I've already posted a bit about fiction books that I'm reading, but this time I want to share the book on an everyday matter, a seemingly non-important one compared to survival itself, though of a growing concern in a modern age of data and information:
The Art of Deception by Kevin Mitnick
The author is probably the world's most famous hacker. Well, maybe, after Steve Wozniak, Apple co-founder.
What is absolutely amazing about him is that social-engineering is his sharpest tool in the shed.
In this book he "delivers the lowdown on today's most serious security weaknesses -- HUMAN NATURE". Yeah, stupid humans, trying-to-be-nice humans, helpful humans, not-distrustful-enough humans, finally, not well-trained. Yes, he was breaking through systems and obtaining sensitive information often by talking to people and just simply asking for what he needed.
Even in my all-time favorite handy book Applied Cryptology by Bruce Schneider attacks on the human factor are classified as highly effective ones and people as a weakest spot in a security system.
You might be thinking now "Who would disclose the company's/state's super-secret plans to a fraud?". Yet aforementioned doesn't imply that everyone is a complete idiot and lacks common sense, but that our natural willing to trust and help is extremely vulnerable. Also, by having few different people share some seemingly innocuous info, an attacker can gain access to hidden internal and/or personal information.
One more great thing about it that it's not a security class textbook, but is perceived almost like an adventure story tale. In this easy to read manner the schemes and principles of the art of the intruder are described, as well as recommendations for training and raising awareness are given.
I wanted to read it for a couple of years at least, and I'm glad I finally did.
Haha, this now seems to me like a second "stay safe" post. Be attentive folks, and disclose your private/business info (btw, "personality tests" from third parties on facebook actually steal a lot of your data, and you personally give them that permission).
