General discussion

Locked

What your thoughts on social hacking?

By debate ·
Tell us what you think about social hacking, as featured in the latest Internet Security Focus newsletter. What is your network doing to protect against social hacking? How effective do you think your solutions are? Do you believe that providing support pros with adequate training on social hacking would offer a boon to Internet security?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

A good example of "Social Engineering"

by Oz_Media In reply to What your thoughts on soc ...

This may be a little off track but anyone who is interested in the repercussions of Social hacking should read "The Blue Nowhere" by Jeffrey Deaver.
It is a crime/horror fiction book about a talented hacker/murderer who uses social hacking to commit murder, almost successfully.
Like I said, it's a little off base but an excellent read from the best seller list.

Collapse -

Training is not an answer...

As a helpdesk technician I manage many users' accounts. There are situations, that require over-the-phone password compromise. There was no precedence of social hacking in my company, but who said there won't be?

I agree that technicians should be trained, at least made aware of that problem, but it is the security procedures that will keep hackers from taking control of a system. So basically there should be some way of authorisation before the forgotten password will be handed over. I am happy to work for a company, where I can reach any user personally in less than 10 minutes, so I try to avoid situations that can cause security leak by using the telephone in the wrong manner. But what if users are in different locations? Again - procedures and a good password policy. What is the weakest part of this whole system? Human factor....

Collapse -

Awareness, awareness

by JasperL In reply to What your thoughts on soc ...

In my line of work (Information Security Officer), this social engineering is one of the biggest risks existing. The problem is, that high management isn't easily convinced: they appear to think that physical and network security, are the only important things. Besides a scenario for large scale problems (such as evacuation -while maintaining work), there isn't any interest to put this on an agenda. Management seems to thing that a perfectly filled in securityplan for IT, policies and building, is the finishing point of security. After that, we just hold that high and thus we are safe and secure. But social engineering blossoms in that kind of environment: large false sense of security; no training in doubting someone (claiming to be) from the inner circle.

The fertile ground for defense against social engineering starts at this point. We have taken care of the manageable security holes like the front door, the username and the rights on group shares on the network, and now we have to take care of the human factor.

'Hm, yes.' management says, turning into sleep mode...

They do not move.

Luckily at this time we are preparing a security theme week. Emphasis is on disaster control, but I managed to get a (paid and reporting) social engineer on the project list. This will shock them. (Since I have not told anyone that the social engineer will not attack in that week, but in the week before.... We are presenting results in that week.)

Back to Web Development Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums