Penetration Testing mailing list archives
Re: Testing the user community
From: "Matthew Snider" <Matthew.Snider () SPARROW ORG>
Date: Tue, 30 Jan 2007 17:10:43 -0500
Hi Kurt, Here is a story about a very recent project of this type. The story is from SANS NewsBites, and it's definitely related to what you are asking about. Personally I think an internal "phishing" test could go a long way to increase awareness. Here's the article: --Half of Finance Managers Put Unsolicited USB Drive in Computers (25 January 2007) As a research project, a consulting firm sent USB sticks to finance directors at 500 firms in the UK. The memory devices purported to be invitations to "the Party of a Lifetime" with an anonymous sender but were actually part of an experiment. Nearly half of the finance directors inserted the stick into company computers. Media companies fared the worst in the experiment, with 65 percent putting the memory stick into computers. At technology, retail and transportation companies, the figure was between 38 and 39 percent. The devices could be used to plant malware on computer systems. http://www.vnunet.com/computing/news/2173365/uk-firms-naive-usb-stick Good luck! Matt
<webmaster () absolutenetworks biz> 1/30/2007 9:12 AM >>>
We all know our weak link but how do you identify just how weak they are? I think it's time to pen test my user community and have a couple ideas to gather statistics on just how nonaware they really are. Maybe a simple phishing scam and bogus email with a fake virus attachment that emails me when it's opened so I can track how many folks actually opened it. Has anyone ever done this before? I can't find any information about it on the web.. thoughts and ideas anybody? Many thanks Kurt ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Testing the user community Matthew Snider (Feb 01)
- <Possible follow-ups>
- RE: Testing the user community Des Ward (Feb 01)
- RE: Testing the user community Morris Sgt Derek P (Feb 01)
- Re: Testing the user community mblack9905 (Feb 01)
- Re: Testing the user community Javier Fernández-Sanguino (Feb 01)
- Re: Testing the user community webmaster (Feb 01)
- Re: Testing the user community Carl Jongsma (Feb 01)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Lee Lawson (Feb 02)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Pete Herzog (Feb 01)
- Re: Testing the user community Schanulleke (Feb 01)
(Thread continues...)