I don’t think we need to have personal banking, and frankly I couldn’t care less, but we do need security, I don’t think personal banking gives 100% nothing does, at least user/pass/one-time key is at least revokeable, not like someone who just looks/sounds like you.

At least, I will be able to told them that it can’t be me cause I just talk to my bankier and their identification methods are poor and they can’t prove it was really me…

And.. yes, you are a number, at least for them

An adequate act.

Whatever happened to the banking system, they should now realise the power of true communication - AKA: eyes to eyes meeting an handshake. Even the sound of your voice thru the phone. Their insurance costs soar and they can not remain insensitive to these as it cuts their profits.

The premium they charge me is worth the burden to speak in person on occasion just to have them remember I AM NOT A NUMBER.

And as you’ve mentioned, both are important!!

And as someone had mentioned…. network security is like a steel chain… its only as strong as its weakest link!!

If your not aware of phisical security, have a look at jerome poggi presentation : http://www.clusif.asso.fr/video/clusif-crochetage-poggi.avi

Sorry, it’s in french… but you can figure out the important things without it

In fact, for me, both are important, tech and social engineering skills. So you can use both to have greater and easier access to datas / services / computers / etc. And, after your pentest you can said to the tech guys : Dude, you’ve done well, but not enough. And, no, that’s not just the secretary fault. And to the administrative people : And that was your fault too, not just some techies doing bad job.
And then, you just have to explain how to avoid further mistake to both of them, and to work with the other side (techies/administratives) to enforce security, and stop complaining about how the others are doing so big mistakes

Really, security is just both aspects.

So, we have to become both Kevin and Daniel… Must add it to my todo list :p

I do understand the point you’re trying to make……and its true tht today, getting past an aware employee is almost (I stress on the word almost) as tough as breaking into a database….but definitely in the future, once security of databases is increased, Soc engg will be the most effective way…….Its all about the moment baby!! I don’t think any sys admin will say, “oh great” when you hack into their servers, but when you Soc engg, and believe me, this is experience speaking, the amount of trust tht people place on you is simply amazing….. They totally trust you with stuff so intimate tht you’d prolly think to yourself… “WOW”

And then ofcourse there’s tht saying, “Servers don’t make mistakes, Only people do”

You can teach basis to people to improve their awareness of what they really are doing. After all, it’s like with computer, since they haven’t the proper security software, they roughly do what you want, not really properly. Cause while you think security is just a bunch of crap making you loosing your time and nothing else… you’re half true. ut if you know what security imply, their is not problem. You can even let people know your password, for exemple the proxy one. So they can go to the internet for a day, do what ever they want, and then, you change it. Even if the trusted guy surf on illegal web site, you go to your administrator and explain him, it’s not you, and he can check IP/mac addresses. But, if you don’t even understand what imply a password on a proxy, you can just be doomed to hate security and screw the infosec guys.

Social engineering is the best way to get money, but I have to admit, it’s funnier hack into some big company database for credit card number and used that data to get rich But being Ocean(Clooney) is sexier than Kevin Mitnick… Never figured why :p