February 25th, 2002, 02:28 AM
becoming aware of Social Engineering
Hello. I am a small-time systems admin at my highschool. I have spend the past year or so trying to teach the other admins (kids and teachers alike) as well as the administration about security. it's been a rather uphill battle.
I was wondering if anyone could suggest a good source of material to help explain SOCIAL ENGINEERING. I've gotten the hardware and software parts explained and well worked out, but the HUMAN ELEMENT is still a large risk. Any suggestions? (website, quotes, ANYTHING?)...
February 25th, 2002, 02:47 AM
OpenBSD - The proactively secure operating system.
February 25th, 2002, 02:55 AM
I always use social engineering in my cracks works very good!
I am not exactly sure of what your looking for? I have been smoking 420 so I AM a pretty wooee (I used one similar to this.)
Lets say you find a Mickpalmer@powerplant.net this is a top salesmen who in the company has high level access to the network...
You send this e-mail to mick
"Hello Mr. Palmer,
The computer department has decided thats it's neccessary to issue new passwords today. Please take a moment now to enter the following command:
Then press the enter key. Please do not write this password down. For security reasons, we must ask that you memorize it. Thank you for your cooperation.
Andy Johnson, System Administrator
Then you try the password later in the night. You get onto the system and now have powerful system privileges.
Social Engineering is the single most effective security penetration technique of all. You can put a computer inside a sealed room with 10 foot thick concrete walls, but if an student, or and employee who knows the logon sequence is chatty, lonely, or pliable, 50 foot walls won't secure thye system. Security is made up of a chain of connected elements: firewalls passwords shredders alarm systems secure rooms etc... But the old adage applies: The security chain is only as strong as it's weakest link. And all too often that weak link is a person.
February 25th, 2002, 03:02 AM
I know HOW to social engineer people, I've used it aswell on needed occasion.
what I'm trying to find out is how I can explain and help prevent it with people whom are NOT security-minded. those lonely students or administrators whom kow noting about hacking, or SE, or anything of the such.
February 25th, 2002, 04:12 AM
WOW talk about Irony I just put somthing up on my website.
anyway I read this when I first started to learn how to hack maybe it will help you in your quest. http://www.happyhacker.org/uberhacker/se.shtml
February 26th, 2002, 02:52 AM
Well, if you can social engineer, then do it. Without telling them, try to social engineer them to get passwords, etc. Tell them what you managed to achieve, talk to them a bit about the dangers, and you shouldn't have a problem with it.
Elen alcarin ar gwath halla ná engwar.
February 26th, 2002, 08:38 PM
A good reference to send them to is the audio from Beyond Hope, (they had a social engineering panel at this one). The person doing it calls a computer shop and finds out the password to the machines in the building, if I remember correctly ends up on the PA system at K-Mart...and a few other fun things that will get the point by to ANYONE that it is easier to exploit a human being than a computer.
Hope this is more of what you are looking for....