Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Penetration Testing - Human Factor
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 22 Aug 2006 21:27:22 -0400 (EDT)

Hash: SHA1

On Mon, 21 Aug 2006, Marios A. Spinthiras wrote:

As a thorough sceptic Id like to conclude in most cases of a TRUE hacking incident social engineering has been a factor of success for the malicious user attacking a system.

My observations differ. There tend to still remain enough low hanging fruit that one need not resort to directed victim contact. As well, social engineering can be hampered and has limitations; especially in cross border incidents. Yes this does sound as though I'm bundling all social engineering into the Mitnick realm of phone calls for information, but consider, am I more likely to respond in the fashion you wish if the spelling and grammar match the language and region I'm in and accustomed to?


Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
Version: GnuPG v1.4.5 (GNU/Linux)


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]