Security Experts Beware.

I don't know if you heard about this yet, but we were warned during a meeting at our office this afternoon about foriegn spys representing themselves as journalist looking to interview security specialists. Questions range from "Are security exploit patches and implementations usually a first concern or help up due to discussions prior to implementation" - "What sources do you count on for security awareness" etc.. They use this social engineering process to build up a database of your security outlines. This will allow them to know what companys may be vulnerable after the release of new exploits and what the average time for implementation after an exploit would be. I have confidence none of you would release this information, and sure most of you are aware of this issues, but for you that are not. Just remember this the next time someone wants to interview you as a security specialist. I have heard they are using the same tatics to interview hackers also. We can only image what type of information they are trying to get from self proclaimed hackers.


* I also heard they are gaining access to names and numbers through business cards they receive at conferences and lectures *

"I'm sorry, but its company policy not to take part in any surveys. Have a good day!"
Or my favorite: "Hold please while I transfer you to someone who will be able to answer these questions." Then sentence them to voice mail limbo.

I get calls like this everyonce in a while. Asking all sorts of crazy stuff.

Good post Joey, nice reminder to stay on yor guard.

Cool. Maybe they will give me a call. I will try and sell em some corporate information and become an agent for them. Then I can hack their sysem and tell em all to go to hell....

Does this mean I should cancel my appearance on Jerry Springer "Security Officers vs. Hackers" special.

Dang I was looking forward to missing a hacker and hitting Jerry Square in the nose with a chair.

Oh well