dcsimg
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Social Engineering Part I - Introduction

  1. #11
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Yea you can use it. I'll put it in the GPL. Just give me credit

  2. #12
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Originally posted here by dopeydadwarf


    This stuff is actually easier to get than it was when social enginerring was a new idea. A trash can in an apatrment complex mailroom will yield alot of information. Just hit the same complex once a week for a month or so. By nature human beings are repetitive. Thos that normally read mail at the can and toss it will continue to do so. So over the course of a month you can have an easy ten identities. So in a way social enginerring is a dead art. It has changed into identity theft.
    or an easy google search that will find stuff like these http://e.1asphost.com/aleksandarforu...sp?TOPIC_ID=67

    do you think that mr Wayne Fitterman United Talent Agency - 9560 Wilshire Blvd. Ste: 400 Beverly Hills
    likes his info and cc# posted on eastern european websites. No wonder we pay so much for movies

    If anyone here happens to speak macedonian i would love a quick translation
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  3. #13
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    I'm not saying that you can do that in every work environment, and people will not give out their information when realizing they are doing it, but i personally have seen three professional environments with login informaiton in clear view for anyone to see, two offices with employee data and one a large store with admin. login data

    You cant not simply walk around and obtain peoples passwords in a 'work enviroment' or any other 'enviroment' for that matter
    You're saying that if you walk over to Mr. Andersons desk you won't be able to see his matrix figures on his desk and guess a theme for his password: theredpill ?
    By watching people and interacting with them it can sometimes be very easy to discover it between the lines
    A mind full of questions has no room for answers

  4. #14
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    Computernerd22. Not all people who use computers are IT professionals. It is very possible to just walk around and get login details. I don't know where you work, but obviously if you're in a room of admins, they're not so likely to do this, but if you go into an office with (excuse me) bog-standard employees, half of them will have login details lying on their desks, or stuck onto their monitors, etc. Honestly...you see it all the time.

    People aren't as clever as you would think. Most people don't care if someone else knows their passwords as long as they can get on with their work.

    ac

  5. #15
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    or an easy google search that will find stuff like these http://e.1asphost.com/aleksandarfor...asp?TOPIC_ID=67
    This a perfect example of the simplicity involved. Just google for it.

  6. #16
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Here I go on another tangent.

    When I did consulting work, I used to preach security till I was blue in the face, and a lot of the companies got it. One in particular didn't. (they were a mfg. of pest control devices.) Now you probably wouldn't think that's a highly competitive market, but it is. The owner didn't get it ans insisted that there be no passwords because he was worried about his emplyees doing stuff and he wanted to be able to "spy" on them. I tried to tell him there was a better, more secure way.....he didn't want to listen.

    Now that company is out of business and another sells the product...a result of social engineering and corporate espionage....only took 4 months.


    I wonder how many other companies like that are out there....It scares me.

  7. #17
    Well first off, thank you for the tutorial lots of numbers guy. It was well written and got the point accross to someone new to the field. SE in and of itself is still around very much so, and very sucessful. Although you do not just come out and say, "Whats your username and password." I do not really think that someone can learn SE from reading a tutorial though. They can learn ideas, and perhaps even techniques, but for the most part it is something that you get better by practice, or you are naturally persuasive and a good speaker. As pointed out, I do not believe (unless you get the IT department ) it is any harder or easier (relatively compared) to SE people today than it was in the past. Walking around the workplace looking for passwords will probably not work as well and make you look suspicious. Also, people will have seen you.

    -Cheers-

  8. #18
    Nice tutorial you've written there.

    Just one thing--you should also mention the attack where the attacker guides the victim to ask the attacker for help. This is also a very effective method.

    If anybody wants an in-depth lesson on Social Engineering, I would strongly reccomend Kevin Mitnick's "The Art of Deception".

  9. #19
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    My last place of work was recently fully computered ? up, all machinery had a computer to monitor the work load, print out the paper work etc, and ALL units had 'password' as the password. this would only be accessible to the work force, but, sometimes the enemy is within ? the sys/admin was one guy, in a remote office, with a deadlock ? on his door, the server room was supposedly, sealed, but,we , the electrical dept, had to access the room to test the power leads on an annual basis, plus we had to clean change lights, UPS etc. What security comes down to, I believe, is whether the managment layer ENJOY playing computers at home. I would wager that in the factories and offices that have high security, and are NOT IT biased, that they are led / run by people who play with the damn things at home, a bit like US ?? And it follows that in places where security is less than should be expected, that those in command have a low threshold for those 'damn boxes'?? it also follows that social engineering or whatever we want to call it, will ALWAYS have a place in the armoury of the 'professional' hackman? because there IS one born every minute.
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  10. #20
    Social engineering?______/\/\/\______Trying_to_build_minds?____/\/\/\_____

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •