talk guileless employees out of access protocols, Mr. Mitnick was practicing "the performance art called social engineering." While every society has had its demimonde-like the Elizabethan coney catchers who duped visitors to 16th-century London--its in the United States that con artists assumedlegendary status.

The definitive book is still The Big Con from 1940 (Anchor Books), which commemorates a golden age already receding when it was published: the grifters it describes--like the High Ass Kid and Slobbering Bob--thrived between 1914 and 1929, when technological advances and unparalleled prosperity generated a roller-coaster stock market. That sounds a lot like the past decade. So how did the culture of the con do during the Internet era? On Mr. Mitnicks evidence, it flourished and evolved. The Art of Deception is itself a bit of a fraud as far as advice on upgrading security. But the book does deliver on "social engineering" exercises. Some arent even illegal and Mr. Mitnick -- weasel that he is -- lovingly records their most elaborate convolutions.

One way or another, youll find the information useful. ( Red Herring , October 2002) "Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as that natural human desire to help others and be a good team player." ( Wired.com , October 3, 2002) Finally someone is on to the real cause of data security breaches--stupid humans. Notorious hacker Kevin Mitnick--released from federal prison in January 2000 and still on probation--reveals clever tricks of the "social engineering" trade and shows how to fend them off in The Art of Deception: Controlling the Human Element of Security (Wiley, $27.50). Most of the book, coauthored by William Simon (not the one running for governor of California), is a series of fictional episodes depicting the many breathtakingly clever ways that hackers can dupe trusting souls into breaching corporate and personal security--information as simple as an unlisted phone number or as complicated as plans for a top-secret product under development. The rest lays out a fairly draconian plan of action for companies that want to strengthen their defenses.

Takeaway: You can put all the technology you want around critical information, but all it takes to break through is one dolt who gives up his password to a "colleague" who claims to be working from the Peoria office. Whats useful about this book is its explanation of risks in seemingly innocuous systems few people think about. The caller ID notification that proves youre talking to a top executive of your firm? Easily forged. The password your assistant logs in with? Easily guessed. The memos you toss into the cheap office shredder? Easily reconstructed. The extension that you call in the IT department? Easily forwarded. Physical security can be compromised, too. Its not hard to gain access to a building by "piggybacking" your way in the door amid the happy throng returning from lunch.

Youd better have confidence in your IT professionals, because theyre likely to have access to everything on the corporate system, including your salary and personal information. Mitnick offers some ideas for plugging these holes, like color-coded ID cards with really big photos. Implementing the books security action plan in full seems impossible, but its a good idea to warn employees from the boss down to the receptionist and janitors not to give out even innocuous information to people claiming to be helpful IT folks without confirming their identity--and to use things like encryption technology as fallbacks. Plenty of would-be Mitnicks--and worse--still ply their trade in spaces cyber and psychological. --S.M. ( Forbes Magazine - October 14, 2002) ".the book describes how people can get sensitive information without even stepping near a computer through social engineering -- the use of manipulation or persuasion to deceive people by convincing them that you are someone else.

" ( CNN.com s Technology section, October 9, 2002) ".engaging style.fascinating true stories." (The CBL Source, October/December 2002) ".the book describes how people can get information without even stepping near a computer." (CNN, 16 October 2002) ".each vignette reads like a mini-cybermystery thriller.

I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate." (zdnet.co.uk, 15 October 2002) ".details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems.the book is scary in ways that computer security texts usually do not manage to be." (BBC online, 14 October 2002) ".

more educational than tell-all." (Forbes, 2 October 2002) ".would put a shiver into anyone responsible for looking after valuable computer data.the exploits are fictional but realistic.the book is about hacking peoples heads." (The Independent, 21 October 2002) ".the key strength of The Art of Deception is the stream of anecdotes - with explanations about how and why hacks succeed.provides a solid basis for staff training on security.

" (Information Age, October 2002) ".should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature." (Unix Review, 18 October 2002 ".disturbingly convincing." (Fraud Watch, Vol.10, No.5, 2002 ".

the worlds most authoritative handbook.an unputdownable succession of case studies.chilling.trust me, Kevin Mitnick is right." (Business a.m, 29 October 2002) ".a damn good read.I would expect to see it as required reading on courses that cover business security.

Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a.