Information Security News mailing list archives
Re: Social Engineering: The Human Side Of Hacking
From: InfoSec News <isn () c4i org>
Date: Fri, 10 May 2002 03:36:39 -0500 (CDT)
Forwarded from: rferrell () texas net
Social engineering is the human side of breaking into a corporate network. Companies with authentication processes, firewalls, VPNs and network monitoring software are still wide open to an attack if an employee unwittingly gives away key information in an email, by answering questions over the phone with someone they don't know or even by talking about a project with coworkers at a local pub after hours.
One prime source of information that I seldom see mentioned is vacation messages generated by SMTP agents. Setting aside for now the fact that a lot of brain-dead email programs rudely send out these things in response to every incoming message, no matter the source, a distressing number of people include not only their complete contact information, but details about the projects they're working on (even including internal code names), title and responsibilities of other employees in the company, and even details about their own and other employees' short-term and long-term schedules. Acceptable vacation message policy should quite definitely be spelled out as part of the overall infosec operational plan. RGF Robert G. Ferrell rferrell () texas net - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Social Engineering: The Human Side Of Hacking InfoSec News (May 09)
- <Possible follow-ups>
- Re: Social Engineering: The Human Side Of Hacking InfoSec News (May 10)