Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Social Engineering is still about

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    889

    Social Engineering is still about

    The lengths spammers go through. I employ a spam scanner (open source on the email system), and part of what I use sends a canned auto message that includes my work number that more or less states call this number of the email block is in error. So even after work I monitor things at work and if errors are made make adjustments to unblock email address. So I get a request from reception to remove a block from a user that is a number at an account to a domain that cannot be found. Her excuse was I am attempting to send my resume from and address on your web site. This is about the 10th call I've had yes spammers do call me always with the excuse of I'm sending a resume, via voice mail or through actual telephone conversations with reception who email me. Most emails I send to these address do in fact go through but the domain search fails. My email to them please fax your resume I was not able to confirm your domain name. Looks like the spammers see the hand writing on the wall and do have the nerve to attempt to call leave voice mails or social engineeer events by simply calling the telephone number. I posted this just for those new fresh network admins.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Social Engineering (sadly) will always be among us. Ever since virtually the dawn of time have people used a method of social engineering to get what they want. It's practically a historical fact.
    Space For Rent.. =]

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Check out Kevin Mitnick's book "The Art of Deception". Great examples of Social engineering, and therer are some awesome chapters on creating a security policy and training staff to recognize scams.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Kevin Mitnick = Greatest B/S Artist of All Time.
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    270

    Social ... wtf.

    Social Engineering, everybody does this on a daily basis. Really I don't see what so special about it.

    Social Engineering I did that 5 minutes ago when I convinced my mother to give me another cookie.


    Get over it its nothing new we only gave it a different name.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    I'm 'eating' through Mitnick's book basicaly, it makes for a very entertaining read. It is true that social engineering is a dark art, but that's only because of the ignorance of some people. Whenever something smells like skunk... From KDM's book there's one thing that comes through clearly, and that I don't see many companies being fully aware of: challenging authority when it comes to sensitive stuff. When an employee is afraid of a boss coming down on him because he dared question the boss's secretary's authenticity [upon failure of said secretary to properly identify herself] people aren't really keen on putting up a fight over the phone.

    We get "Takedown" and Tsutomu Shimomura making himself look like a smart-ass when Mitnick called him up, but that's because Tomu had nobody above him to fear. Take a new employee, he gets a call from somebody that throws around the CEO's first name like it was his dog, now there's a person you don't want to bother with too many questions.

    So some companies don't have the right attitude when it comes to this... and some social engineers have no talent when it comes to information research and impersonation.
    /\\

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Get over it its nothing new we only gave it a different name.
    Social Engineering is actually a bigger threat than someone getting past the perimeter defenses of a network these days. Penetration via electronic means is getting harder and harder. I am not talking about some schmuck running windows 98 and a host of unmanaged NT servers. I am talking about real network admins. They are tough to crack and most would be attackers don't have the knowledge or patience to spend 4 months drudging around the perimeter. It's easier to "Ask" what the weakness is or where the boxes are. "Hey dude this is James from IT, I was talking to Tony (Tony was listed on the website) and we are going to have to reload the server tonight, we can't fix your profile when we bring it back up without your password - so could you give it to us? We will reset it later so don't worry about it."

    We have little to NO control over it. There are things you can do to mitigate it but anyone can make an email look like it's coming from administrator@mydomain.com. Risk factors change over time and right now social engineering and bad browser code coming in the firewall from authorized users are 1 and 2 on my list. Why? Because they are difficult to control in my environement. I can control risk of penetration much easier.

    Just the other day I had a sweet sounding young lady call me... "Hi my name is Lisa, I am a student at Your_Local_University and we are doing a case study on Your_Line_Of_Business Instution." Being a fan of higher education I am eager to help of course. "What are you looking for, I might help" I say. She replies "We are conducting a survey of Core Accounting Platforms, what are you running in your data center." I think, that is an unusual cold call from a University out of the Blue and I did not like the way the questions were structured. In addition my own direct questions were not answered as I would have liked so I seaid "Lady I am not giving any information to you about our internal operational platforms." But I can think of a dozen people that will in any number of public listed departments.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    Kevin Mitnick = Greatest B/S Artist of All Time.
    Bah, all prejudices. You cannot judge him unless you know him personally.
    It's simply because he's so famous he gets such negative attention.

    I'm not defending him btw.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  9. #9
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Kevin Mitnick = Greatest B/S Artist of All Time.
    Isn't that kind of the point of Social Engineering? .

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255

    Re: Social Engineering is still about

    Originally posted here by Palemoon
    The lengths spammers go through.
    I don't know what annoys me more, getting spam via email, or the crap paper ads that get left on my car while it sits in the college parking lot.
    Social Engineering is the hardest thing to secure in an organization.

    Best thing I ever had was a guy calling and asking me to take a survey on Microsoft's Windows Update.He started the survey with: "What is the latest patch you applied to your Windows 2000 webservers?". I asked him how he knew we hosted our own webservers, and he hung up. That was a couple of years ago tho.

    Originally posted here by el-half
    Bah, all prejudices. You cannot judge him unless you know him personally.
    Pfft, people do it all the time on here.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •