Security Basics mailing list archives
Re: Social Engineering
From: Joshua <joshua.broussard () gmail com>
Date: Tue, 03 Jan 2006 14:29:05 -0500
Social Engineering is a human flaw, not a system flaw. As far as what products minimize/prevent social engineering - The only thing that can really help is training. There are many (read: thousands) companies that provide personnel training services.
As you specifically mention Mitnick, you obviously are familiar with his particular texts on the subject. I recommend that you start there. Research his company, visit some sites like astalavista.com, etc... You can find psudo-underground texts walking you through some of the finer points of social engineering there.
As to programs that tell you if a particular person works at a particular company - that is up to the company to install, and instruct the employees to use. Most companies have a central employee listing available in some for to current employees. I would guess something like 1:10^-5 employees actually use this kind of resource in daily operations to combat social engineering.
Cheers, Joshua coder wrote:
Hello everyone, I am currently planning on writting a thesis on social engineering, I have been fascinated with this subject since I watched Hackers 2/Takedown and read Kevin Mitnick's book. Now before I fully take on this idea, what products currently exist to minimize/prevent social engineering? If anyone saw Hackers 2/Takedown, Tsutomu Shimomura used a program that could tell him if the person on the phone actually exists in a company, does this sort of software exist? Sorry, if this is in the wrong mailing list, but I didn't see a "Social Engineering" mail list ;) Thanks ~Davie Elliott --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Social Engineering coder (Jan 03)
- Re: Social Engineering Gaddis, Jeremy L. (Jan 04)
- Re: Social Engineering Joshua Shaffer (Jan 04)
- Re: Social Engineering Joshua (Jan 04)
- Re: Social Engineering Barrie Dempster (Jan 04)
- Re: Social Engineering Clay Ye (Jan 04)
- Re: Social Engineering Leif Ericksen (Jan 04)
- Re: Social Engineering Ansgar -59cobalt- Wiechers (Jan 04)
- RE: Social Engineering Ryan Chivers (Jan 05)
- RE: Social Engineering Ebeling, Jr., Herman Frederick (Jan 06)
- RE: Social Engineering jpippin (Jan 05)
- <Possible follow-ups>
- Re: Social Engineering theanathema . at . gmail . com (Jan 04)
- Re: Social Engineering barcajax (Jan 04)
- Re:Social Engineering Snuff (Jan 04)
(Thread continues...)