Thursday, February 24, 2011

Social Engineering Watch Your Back!

It was the urging of on of the instructors at B & S College that I sign up for a free account with Tech Republic. If you have not I advise checking them out, you will not be sorry. I found a white paper entitled "The ABC's of Social Engineering & Five Ways to Protect Your Organization." The paper was written by Kevin Prince Chief Technology Officer at Perimeter eSecurity.
The first paragraph starts off by saying social engineering has been used for centuries. I agree. He later includes as part of the definition of S.E. that it is like hacking people and I agree there too. He went on to mention Hollywood movies like SneakersThe Oceans 11/12/13 Trilogy, and Catch Me if You Can. Catch Me was one of my favorites. He said that this true story left out a technique employed by Frank Abagnale the leading character. He said that Mr. Abagnale would put an out of order sign on a night deposit box and dress up as a security guard and have the people just hand him their money. Simple and smart.
The other item that caught my attention was the vulnerability of interactive voice response systems at large companies. H he said that with a little luck the phone phisher could just call in and try extensions till they found a voice mail box and try very weak passwords. He said that the passwords on voice mail systems are known for being short and predictable like 1-2-3-4. Once he had a voice mail box he would call IT after hours and let them know he was locked out of the system and leave a new password on their voice mail. Simple and effective. He also said that people could record a banks voice response unit and then parse it up and e-mail people to call a false toll free number to verify info about their account. Then harvest the inputs and bam the attacker is off to the races.
I would strongly recommend this short 7 page paper. Check it out and all of the resources at Tech Republic and let me know what you think. I cannot believe it's midterm week already. Good luck everyone.   

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.