Social Engineering.
“it is much easier to trick someone into giving a password for a system than to spend the effort to hack into the system” Devin Mitnick reformed computer criminal turned security consultant.
The hacker appears to be someone, in an official capacity, who he is not. The two people in most cases never meet each other.
It starts with Pretexting. This is the set up where some plausible story is given as to why the sensitive information is needed. “We need your login in and id so we can reset them”.
“No ones told me this was going to happen?” you ask. “We may have some suspicious activity here and need your help to check it out” they reply.
This technique has worked many times and it seems the higher up in the organization you go the better it works.
In a study first completed in 2003 and later repeated 90% of office, workers gave their password on a survey in exchange for a cheap pen.
Bottom line.
Never give out sensitive information to anyone who doesn’t have a “need to know” This is a tenant common when working in a government run security environment.
Say a Friendly co-worker asks for your id and password. Why do you need it, you ask. Someone from the home office needs it. In this case, in the absence of a company memo I would be suspicious of some social engineering taking place.
Therefore, the threat may come in the form of personal contact or more commonly from an email or phone call.
Tuesday, October 27, 2009
Wednesday, October 14, 2009
Halloween trick?
Suspicious?
-----Original Message-----
From: UK LOTTERY [mailto:cc-district-clerk@sbcglobal.net]
Sent: Friday, October 09, 2009 9:13 AM
To: undisclosed recipients:
Subject:
You have just been awarded, £800.000.00 GBP in the UK Online Promo, send us yourNames,Address,Country,Sex/Tel.
You got to be kidding me. While I do not get much spam email, I did receive this little gem. Anyone who responds to this is at best wasting their time and maybe their money. Don’t do it. If you do, email me your horror story to share.
The only thing I can attribute my lack of spam to is Go Daddy hosting my email. I don’t do anything special beyond the usual precautions. I run Norton, Windows Defender, CCleaner, and Malwarebytes.
I am installing the Microsoft “October big drop” update for Windows XP. One interesting thing I picked up is Windows Malicious Software Removal Tool - October 2009. I might drop Malwarebytes if windows has as good a tool.
If you have any comments please drop me a line.
Paul@PaulGoda.com
-----Original Message-----
From: UK LOTTERY [mailto:cc-district-clerk@sbcglobal.net]
Sent: Friday, October 09, 2009 9:13 AM
To: undisclosed recipients:
Subject:
You have just been awarded, £800.000.00 GBP in the UK Online Promo, send us yourNames,Address,Country,Sex/Tel.
You got to be kidding me. While I do not get much spam email, I did receive this little gem. Anyone who responds to this is at best wasting their time and maybe their money. Don’t do it. If you do, email me your horror story to share.
The only thing I can attribute my lack of spam to is Go Daddy hosting my email. I don’t do anything special beyond the usual precautions. I run Norton, Windows Defender, CCleaner, and Malwarebytes.
I am installing the Microsoft “October big drop” update for Windows XP. One interesting thing I picked up is Windows Malicious Software Removal Tool - October 2009. I might drop Malwarebytes if windows has as good a tool.
If you have any comments please drop me a line.
Paul@PaulGoda.com
Tuesday, October 13, 2009
I have been updating my website and found the search engines have been very kind to me. I’ve tried keywords and description tags in the header of the html page. Not much luck.
It seems frequency of update to a web page helps it’s ranking. I don’t have many links to pages outside my website and only one incoming link.
The trick is to associate Paul Goda with some service that people are looking for.
Email paul@paulgoda.com
It seems frequency of update to a web page helps it’s ranking. I don’t have many links to pages outside my website and only one incoming link.
The trick is to associate Paul Goda with some service that people are looking for.
Email paul@paulgoda.com
Friday, October 9, 2009
Website update
I have been working on a new personal web page at paulgoda.com. All the elements are set using external style sheets. It's taken me a couple of weeks but the fun was in the learning.
Microsoft Expression Web is an excellent choice for people wanting a robust web authoring too.
The css editor is very powerful once you get the hang of it.
Microsoft Expression Web is an excellent choice for people wanting a robust web authoring too.
The css editor is very powerful once you get the hang of it.
Subscribe to:
Posts (Atom)