Results 1 to 6 of 6

Thread: Social Engineering

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    18

    Question Social Engineering

    What is Social Engineering ?

  2. #2
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    Social Engineering is when you convience somebody you are someone you are not or convince them to give you information they wouldn't normally give you. Or just in general convince them to do anything you want them too. For a more in depth definition: http://www.google.com/search?hl=en&l...ng&btnG=Search
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  3. #3
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    WTF the negs for...!?!??! If you're gonna neg somebody, at least post something so we know why the person got negged for on a legit question.


    anyways:

    Social Engineering:Term used among crackers for exploiting weaknesses in people, rather than software--tricking someone into giving out information like passwords that will compromise system security.


    A cracker term for tricking users of a system to reveal passwords so that the cracker can gain entry to the system. A common technique is to contact users in chat or e-mail on a system, pretend that they are employees of the system performing security checks, and insist that the users give their password to prove who they are or their account will be closed. Such requests are never legitimate! Social engineering schemes can be quite ingenious and convincing and more subtle than the simple technique above. Never reveal a password or even give hints what it may be.


    An attack based on deceiving users or administrators at the target sire. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user to attempt to gain illicit access to systems

  4. #4
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    People have the habit of doing that to 'balance' and Cybr1d what you posted was in my link no problem though I should've quoted the correct definition anyways because some words have multiple definitions
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    The answer is right here on AntiOnline as well. AntiOnline is a mirror for the Hacker Jargon Files.

    http://www.antionline.com/jargon/socialengineering.php

    social engineering n.

    Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Taken from AO's "Fight Back" Section:

    This method isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in this case, your password. Here's one simple example of social engineering.

    The phone rings:

    You: Hello?
    Hacker: Hi, this is Mike from Dial-Ups-USA.
    You: Ah, you're the ones I get my Internet access through, right?
    Hacker: Yeah. That's why I'm calling. Have you tried to access your e-mail today?
    You: No, I've had a busy day, why?
    Hacker: I know how those go. I've had a busy today too. We had a problem with our mail server. It crashed and all of the user accounts were deleted.
    You: Oh, I guess you have been busy then. How long will my account be down?
    Hacker: Well, hopefully within the next few minutes. I'm the lucky guy that got chosen to call all of our users and re-establish their accounts. Do you remember what your username is?
    You: Username?
    Hacker: Yes, that would be the part of your e-mail address that comes before the @ sign.
    You: Oh, that would be 'John20' then.
    Hacker: Ok, great. I'll add that in here right now.
    You: Ok, thanks.
    Hacker: What would you like your password to be?
    You: Do I need to pick a new one, or can I use the same one that I used before?
    Hacker: You can go ahead and use the same one as before.
    You: Ok, make it 'YouGotMe' again. This way I won't have to try to remember a new one.
    Hacker: Give me a minute to enter it.....Ok, you're all set. The account should be re-activated within the next 10 minutes or so.
    You: Ok thanks, I appreciate that.
    Hacker: No problem, have a nice day.
    You: You too...

    I can hear you saying it now. "I'd never fall for something like that." Hackers pray on one simple fact about the average user. If something seems "wrong" to a user, or "out of the ordinary", they almost ALWAYS assume it's because they aren't the expert "Well, I'm not sure what he's talking about, but I don't know a lot about computers, so he must be right."

    How do you protect yourself from this type of attack? Have self confidence, and use your common sense. If it walks like a hacker and talks like a hacker, it's probably a hacker.
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •