 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Phil Cook <phi### [at] nospamrocain freeservecouk> wrote:
> Hands-up those who think that'd work without the $10 inducement and done
> over the telephone :-)
A while ago there was a small scandal somewhere (I really can't remember
where it was; I can't even remember if it was in the US or here in Finland,
or maybe some other country) because someone got private information from
a company by simply going and asking for it. He was so formal and convincing
that the secretary (or whoever it was) didn't even hesitate.
This kind of fraud actually has a name (because it's so common): Social
engineering.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> This kind of fraud actually has a name (because it's so common): Social
> engineering.
And what's more, this kind of vulnerability can't be patched simply by
visiting Windows Update or something. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] devnull> wrote:
> Warp wrote:
> > This kind of fraud actually has a name (because it's so common): Social
> > engineering.
> And what's more, this kind of vulnerability can't be patched simply by
> visiting Windows Update or something. ;-)
But it's the reason why many companies have very restricted access to
the server room, and all visits are automatically logged.
If you need your server to be secure, it's not enough to prevent
attacks from the outside. You have to also prevent attacks from the
inside.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> But it's the reason why many companies have very restricted access to
> the server room, and all visits are automatically logged.
Or at least, they do if they know what's good for them.
> If you need your server to be secure, it's not enough to prevent
> attacks from the outside. You have to also prevent attacks from the
> inside.
My thoughts exactly.
By the way, did I mention that I don't have the keys to my new server
room yet? I just walked past and noticed one of the decorators was in
there painting the ceiling. (!!) I just hope he doesn't spill any paint
on our equipment...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
<snip>
>
> By the way, did I mention that I don't have the keys to my new server
> room yet? I just walked past and noticed one of the decorators was in
> there painting the ceiling. (!!) I just hope he doesn't spill any paint
> on our equipment...
>
O_O
Who's the project manager? Remind me never to use them
John
--
I will be brief but not nearly so brief as Salvador Dali, who gave the
world's shortest speech. He said, "I will be so brief I am already
finished," then he sat down.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
And lo on Thu, 01 May 2008 14:50:35 +0100, Warp <war### [at] tagpovrayorg> did
spake, saying:
> Phil Cook <phi### [at] nospamrocainfreeservecouk> wrote:
>> Hands-up those who think that'd work without the $10 inducement and done
>> over the telephone :-)
<snip>
> This kind of fraud actually has a name (because it's so common): Social
> engineering.
Indeed and as with Gail's example Mr Super Hacker might also have chosen
to breach security by simply wandering through the offices pretending to
be a courier/delivery guy/whatever and noting the sticky notes on monitors.
In the same vein it constantly astonishes me how many people tap their PIN
number for their credit/debit cards into shop terminals without a care in
the world. A couple of times when standing behind them and they're
blatantly oblivious to the world around them I've waited for them to
finish and then said "Don't worry I wasn't really watching you enter your
PIN" they look so startled it's scary.
Personal note: I wrap both hands around the pad and peer into it like a
periscope before tapping in my number with my thumb and yes I do get odd
looks from cashiers at times for doing this.
--
Phil Cook
--
I once tried to be apathetic, but I just couldn't be bothered
http://flipc.blogspot.com
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> Darren New <dne### [at] sanrrcom> wrote:
>> Personally, I can't imagine anyone who actually works there actually
>> pulling the plug on a server for $10. The janitor, maybe
>
> First you say you can't imagine anyone, and then you give a plausible
> someone.
I meant to imply the janitor doesn't work for the company. By "works
there", I meant not "works in the building" but "works for the owner of
the company".
Most office buildings have janitorial staff that works for the landlord,
not that works for the individual renters of the buildings. At least in
my experience.
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Phil Cook wrote:
> Hands-up those who think that'd work with a layperson.
Yeah, OK, I can see that scene working. :-)
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> And what's more, this kind of vulnerability can't be patched simply by
> visiting Windows Update or something. ;-)
I saw a t-shirt that said something along the lines of
"Social Engineering: Because there is no patch for human stupidity."
I thought one that said
"Social Engineering: Because Humans are still at 1.0Beta"
would be more geeky.
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] devnull> wrote:
> By the way, did I mention that I don't have the keys to my new server
> room yet? I just walked past and noticed one of the decorators was in
> there painting the ceiling. (!!) I just hope he doesn't spill any paint
> on our equipment...
Inner security at its best?-)
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
