No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing

Johnny Long, Jack Wiles

  • 出版商: Syngress Media
  • 出版日期: 2008-02-01
  • 定價: $1,650
  • 售價: 6.0$990
  • 語言: 英文
  • 頁數: 384
  • 裝訂: Paperback
  • ISBN: 1597492159
  • ISBN-13: 9781597492157
  • 相關分類: 駭客 Hack
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

商品描述

As the cliché reminds us, information is power. In this age of computer systems and technology, an increasing majority of the world's information is stored electronically. It makes sense then that as an industry we rely on high-tech electronic protection systems to guard that information. As a professional hacker, I get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary. After hundreds of jobs, I discovered the secret to bypassing every conceivable high-tech security system. This book reveals those secrets, and as the title suggests, it has nothing to do with high technology. As it turns out, the secret isn't much of a secret at all. Hackers have known about these techniques for years. Presented in a light, accessible style, you'll get to ride shotgun with the authors on successful real-world break-ins as they share photos, videos and stories that prove how vulnerable the high-tech world is to no-tech attacks.

As you browse this book, you'll hear old familiar terms like "dumpster diving", "social engineering", and "shoulder surfing". Some of these terms have drifted into obscurity to the point of becoming industry folklore; the tactics of the pre-dawn information age. But make no mistake; these and other old-school tactics work with amazing effectiveness today. In fact, there's a very good chance that someone in your organization will fall victim to one or more of these attacks this year. Will they be ready?

. Dumpster Diving
Be a good sport and don't read the two "D" words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny).
. Tailgating
Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows.
. Shoulder Surfing
If you like having a screen on your laptop so you can see what you're working on, don't read this chapter.
. Physical Security
Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity?
. Social Engineering with Jack Wiles
Jack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal "war stories" from the trenches of Information Security and Physical Security.
. Google Hacking
A hacker doesn't even need his own computer to do the necessary research. If he can make it to a public library, Kinko's or Internet cafe, he can use Google to process all that data into something useful.
. P2P Hacking
Let's assume a guy has no budget, no commercial hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself.
. People Watching
Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter we'll take a look at a few examples of the types of things that draws a no-tech hacker's eye.
. Kiosks
What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash?
. Vehicle Surveillance
Most people don't realize that some of the most thrilling vehicular espionage happens when the cars aren't moving at all!

商品描述(中文翻譯)

正如老生常談所提醒我們的,資訊就是力量。在這個電腦系統和科技的時代,世界上越來越多的資訊以電子方式儲存。因此,作為一個行業,我們依賴高科技的電子保護系統來保護這些資訊是合理的。作為一名專業的駭客,我得到報酬來揭示這些系統的弱點並利用它們。無論是闖入建築物還是穿越工業級防火牆,我的目標始終是相同的:以任何必要的手段提取信息秘密。在完成了數百個工作之後,我發現了繞過每一種可能的高科技安全系統的秘密。這本書揭示了這些秘密,正如標題所暗示的,與高科技無關。事實證明,這個秘密根本不是什麼秘密。駭客們多年來一直知道這些技巧。以輕鬆易懂的風格呈現,你將有機會與作者一起參與成功的現實世界入侵,他們將分享照片、視頻和故事,證明高科技世界對非科技攻擊是多麼脆弱。

在閱讀本書時,你會聽到一些熟悉的術語,如「垃圾桶潛水」、「社交工程」和「肩部偷窺」。其中一些術語已經漸漸被遺忘,成為行業傳說;這些都是信息時代黎明時期的戰術。但別搞錯了,這些和其他老派的戰術在今天仍然極其有效。事實上,你的組織中有很大的機會在今年成為這些攻擊的受害者之一。他們準備好了嗎?

垃圾桶潛水
做個好人,不要讀上面用大字寫的兩個「D」字,當我告訴你駭客可以在不依賴任何科技的情況下完成這個任務時,你要表現得驚訝(雙關語)。

尾隨
駭客和忍者都喜歡穿黑衣服,他們都有能力悄悄進入建築物並與陰影融為一體。

肩部偷窺
如果你喜歡在筆記本電腦上有一個屏幕,這樣你就可以看到自己在做什麼,那麼不要讀這一章。

實體安全
鎖是一個嚴肅的事務,鎖技師是真正的工程師,大多數都有多年的實踐經驗。但是,當你將這個古老受人尊敬的職業與駭客的聰明才智結合在一起時,會發生什麼?

與傑克·威爾斯一起進行社交工程
傑克曾經培訓過數百名聯邦特工、公司律師、首席執行官和內部審計師,教授他們有關計算機犯罪和安全相關主題的知識。他難以忘懷的演講充滿了他在信息安全和實體安全戰場上三十年的個人「戰爭故事」。

Google 駭客
駭客甚至不需要自己的電腦來進行必要的研究。如果他能到公共圖書館、Kinko's 或網吧,他就可以使用 Google 將所有數據處理成有用的東西。

P2P 駭客
假設一個人沒有預算,沒有商業駭客軟體,沒有犯罪組織的支持,也沒有高級裝備。在所有這些限制下,這個人對你來說還是一個威脅嗎?看看這一章,自己判斷吧。

人群觀察
熟練的人群觀察者可以在短短幾個快速的眼神交流中學到很多東西。在這一章中,我們將看一些吸引非科技駭客注意的事物的例子。

資訊亭
當一個資訊亭不僅僅是一個資訊亭時,會發生什麼?當資訊亭保存著航空旅客信息時會發生什麼?當資訊亭保存著機密病人信息時會發生什麼?當資訊亭保存著現金時會發生什麼?

車輛監視
大多數人都沒有意識到,一些最令人興奮的車輛間諜活動發生在車輛完全停止的時候!