No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing

Very useful book, teaches a lot about being aware of your environment at all times and paying attention to details as Johny Long takes you on an exciting adventure of different methods that can seem trivial at first glance, but will result in a lot of information gathering for the pen-tester, highly recommended.

This is a great book for any security related field. It introduces you to the simple techniques of getting information in easy to accomplish ways with little complex technical skills. The original purpose written by the author of the book is to explain defensive techniques and methodology to the simple techniques that can be used to circumvent technology and people security to gain information from targets.

Johnny Long's book, "No Tech Hacking," brings new attention to overlooked aspects of information security. In his book, Long reveals how simple threats can cause serious problems, even in organizations prepared for a Mission Impossible-style attack scenario. Long recounts how he and his team of ethical hackers consistently access sensitive information with no special equipment or technical skills. In fact, Long reveals how the ordinary (coat hangers, hand towels, drinking straws, baby powder, and aluminum cans) can result in extraordinary breaches of organizational security. Long shares real world stories and cell-phone photographs from his adventures in people watching, shoulder surfing, dumpster diving, and vehicle observation. Long and his colleagues go to great, conspicuous lengths to collect non-public information. While their targets should notice almost all of their activities, most do not. The closest thing to a consequence or confrontation they encounter is a glare from an airline passenger. Why isn't Long confronted when others observe him surreptitiously taking pictures? Some people don't like to confront an unfamiliar person or don't know whom to report their concerns to. Others are complacent and don't expect negative events to occur. Action invites risk: risk of an awkward or unwarranted accusation, that one won't be taken seriously, and possible personal embarrassment. Sometimes, people feel that the safest action is no action at all. Unfortunately, that feeling of security is deceptive. Thankfully, Long offers useful advice. He recommends that companies should: 1. Provide incentives for reporting suspicious activities, and 2. Make the desired response well-known and easy-to-do. To follow these recommendations, organizations need to ensure that everyone knows what information to disclose and what information requires protection. Foremost, all organizations should create policies for verifying the identity of anyone who requests non-public information and adequately train all employees to recognize these situations and take appropriate actions. In the next edition, it would be great to see more of the practical tips (perhaps even a detailed checklist for each chapter) about what do to protect against these simple, but damaging, threats. Summary: This is a useful book for creating and spreading awareness of important and often overlooked aspects of information security.

Johnny Long does it again! This book is a scary read into the world of underground penetration testing. The different ideas he and his henchmen use to gain physical access into very secure buildings is scary and ingenious, especially the cloth on the hanger trick! This book is a very easy read! I sat down initially and read the first 40 pages before lunch! Go out and get this book, if it doesn't scare the hell outta you, then you either don't work in computer security, or you are a moron!

Johnny Long is keeping up with his reputation, I have read many of his articles and his book "Google Hacking" and must say I will add this to the list of great books for corporate higher-ups, system administrators and people whom are curious about things of this nature. I have read the first 1/4 and will say that very little of this requires any tech knowledge to understand (unless you decide to do research on the Van Eck phreaking, which is well worth its time). Requires little tech knowledge, easy to read, and suited for anyone who likes their data to remain their own, or would like to make someone else's data their own. would recommend it to anyone interested in security from a business perspective, not relating to computers.