2008-07-28

HiR Reading Room: No Tech Hacking

Johnny Long has been around as an info-sec writer and presenter for a while. In No Tech Hacking, he takes the reader through some of his twisted adventures, flippantly poking fun at some of the "security" he's encountered along the way.

When it comes to penetration testing and security awareness in general, there's a pretty massive human element that's simply ripe for the picking. There's also a lot of low-tech stuff that can be leveraged to your advantage. For many, the obvious first move on taking over a network is enumerating your target with ping sweeps and port scanners. If you want to get into a building, you might brush up on your lock-picking skills or reach for a brick to throw into a window. While these techniques have some kind of merit (not always good), it's often more effective to go low-tech (or No Tech!) as much as you can.

Johnny covers his low-tech tricks in detail and often with photos and screen shots. It's more than just social engineering and tailgating to get your mark. It's about thinking through info-sec problems with a different mindset than you're probably used to. Profile your targets and pay attention to seemingly useless details.

From bypassing locks to using exposed information via the Internet, people watching to vehicle profiling: there's a lot of low-tech information contained in this book, and you're almost guaranteed to learn something you hadn't thought of before.

No Tech Hacking closes with some sage advice to would-be no-tech victims. It was an entertaining and informative read. I hope I can see Johnny speak one of these days. He won't be talking at DefCon this year, but maybe he'll be there.

blog comments powered by Disqus