Home page logo
/

basics logo Security Basics mailing list archives

Re: Social Engineering
From: Mario Platt <mplatt () gmail com>
Date: Thu, 5 Jan 2006 17:55:13 +0000

I think your ideas aren't bad, thing is, do you really think you would
solve SE problems with that ? For your first idea, I couldn't quite
understand what it would solve. For the other one, you're just gving
one more legal issue every time someone enters a folder, it isn't
solving anything, I think. I don't think social engineering issues can
be solved by software, unless your software does user awareness. Like
quotes of the day or something, and gradually, you'll end up having
educated users. But maybe I didn't understand what you meant with your
ideas for software.

bregards

On 1/5/06, coder <elite.coder () ntlworld com> ieering cant be solved with
software, so
I shall show you some of the ideas I have to defeat SE with software.

Idea 1: A Directory site.

The site will be used by companies to find out if Person X works at company
Y.
how will this work?

Well, first an admin is nominated from the company (pref. someone who is
"up" on security i.e. a sys admin)
This admin will register the company with the site,
Then he will register everyone in the company with the site

If you want to view info in the site, you will have to use the un/pass sent
when the admin registered you,
to prevent terminated users staying on the server, en email is sent from the
site every X days with a link
(like the one securityfocus sends for you to finish your registration)
if you do not reply to the email after X days, you are put into an MIA list
(if someone searches for you, you will not be found...
but you are not deleted either)
when this happens the admin will receive an email asking why you haven't
replied and if you should be deleted.

if someone tries clicking on the link after the expiration time for a new
link to be sent (or if you are deleted), nothing will happen..
just incase the person who got canned tired to reactivate his/herself.

I don't think I have covered all the bases here, but I will do more thinking
later.

=------------------------------------------------=

Idea 2. Folder security information.

In Mitnicks book he says it is a good idea to rate information by security
priority.

e.g. If its Priority 1, then you cant send it tom anyone... even if they
work in the same company
P2, you can send it to a verified person in the company
etc...

So I want to write a program then, when you open a folder on the file
server, a message will pop-up saying:

The info. in this folder is Priority X,
this means you... blahablahblah..

Again, I will work more on this idea... and I have the added bonus of
testing it out where I work.

=----------------------------------------------=

So, let me know what you think, it would be interesting to hear if this
ideas are silly.

Regards,

Davie Elliott





---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault