[ad] This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity. Whatever you want to label it really ;) USB drives are a real security risk.. We recently got hired by a credit union to assess the security of its network. The client asked that we really push […]
Social Engineering
Kevin Mitnick Interview on Social Engineering
There’s a good interview with Kevin Mitnick on Social Engineering. Well afterall, that is where his skill lies, not in technical hacking. Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement. In […]
The Enemy Within The Firewall
[ad] I’ve seen similar figures from other organisations and countries, so the stats don’t surprise me. My peers and I have always called this Armadillo security, hard on the outside, soft on the inside. Firewall, IDS, etc…all protecting the exterior of the network, only edge devices, nothing inside, not much policies, not much privilege segregation, […]
Your Employees Don’t Care About Your Data
[ad] So you better make sure you do. As we discussed in the article on Social Engineering in Penetration Testing, it’s not that the employees don’t care as such, it’s that they don’t know. They haven’t been educated, they are ignorant, their awareness of best practise is low. An experiment carried out within London’s square […]
Should Social Engineering be a part of Penetration Testing?
This is actually a very interesting debate. Just to introduce if you don’t know.. What is Penetration Testing A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical […]