Computer Book Review: No Tech Hacking

One of the largest and most overlooked security vulnerability that exists in every company is… people. Many times, complex security can be bypassed by using low tech attacks or simple techniques. In “No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing” author Johnny Long along with Kevin Mitnick take a look at some commonly used social engineering techniques.

People will always be the weakest link in security. In 15 years of providing onsite computer support to manufacturing companies, hospitals, banks, military, correctional facilities and government offices,   I have only been challenged for credentials four times.  People tend to be trusting and if you are already inside a building, they usually assume that you belong there.

Sad, but true, you are judged by the way you look. For instance, a person in a shirt and tie will be ignored by most shop floor employees; someone in jeans will be invisible to executives. Also, if you look a certain way, people will assume what your occupation is. For example, If you show up to a company carrying technical gear, they will assume that you are a repairman.

Johnny  Long’s book takes a very good look at this ignored side of computer security. Many times information can be gleaned just with the power of observation. Johnny talks about everything including finding administrator passwords in a dumpster to defeating a very expensive state of the art security system with a coat hanger and a wet wash cloth.

Sections on physical security like motion and infra red sensors are present. There is even a section on how insecure locks really are. Some of it is downright scary. For example, why use the key when you can open locks with a McDonald’s straw? Or open a laptop lock by using a beer can.

If you have seen Johnny in person or in a webcast, rest assured, his humor and wit are present in spades. The reading is light, informative and downright whimsical at times. It is a great book to read when you just want to kick back, relax and read something enjoyable. And being Johnny Long, rest assured, there is a section on Google Hacking.

Network security is an ongoing war, and as Sun Tzu said, ‘Know thy Enemy’. Learning about the techniques that social engineers use will allow you to look at your corporate security in a whole new light.

Advertisements

British Defense unveils Liquid Armor for Soldiers

The following post was originally on our sister site, steelarms.com. It is not computer related, but it is very cool and I thought you might like it:

While companies are still trying to make nano-armor, a British firm has come up with their own design. The armor was showcased at a recent expo in Oxford. D3O has created a pliable, almost rubber like material that can be rolled and formed into any shape, but when the material is struck, the molecules lock together and protect the wearer from injury. The video above demonstrates a person being whacked in the head while protected by D30.  For more information see the D30 website.