Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Social Engineering

  1. #11
    Nihil That is cool on the Greenies as long as you enjoyed reading it I am happy. I really like hearing people's view on something that I wrote. If you want to make me smile read my UnUber-Uber story and post reply's to it. I only got one so I am curios to what people thought about it. I would really like to know.

    I do personally think that all Companies that have a high use of computers should have some type of Computer training on Social Engineering/Security.

    Jizz

  2. #12
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Having been working in the IT field now for the better part of a decade, I can say that social engineering in corporations is one of the biggest problems any security department faces. Sure, we've all heard about the "disgruntled" worker but that's more for destruction of office equipment and injurty/loss of life to fellow workers. Being a unix sysadmin, if I'm canned one day, they'll know a day before me and I won't even be able to go to near a keyboard. I'll also be escorted everywhere, even to the bathroom.

    Social engineering is way easier because of the following:

    1) people who don't work with computers on a security or power-user level are going to believe pretty much anyone who says they're from company XYZ doing a presentation or audit and needs access to ABC.

    2) "suits" generally are given high-level or complete admin rights simply because of "who they are" which is an inherent mistake. I've worked at several places where the firewall and proxies were told to ignore anything from the boss' IP address (all static) and he was allowed to look at anything on the net (ebay, porn, lottery) without worry of the proxy nailing him. This is very bad because people think that when they have "god" rights, they can do anything but it's a double-edged sword. You have to be more careful the more power you have.

    3) Nobody in these environments have proper training. This is where it all falls apart. A day class of educating end-users on proper techniques and basic security would do wonders. Also, making someone responsible for letting security breaches occur (on a stacked tree of course) would enforce it a bit more.

    There's more but I believe proper training can bypass a lot of the social engineering that goes on. And if anyone ever sent me an IM on AIM that said "This is AOL. We need your password.", I'm going to have LOTS of fun.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #13
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Ahem, you're going to have to excuse me for one sec while I hijack your thread...


    OMG IT'S VORLIN!!!!!


    Good to see you. We've missed you and your posts.


    Okay, carry on
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •