Re: Penetration Testing - Human Factor

From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
Date: Tue, 22 Aug 2006 21:27:22 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 21 Aug 2006, Marios A. Spinthiras wrote:

As a thorough sceptic Id like to conclude in most cases of a TRUE hacking incident social engineering has been a factor of success for the malicious user attacking a system.

My observations differ. There tend to still remain enough low hanging fruit that one need not resort to directed victim contact. As well, social engineering can be hampered and has limitations; especially in cross border incidents. Yes this does sound as though I'm bundling all social engineering into the Mitnick realm of phone calls for information, but consider, am I more likely to respond in the fashion you wish if the spelling and grammar match the language and region I'm in and accustomed to?

Thanks,

Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE6679st+vzJSwZikRAp83AJ4pz9uQA8QoTi/1EB7aDZa1T0DIQwCg0cWF
V1lJFW7qTCQTJlyhVKi1+Gs=
=2W6B
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

References:
- Penetration Testing - Human Factor
  - From: Marios A. Spinthiras

Prev by Date: SV: Bluetooth Pentesting?
Next by Date: bypass input filter (SQL Injection / XSS)
Previous by thread: RE: Penetration Testing - Human Factor
Next by thread: RE: Penetration Testing - Human Factor
Index(es):
- Date
- Thread

Relevant Pages

Re: Penetration Testing - Human Factor
... Arian how have you concluded that no evidence has been gathered? ... I do not know how serious you consider social engineering to be but if you have not spent time with it please do so, I can offer you a lot of material regarding this issue. ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
RE: Penetration Testing - Human Factor
... I think that's a greater commentary on your contracting ... The Pen-Tests I have run include ... social engineering on the radar at all, ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
RE: Penetration Testing - Human Factor
... other data to compare the social engineering numbers to. ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
RE: Penetration Testing - Human Factor
... engineering...and most were successful. ... "I dare do all that may become a man; Who dares do more is none." ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Penetration Testing - Human Factor
... We've offered clients social engineering attacks as part of pen-tests, ... > Cenzic Hailstorm finds vulnerabilities fast. ... > Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)