Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Valid/sufficient identification mechanisms/credentials for personal data collection.
From: Michael Krymson <krymson () gmail com>
Date: Tue, 01 Aug 2006 12:03:59 -0500

Social engineering is just that: social. What stops most people is their
personal level of morals. Lying, by our upbringings, is bad. Therefore,
many people don't go to any great lengths beyond "white lies" or small
deceptions. The consequences of being caught keep most people from ever
truly attempting social engineering for any particular gain.

But yes, once you try it, it is very successful. In a capitalist,
working, largely christian society, not helping people is a black mark.

Serg B. wrote:
I am not sure if this is a suitable topic for this list but it is
certainly within the scope.

This article is not related to IT as such, but has a lot to do with
social engineering and identity theft. I suppose this is an iffy area
of IT since the Internet has not only enabled perpetrators to realise
much greater returns on their crimes but has became an indispensable
tool in every arsenal.

Since I read The Art of Deception few years ago I started to notice
real life situations where an individual could easily get away with
almost anything (theft, scams, etc.) by carefully choosing their words
and people they talk to. When I first read the book I thought it
didn't look like any of this could be possible. It was certainly
fascinating to read but not possible, not for me any way. As I worked
through my young grasshopper IT career days I became more and more
exposed to the security side of the industry that in turn made it
possible for me to observe some of these tricks, or at least attempts
to do so, first hand. Soon after I realised that things are even
simpler then an average case study in the book. Especially if you are
an insider, you have access to everything and anything. As long as you
are confident and don't mind lying like there is no tomorrow the world
is yours.


  Serg
  ubermonkey.wordpress.com


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault