Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new free Java based Oracle password management tool"] [Next entry: "Amis blog talks about logging data in the same table"]

Kevin Mitnik: New book The art of intrusion

I was in the town center (York) on Thursday and had a chance to see if the new Kevin Mitnik book was out. His new book "Art of Intrusion: True Stories of Corporate Break-Ins Straight from the Criminals" written with William Simon was due for publication 14 March 2005 so I wasn't sure I would find it yet. I read Kevin's first book "The Art of Deception: Controlling the Human Element of Security" also written with William Simon was an excellent read. It concentrated on the art of social engineering. This is the methods that hackers use to trick an unsuspecting person to divulge information they might otherwise not do. A good example is a hacker ringing up and pretending to be writing a critical report for a senior manager but his password need to be reset or he needs the number of the modem, you know the score!! This is a very well written book that thoroughly covers the subject.

I have looked forwards to this new book for some time. I heard about it from kevin_story mailing list that I sometimes follow. I heard about Kevin�s call to hackers to supply the best and most successful real world hacks. Kevin and William have interviewed a lot of potentials and selected 10 of the best for publication. This is an excellent book. The stories are good from many angles, for the security professions, the hacker, the security manager, the company who might think their software is secure and for the person who likes a good caper story.

I have only read the first chapter so far that talks about three guys who reverse engineered video poker machines to beat the casinos in Vegas and elsewhere. This in some places sounds a little far fetched and also is similar in goal to the book "The Eudaemonic Pie" written by Thomas Bass about a group of people who use relativity and computer built into shoes to defeat the roulette wheels. This is the story of Doyne Farmer (who is famous now for chaos theory) and his friends. I didn't read The Eudaemonic Pie published in 2000 but I did read the first version of this book called "The Newtonian Casino" also by Bass published in 1990. The Eudaemonic Pie is mentioned in Mitniks book in the first chapter.

In the introduction Kevin talks about the problems of hackers trying to get one over on his by supplying a false story about a hack for inclusion in this book. This would be a good social engineering hack he says. He and William Simon are confident that the stories are true.

I think this is a great book and anyone who is responsible for the security of Oracle databases and computer systems in general should read it. This should be where it is at in terms of real cutting edge hacking.