Re: Valid/sufficient identification mechanisms/credentials for personal data collection.



Social engineering is just that: social. What stops most people is their
personal level of morals. Lying, by our upbringings, is bad. Therefore,
many people don't go to any great lengths beyond "white lies" or small
deceptions. The consequences of being caught keep most people from ever
truly attempting social engineering for any particular gain.

But yes, once you try it, it is very successful. In a capitalist,
working, largely christian society, not helping people is a black mark.

Serg B. wrote:
I am not sure if this is a suitable topic for this list but it is
certainly within the scope.

This article is not related to IT as such, but has a lot to do with
social engineering and identity theft. I suppose this is an iffy area
of IT since the Internet has not only enabled perpetrators to realise
much greater returns on their crimes but has became an indispensable
tool in every arsenal.

Since I read The Art of Deception few years ago I started to notice
real life situations where an individual could easily get away with
almost anything (theft, scams, etc.) by carefully choosing their words
and people they talk to. When I first read the book I thought it
didn't look like any of this could be possible. It was certainly
fascinating to read but not possible, not for me any way. As I worked
through my young grasshopper IT career days I became more and more
exposed to the security side of the industry that in turn made it
possible for me to observe some of these tricks, or at least attempts
to do so, first hand. Soon after I realised that things are even
simpler then an average case study in the book. Especially if you are
an insider, you have access to everything and anything. As long as you
are confident and don't mind lying like there is no tomorrow the world
is yours.


Serg
ubermonkey.wordpress.com


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------



Relevant Pages

  • RE: Sexy pen-testers and auditing...
    ... that it does have to deal with security, maybe some in the compsec industry ... While there are tons of write-ups on social engineering, ... "Men have been taught that it is a virtue to agree with others. ... pen testing experience in our state of the art hacking lab. ...
    (Pen-Test)
  • Re: [Full-disclosure] mac trojan in-the-wild
    ... through the motions above what can we as security people do to prevent ... I didn't analyze Linux or BSD threats, but my gut feeling puts them at ... With 86% or more of the past threats requiring social engineering to ... but not with the same success of remote buffer overflow malware. ...
    (Full-Disclosure)
  • RE: mac trojan in-the-wild
    ... through the motions above what can we as security people do to prevent ... I didn't analyze Linux or BSD threats, but my gut feeling puts them at ... With 86% or more of the past threats requiring social engineering to ... but not with the same success of remote buffer overflow malware. ...
    (Bugtraq)
  • Re: Two wireless routers one network
    ... >wireless security in the world didn't do them any good when I can go ... >of wireless and just want it to work. ... Security is more than 50% social engineering. ... >I notice you didn't say anything about my comments about monitoring ...
    (alt.internet.wireless)
  • Re: Two wireless routers one network
    ... >>why should I attack your home system via wireless when I can just hotwire ... wouldn't bother with your home system. ... wireless security in the world didn't do them any good when I can go ... Security is more than 50% social engineering. ...
    (alt.internet.wireless)