| Title | : | Social Engineering: The Art of Human Hacking |
| Author | : | |
| Rating | : | |
| ISBN | : | 0470639539 |
| ISBN-10 | : | 9780470639535 |
| Language | : | English |
| Format Type | : | Paperback |
| Number of Pages | : | 382 |
| Publication | : | First published November 29, 2010 |
Kevin Mitnick--one of the most famous social engineers inthe world--popularized the term "socialengineering." He explained that it is much easier to tricksomeone into revealing a password for a system than to exert theeffort of hacking into the system. Mitnick claims that this socialengineering tactic was the single-most effective method in hisarsenal. This indispensable book examines a variety of maneuversthat are aimed at deceiving unsuspecting victims, while it alsoaddresses ways to prevent social engineering threats.
Examines social engineering, the science of influencing atarget to perform a desired task or divulge information
Arms you with invaluable information about the many methods oftrickery that hackers use in order to gather information with theintent of executing identity theft, fraud, or gaining computersystem access
Reveals vital steps for preventing social engineeringthreats
Social Engineering: The Art of Human Hacking does itspart to prepare you against nefarious hackers--now you can doyour part by putting to good use the critical information withinits pages.
Social Engineering: The Art of Human Hacking Reviews
-
Let me start by saying that Social Engineering is one of the two areas of information security where I have specialized (in addition to application security), so I was looking forward to this book, and, undoubtedly, I set my expectations too highly.
Here is a big part of where my excitement originated: this book is one of the first books to pull together commentary on the types of things social engineers have known and been doing. This book, as well as social-engineer.org and _No Tech Hacking_ are essentially pioneers at getting these techniques, tips, and tactics collected beyond an anecdotal way.
That said, it was badly put together:
* Numerous assertions were not fact-checked (some having been repeatedly debunked)
* The audience wasn't clear, and seemed to mutate
* Commentary meandered, went off-topic, and even repeated itself in unhelpful ways
* The use of quotes, anecdotes, and studies seemed haphazard
* Long web links were written out in the books, instead of shortened ones
* etc.
For most of the above, I can't totally blame the author, who was coming to this as a Social Engineering subject matter expert, not a writer, but the publisher or editor should have been on top of those things.
What was probably most frustrating about the aforementioned items, however, is that the book could spend so much time on the arts of persuasion, and fully fail to execute them in text.
As far as the content (assuming an editor or ghost-writer could have given it flow and cohesion), most of the information was 5-15+ years old. To be fair, however, this is not totally an indictment of the book, but also the security industry as a whole, which is primarily an artifact of our collective tendency to revel in our exploits rather than put effort and attention into addressing the problems that lead to easy social engineering (or other security) exploits. (Note: this trend is repeated in this book, too, with 24 of 382 pages being about "Prevention and Mitigation").
In the end, this book was due back at the library, so, while I read over half of it, I ended up skimming the rest. It wasn't worth checking out, again. -
This is a pretty good white-hat breakdown of techniques that exploit the more psychological aspects of hacking.
Indeed, while it does go into some really decent detail focusing on awareness of methods, it really shines in highlighting how one might go into business as an Auditor, themselves.
All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out there that simply don't take enough precautions and then you've got others that aren't paying close enough attention to the RIGHT kind of precautions.
Can you imagine having a multi-million dollar security system, teams of devoted security analysts, a fort-knox door, good key cards, and an excellent magnetic lock... all foiled by waving a t-shirt? Or because you helped a secretary out by warning her of her bad-mood boss... or by being an all-right guy helping you out of a jam?
But these kinds of things happen all the time. We've all heard of fishing. We know not to open untrusted pdf files. We know that we need to keep our software updated and relatively better protected from old exploits. RIGHT? Well, apparently not. Social creatures do as social creatures do. People who help you out of jams or mirror your expressions or appear out of nowhere with official-sounding titles and excellent business cards are always... TRUSTED. Someone with a CFO title demands that you do something or lose your job. What do you do?
The thing is, most businesses set themselves up for this kind of chicanery. If you instill respect and/or fear in your employees, don't be surprised when someone from the outside exploits the natural human reactions that come with being mistreated and/or indoctrinated. Being free to ask questions and verify credentials should be encouraged... even when an angry CFO keeps threatening an employee. (Real or not real, the terms of engagement ought to be the same.)
Alas. There's a lot more like this in the book and it's all pretty fascinating. It helps to be a genuine people person if you get into this line of work, but there are lots of different kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because you're a white-hat... right? -
3-3.5 stars.
Book contains plenty of useful information, but I didn't like it at all ;/
Why?
1. Narrator in Audible version was far too monotonous & made even the most interesting cases sound dull.
2. Book is too repetitive, while in the same time it lacked clear structure -> this deepens the feeling of repetition
3. Author does a lot of 'cheap' NLP on the reader -> to easy to look through & too annoying ("next, you'll read about the best & most fascinating techniques of influence and manipulation that will blow your mind!!!" - sort-of-style)
4. Author ain't just inspired by classics, he explicitly quotes techniques & even full cases (!) - e.g. from Mittnick's "Art of Deception". Well, he doesn't hide it (quite the contrary), but it also means that if you've read Cialdini, Mittnick & some NLP stuff, you won't find anything really new (or refreshing) here.
So, if you haven't read anything on SE until now, it's a good starter - easy ready, comprehensive enough, very practical. Sometimes confusing (author can't decide whether it's supposed to serve white-hack SEs or individuals who should raise their awareness), but still useful. If you've already read something OR you want to start with more comprehensive psychological approach, start with Cialdini ("Influence" should go first). -
I first became aware of the concept of Social Engineering when I read
and I was blown away! It was very exciting – that guy has GUTS!
I wanted to read more about the technique, not necessarily with the goal of learning how to social-engineer people in mind, but rather to try and recognize the signs so I can detect if ever I am being social-engineered!
This book is quite thorough and there is no denying the material is interesting, but I found it too long. There was too much “telling me about what I’m about to read” which I found completely redundant and annoying. Don’t tell me about what you are going to write, just write it and let me read it!!
Aside from that complaint, the book had me hooked. -
This is one of the few books that deals with the human element in security (mainly IT security here), known as Social Engineering (SE, for short). It begins with a short example-driven overview of the technical aspects of hacking humans (Open Source Intelligence, OSINT), but it is clear that this is not where Hadnagy's heart lies. Rather, he likes to talk/write about the aspects of SE that involve a direct interaction with humans, and about 3/4 of the book are devoted to these.
One should note that the subtitle "Science of Human Hacking" is not really appropriate, as the practice of human hacking is not science. Some scientific results are quoted in this book, mainly from psychology, but they serve to give names, categories and structure to the techniques and concepts that social engineers have been using before anyway. None of the social engineering techniques is actually developed through the application of science or by a scientific process (it would be perfectly fine to call SE an art, as in the first edition of this book).
Also, you will not learn how to be a social engineer from this book. Pulling off the kind of deceptions and manipulations necessary for this work requires some very particular personality traits, brazenness or chutzpa if you like, and very strong nerves. Maybe some of this could be learned, but not from reading a book. Nevertheless, the information in this book is valuable for anyone wishing to understand SE better, and can be useful, say, for integrating SE into a Red Team exercise or to increase security awareness in the employees of a potential target.
The text proceeds by chapter-wise addressing certain manipulation techniques and exploitations of human behaviours and feelings. It is heavily based on anecdotes to illustrate its points. Not all of these examples fit the point they are supposed to make very well, though. In some places it feels like the Hadnagy simply wants to tell that particular story and then comes up with a forced reason why it should illustrate a certain point. Anyway, these anecdotes are entertaining and at least teach you something, even if it is not always what they are meant to teach. Some reviewers wrote that this is an "American-style book", meaning it is verbose, meandering and boastful. That is true. The book is clearly aimed at an American audience, and I would really like to see some of Hadnagy's more charm-driven hacking approaches tried against people from a different culture, say Germans or Russians. As an aside, there is actually an interesting aspect to this, which is not addressed in this book but in an episode of Hadnagy's podcast (the one on "baking a human cake"). A guest on this episode explains that human hacking essentially works by manipulating some basic feelings, which is independent of one's culture, but the way to go about it can depend strongly on the cultural background of your target. This might have been a good addition to the book.
Another thing I found bothersome was that throughout the book, Hadnagy tries to frame SE as if the social engineer was doing something for the benefit of the target person ("make them feel better for having met you"). The idea is that you employ manipulation techniques that play on the positive feelings of your target person rather than their negative ones. Make no mistake! A social engineer is essentially a con-artist, even if he/she gets hired to do a penetration test that is ultimately for the benefit of the customer. But regardless of how you frame it, what you do is lying and manipulating people. Making a person feel better for having met you is not the same as actually making the person better. SE gets you what you want, not what your target person wants. And even if it happens in the bounds of a penetration test that helps a company improve security, the person who ultimately fell victim to the social engineer will not feel better about having been tricked, and will possibly suffer other consequences as well. The idea behind this mantra of doing good by SE is simply for social engineers to be more at peace with their work.
For a 3rd edition of this book, I would wish for the text to be more streamlined, less boastful and better structured, SE to be called an art and not a science, a take on cultural aspects of SE, and a bibliography with references for the quoted scientific works and for more in-depth exploration of some topics. -
An easy read.
The audience is not clear, but I do not believe it needs to be. The fact that the author repeatedly talks throughout about techniques you can use to social engineer, but then closes the book out with a chapter on "Prevention and Mitigation" highlighted, to me, that the book was designed more as a wake-up call to those, like the CEO he mentions in one of his case study, that believe themselves immune from the potentially negative effects of social engineering.
I find it interesting that the author talks at length about the use of cloned sites and the use of malicious code on websites as a tool for the social engineer, and then directs the reader to specific sites, and .pdf files throughout the book. I am not sure if I am imputing too much to the author's strategy in writing the book, but the willingness to look at those websites and find those .pdfs to be an interesting example of social engineering in and of itself.
In summ: the book was depressingly informative and thought provoking. I think that it does offer an effective wake-up call, but can also have the effect of making those prone to paranoia flip-out.
I also note the irony of writing a review of a social engineering book on a website which in turn is an avenue for social engineering. -
Começa bem legal, com um monte de relatos sobre hacking social e como pessoas são manipuladas dessa forma. Com uma série de outras dicas. Mas o livro fica muito repetitivo, mais longo do que o necessário e investe muito em explicações de como a mente funciona e Programação Neurolinguística (PNL). Você vai estar melhor com o hacking social lendo o
Kevin Mitnick, como a mente pode ser manipulada com o
Dan Ariely e o
Daniel Kahneman. Agora, sobre PNL, tenho séria descrença, mas ainda preciso ler especificamente sobre. -
This books contains the basic principles of S.E. The very downside of it though, is that the information provided in each domain is too trivial. Once you hit a new chapter and have a glance at the title you would say wow it must be very interesting but as you proceed along the content you get disappointed since many things stays opaque.
There are introduced interesting topics that can be used in an SE process like elicitation, framing, persuasion techniques, NLP etc. but you cannot grasp the whole idea by reading the corresponding topic in the book and you must refer to a more strong book in that regard.
I would recommend this book a very basic introduction and guideline to those who are interested in SE. -
A typical american-style book - too much repetition and redundancy of words.
Other than that, it is a nice systematic review of social engineering methods.
And while reading this book I realized why we shouldn't share every bit of information about ourselves in social networks (it's not like I didn't know it, but now I understand it). However, not sharing information on social networks also is information that can be used, so I conclude with same as the author: security through education. Need to be aware of this. -
I picked this up after listening to a podcast episode on social engineering. I think there are several critiques I'll have to read to understand where/how the book could have been better, but as the topic is still relatively fresh for me, the flaws flew right over my head.
What piqued my interest about this was its personal relevance: I've been scammed a couple times, and each time, I knew something was not right - but not what exactly was happening.
The downside to learning more is that you know what's happening as it's happening... which can make you feel extra foolish later. I recently had a man approach me at a dark gas station wearing a yellow vest. He walked up holding some cards in front of him and I thought he was the gas attendant and there was a problem. My gut told me the situation was off even as I rolled down my window. Even after I realized he was not a gas attendant, I still went along with what he wanted while knowing the whole situation could have turned into a nightmare that got me robbed, abducted or killed.
It is embarrassing to share that, but when reflecting on it later, I could see that he skillfully triggered my instinct to be nice to a friendly person (and buried way down deep under that, perhaps a bit of ego: "Fine, I'll help you...*sigh*" moral superiority). Lucky for me, all he wanted was some discounted gas, but the reality of the situation hit home as it was happening, as I walked away, and in the car as I drove away.... I felt stupid for going against my instincts, and mad, and thought over all the things I should have done (like...drive off without rolling down my window, for one...). My eventual conclusion was: "That was lucky...what's my takeaway?"
We all use social engineering - it's human nature. We learn from infancy how to get a response from parents and caregivers or siblings. In professional fields, we are trained to use it for particular purposes - customer service, sales, de-escalation techniques... Physicians, emergency services and police are trained in elements of social engineering (perhaps it has a different label in the training) to do their work. And scammers/con artists and criminals develop their "career" around these skills.
There are other areas we are manipulated through social engineering... marketing, the media, MLM schemes, by religious leaders, politicians, cult leaders... at the movies, through music and tv shows. All use social engineering skills that cause audiences (or targets) to respond and react without thinking. Fear, empathy, anger... conflicting warning signs that go against social conditioning (think of a nice old man with a small dog... He has a small dog...what bad guy has a small dog? He seems nice...he's "old" - he's vulnerable, not a predator...). These are all things that can be used against us.
I think it is especially relevant now, in light of the unrest that has come from conflicting and compelling messages around major issues of our current times (I don't have to list them, I'm sure... ). So it is valuable to us to be aware of how our strings are pulled. Even if we still "fall" for something, that awareness can help prevent a full-gravity-crash.
What I found I really liked about reading this particular book is that he teaches a positive use of SE skills and this ties in to excellent customer service. He has a motto to (paraphrase) leave people better for having met you. There are some great tips on communication and what not to do with your clients when teaching security awareness. I think this approach is useful to anyone in the IT field. It is not uncommon for techs to make jokes about "the user" and the stupidity of people who are not tech-savvy (
case in point). But while it's easy to become frustrated and run down and we have to manage that in any customer service arena, when we become scornful, shame people for making mistakes, or think we are above them, we also become ripe to fall from the moral high ground and show that gravity affects us all.
I probably said "relevant" way too often in this review, but that was my key takeaway: this is a relevant topic for so many reasons. An awareness of Social Engineering builds critical thinking, helps with crime prevention, builds better social skills, and gives us a better understanding of how our fellow humans work.
Because there are some critiques I have yet to read that will likely make good points on how this book could be better, I think my recommendation is the usual "self-help" book recommendation: take away key points that seem like they will work for you, discard the rest. I liked it and will look into his other books. -
This book is far from perfect, but it is the best book I’ve found on how-to social engineering as an overall field vs either a bunch of case studies or narrow guides to specific techniques. The biggest problem was using the same set of examples to illustrate multiple ostensibly distinct techniques — admittedly a lot of the distinctions were arbitrary to begin with — and the structure of the book wasn’t as clear as it could be. However, this book (and the author’s other resources on the Internet) are great resources for interested individuals, non-SE security people, or administrators.
-
Decent book if this is one's first interaction with the topic. If not, the repetitive, meandering and occasionally off-topic commentary coupled with a hefty amount of outdated information, plus the long internet links thrown in together with the text, instead of in an appendix, will make it a difficult read at times.
With these shortcomings aside, I did appreciate the topics on information gathering, microexpressions, the description of Kali Linux's (still called Backtrack when the book was written) tools that are oriented towards social engineering, and some of the case studies. -
3/4 I already knew and didn’t really enjoy it. Many of the stuff were unnecessary, like comments which were not so relevant to the point that author was making or that social engineer needs to be motivated, not afraid to fail and so on... well duh, that’s obvious and is applied to ANY REAL WORLD PROFESSION.
There were parts which were indeed useful, like trick questions and real examples how to get what you want. Also the tools that engineer can use were very helpful. However, that only covered minor part of the book.
This book is for beginners who have literally no clue about security. -
Social Engineering ist seit Jahren auf dem Vormarsch und Christopher Hadnagy einer der großen Experten auf diesem Gebiet. Dementsprechend viele spannende Geschichten aus der Praxis kann er erzählen. Das Thema betrifft die meisten Büroangestellten, dafür ist das Buch leider zu lang und fachspezifisch. Gerade der Anfang des Buchs, bei dem er sich Zugang zu einer Firma verschafft, sowie das Ende mit Empfehlungen für eine gute Umsetzung von Gegenmaßnahmen haben mir sehr gut gefallen. In der Mitte hat mich das Buch leider ein wenig verloren.
-
all reviews in one place:
night mode reading ;
skaitom nakties rezimu
About the Book: What information you have on your social media profiles? Are there pictures of your home there, your family? Is the name there – real? So if I called you to ask about your bank details, knowing your name, and your bank, how would you know I’m not in it for your life savings if I, seemingly, asked nothing of value?… When’s the last time you did one of those “tag a friend” things that ask you for five facts, your favorite color, food, drink? Do you use the password you use in that profile – somewhere else too? When’s the last time you updated it? And is your security question – the easiest one to remember?…
My Opinion: A genuinely brilliant book that is also very concerning. Us the humans are easy to manipulate. A drop of empathy here, a bit of solidarity there, an instilled respect or fear of authorities, and we don’t question things. Think you can read people, and have a great gut feeling? Read it. The only issue I had with it was the pronouns used. An example is given where the abstract situation contains a person. We are led into it to “meet” this person. and then suddenly that person obtains a gender. So now that you see this person, look her in the eyes. I was okay with them being a person, don’t make me turn the person into someone more specific mid-sentence, please. -
I agree with school of thought that states "Human is the weakest link in cyber security chain." In most cases it's much easier to just ask for password nicely and get it than to break open OS, then account, then database, then bank etc. Or why ask password, if you can just ask for money or documents themselves?
So logically defense should start with awareness and training, and not just of IT personnel, but everyone - since in 21st Century we all have digital presence.
This a good overview of methods and attack vectors - and exactly that, "overview", because to become social engineer one should add some years of practice to the book itself.
It also made me consider what I would consider social engineering, because, in a way, some of the elements are relevant to any communication - rapport, empathy, careful listening etc. -
Arm yourself with knowledge.
This book looked to me like it has broke human relations down into fine pieces and made it easy to understand. The book bases its arguments on reasearch the author's team and other psychologists have conducted as well as public experiments and events. The one thing this book was, to me, lacking was examples from history. -
People are so easily manipulated.
I believe it's good to be aware of it so it won't happen so easily to you. -
There is a story about Harry Houdini, that he once failed to escape from a jail cell, even though the door was unlocked. The reason he stayed trapped is that he only knew how to get out of locked doors. In the world of technology, there are indeed many locked doors, and social engineers know how to open them.
In the domain of social engineering, Christopher Hadnagy is one of the best. I’ve reviewed other books of his here, namely Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security, and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. In Social Engineering: The Science of Human Hacking, Hadnagy continues his exploration into the world of social engineering.
In this book as the title implies, Hadnagy move the topics from social engineering as to art, to that of a science. The goal of a social engineer is not that far from being a con man. Where con stems from the word confidence. Be it a Three-card Monte scammer at Times Square, or a social engineer dressed-up a termite inspector; their goal is the same, to win your confidence.
Hadnagy quotes extensively from Dr. Paul Ekman, an American psychologist who specializes in the study of emotions and their relation to facial and body expressions. By mastering these expressions, the social engineer can make their attacks much more successful.
Besides Ekman, the book references the work of other psychologists including Dr. Ellen Langer, professor of psychology at Harvard University whose expertise is in the illusion of control and decision-making, neuroeconomist Dr. Paui Zak, whose work in neuroeconomist, which is the study of decision making, and more. By building on these sciences, the social engineer can be devastating effective in their attacks.
As good as the science is, it is not perfect. And as good a social engineer Hadnagy is, he fails at times. What is unique about the book is that he does not shy away from sharing those mistakes with the reader. While there are plenty of success stories in the book, he also includes disaster stories where he failed miserably. In the movies the social engineer never errs. But are in that case does not imitate life.
Becoming a highly effective social engineer is something that takes time to master. For those looking to master the topic, Christopher Hadnagy is a great person to learn from and Social Engineering: The Science of Human Hacking is a great resource to take you there. -
A well done overview with added depth in key areas - overall, an excellent resource for any IT professional and will provide utility for a penetration tester looking to strengthen the person-to-person attack vector.
This book is probably best served as paper, versus audio - or at least supplemented with the actual book. This is partly due to the many lists and references and partly due to the off-putting narration. It wasn't bad, but "good" isn't quite the right word either.
This book and further study (and practice) in the areas outlined are a means to becoming a more effective Penetration tester.
To the accusers that Hadnagy is presenting tools for manipulation, and criticizing him for that... you are missing the point. Attackers will use whatever means; ethical or not, to infiltrate a company's infrastructure. NLP, framing, microexpressions - all of the tools and techniques covered in this book. And they will use others only partly acknowledged in this book, such as blackmail and other means of social leverage. Understanding that "manipulating" humans is common in this field is vital to defense against them.
It is ironic that most people are manipulated on a daily basis by advertisers and governments, yet can't come to terms with the methods in the context of information security. This isn't conspiracy theory - it is business.
Anyway - great book for understanding the challenges of IT security, particularly for the understanding of human vulnerabilities in order to deliver network infiltration devices and software. -
This is a pretty good into to SE, and some nice anecdotes are thrown in along the way. If you've already been studying the topic, a lot of it is redundant but I can see it being a nice thing to have one's employees read in order to take SE seriously as a security issue. He touches on microexpressions and Neurolinguistic Programming (NLP) in deceptive conversations, but these are very surface-level discussions. Here are a few resources I've found on various subjects that are more deep-dives:
Body Language
What Every BODY is Saying - Navarro [Good intro]
The Definitive Book of Body Language - Pease [A visual glossary]
Body Language Success [Analyzing body language and microexpressions in news and celebrity video clips]
Persuasion
Never Split the Difference - Voss [Negotiating]
Get Anyone to Do Anything - Lieberman
The Science of Influence - Hogan
How to Talk to Anyone - Lownders [Rapport, charisma]
Neuolinguistic Programming
NLP Workbook - O'Connor
Pitch Anything - Klaff
Physical Tools
How to Open Locks with Improvised Tools - Konkel
Social Engineering
The Art of Deception - Mitnick [SE scripts and anecdotes] -
Easy read, interesting topic, how to tell what people are feeling based on their body language I use in my life now.
-
My sense is that the best way to describe this book is that is covers the art of social engineering rather the the science of social engineering. If you are new to the topic I would say "Hey, might be useful as an overview", though frankly I'd recommend the "Psychology of Persuasion" by Caldini as a far more fun and approachable read. The latter is so good Charlie Munger read it, and gave Caldini class A shares in Berkshire Hathaway.
Would I read "Social Engineering" once? Yes. Twice? No. Why? The book url links are out of date, and it tends towards a personal experience style of writing and prose that leans towards a random walk through the authors personal experiences, exploits and thinking. That doesn't mean it is not useful, rather that its content is high level. As a book it fails to capture ones attention, you have to work to read it. -
While the US government is fixated with all things cyber, this book shows how physical and technical security systems can easily be bypassed. It mainly trends to following professional penetration testers, but also provided insight into improving your ability to influence others, as well as protect yourself from predatory manipulation, like hoaxes, scams, spear phishing, etc. The part about how woefully inadequate most corporate information awareness courses are made me laugh out loud since it pretty much nailed US DoD's abysmally boring and useless marathon that most people just click through. It provided very savvy advice on how to provide your organization with effective information assurance training.
-
This was an excellent book. Normally, I don't read books like this one cover to cover. I browse through them, looking at interesting parts, and then they sit on my shelf until I want to reference something in them. That almost happened with this book. I read about half way through it back in March, and then started reading some other things. About a week ago, I picked it back up and had a hard time putting it down. The explanations in the book are great, and the material is fascinating. It is scary how easily people give out information. I would definitely recommend this book to anyone interested in social engineering, or influence/manipulation.
-
Christopher Hadnagy's worldview is suspect. Under the guise of showing his readers how to prevent falling prey to shysters trying to defraud them, he is really teaching his readers how to manipulate and fool people into doing what is wanted. Again and again he exhorts his readers to not break the law, yet much of what he recommends would be considered unethical and immoral by anyone who believes in respect for others. Bad stuff.
-
This book just amazing!!!
So much valuable information, very fun and easy to read! Priceless!
Must read if you do security audit or just interested in social engineering!
This is also one of the best psychological book so worth a look even if you not interested in IT
