Security Basics mailing list archives
RE: Social Engineering
From: Murad Talukdar <talukdar_m () subway com>
Date: Tue, 10 Jan 2006 11:14:58 +1000
We used to get phreakers ringing up to try and get pins etc for our phone system and also trying to route calls through the same. What stopped it? Educating people not to give out things like that to ANYONE over the phone. The education needs reiterating on a regular basis, and not just because new people start. Regards Murad Talukdar -----Original Message----- From: m_r_welch () tiscali co uk [mailto:m_r_welch () tiscali co uk] Sent: Sunday, January 08, 2006 12:58 AM To: coder Cc: security-basics () securityfocus com Subject: RE: Social Engineering
-- Original Message -- From: "coder" <elite.coder () ntlworld com> To: <security-basics () securityfocus com> Subject: RE: Social Engineering Date: Fri, 6 Jan 2006 17:26:27 -0000 OK, Maybe Social Engineering cannot be *solved* with software
engineering...
but maybe (as some of you have suggested) it can be minimized.
In a manner of speaking. The time honoured principle of least priviledge can use technology to limit the damage from social engineering, but not prevent it from happening. That which a person does not know and cannot access cannot be charmed out of them, no matter how good the attacker is. The password to a limited, locked down account is less use to an attacker than a more open one, without preventing the innocent party from doing their job. It's a basic concept for information security, but easy to forget in a rush to discover a new and exciting 'great new thing'. The more you make an attacker work for every inch of access, the more chance you have to spot them before they get too deep, and the more opportunities you give them to make a mistake. Unfortunately, you can't expect everyone to have the awareness of IT/IS issues that we have. The average person looks to us to make their problems go away, and if we impose too much on them, we can become a bigger irritation than the problems we are trying to prevent. KISS must be applied to any security solution that requires end-user involvement, and least priviledge applied properly is an unobrusive way for technology to assist against social engineering. regards, Mark Welch ___________________________________________________________ Tiscali Broadband from 14.99 with free setup! http://www.tiscali.co.uk/products/broadband/ --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- RE: Social Engineering, (continued)
- RE: Social Engineering Ebeling, Jr., Herman Frederick (Jan 06)
- Re: Social Engineering Gregory Boyce (Jan 06)
- RE: Social Engineering Burton Strauss (Jan 06)
- RE: Social Engineering Liviu Lica (Jan 09)
- Re: RE: Social Engineering pg_vlad (Jan 05)
- Re: RE: Social Engineering Mike Lisanke (Jan 05)
- RE: Social Engineering Mike Fetherston (Jan 05)
- RE: Social Engineering coder (Jan 06)
- RE: Social Engineering jpippin (Jan 09)
- RE: Social Engineering m_r_welch (Jan 09)
- RE: Social Engineering Murad Talukdar (Jan 10)