Re: Social Engineering Data set

[xun dong <xundong () cs york ac uk>]

I think what you said is correct, that's why I decide to research social 
engineering properly. It is no doubt that Phishing and pharming should 
belong to the family of social engineering attacks.

The most important  thing for this data set is that: completeness 
(covers as wide range as possible). I feel that I must missed some thing 
and if more people contribute to it the more complete the data set will 
be. Thanks for all people gave me suggestions, I have so far got 32 
different social engineering attacks. I am now process it and then I 
will publish them on Internet for the community to use. I will try to 
get it done ASAP.


Robinson, Sonja wrote:
> Many attacks are of the social engineering type.  In fact the most 
> notable are or have obtained much of their information by those 
> techniques- mitnick, poulsen etc. 
>
> When doing audits and security reviews, I employ social engineering to 
> see what people 'fess up.  It is truly amazing.
>
> I would look at your search criteria.  It is easier to have people 
> give the keys then steal them yourself.  Technically phishing is 
> social engineering.  It is a manipulation of a user or other party to 
> "give up" pertinent information so that you can gain access. So there 
> is plenty of info.
>
> ------Original Message------
> From: xun dong
> To: pen-test () securityfocus com
> To: security-basics () securityfocus com
> Sent: Oct 11, 2006 6:31 AM
> Subject: Social Engineering Data set
>
> Hello list;
>
> I am currently doing research on Social Engineering Attacks. Unlike the
> technical hack, I found that there is few useful and well documented SE
> attack examples on the Internet. So I decided to create a data set for
> SE attacks, and I am willing to publish it for free on the Internet.
>
> However, I think only my own experience would not be able to make this
> dataset as comprehensive as possible. So I would like to ask for help on
> this list. If you think you have SE attack examples, you can email me.
> Of course for confidential reason you should not use the real name in
> your example. If you don't mind I will also publish your name along with
> the example you provided. Thanks a lot in advance. I hope this could be
> a step forwards in protecting against SE attacks.
>
> --
> Xun Dong
> Research Associate
> Department of Computer Science
> University of York
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec 
> management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed 
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>
> Sent from my wireless
>
> Sonja Robinson
> Cell: 646-468-6518

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------