Penetration Testing mailing list archives
Re: Penetration Testing - Human Factor
From: "K K Mookhey" <kkmookhey () gmail com>
Date: Thu, 24 Aug 2006 01:57:09 +0530
Isn't it also about the fact that people are very hesitant to report incidents where they've been taken for a ride, and more willing to admit technical goof ups such as not applying a patch? We've offered clients social engineering attacks as part of pen-tests, and have found takers for these too. Having said that, I think targeted financial fraud leveraging computer systems usually happens with a very strong component of social engineering, whereas regular hacking (with possible financial results) is usually almost purely technical. Just my 2c. KK
On 8/23/06, Joey Peloquin <joeyp () cotse net> wrote: > KeenerPB () mcnosc usmc mil wrote: > > I would disagree with Arian regarding the technical aspects of "true" > > hacking...in my experience, social engineering plays a huge role in > > successful compromise of a network. Most of the time the boundaries are > > pretty tight so you have to lob one over the fence (social engineering) in > > order to punch out from the inside to defeat the boundary devices. > > All due respect, I'm both an Enterprise pen-test customer and an internal > pen-tester at the same company, and I don't see social engineering on the > radar at all, save a mention as part of our security awareness program. > > How many enterprises do you all contract with that *actually* include social > engineering, and the like, in the scope? We've paid as much as 40K for an > engagement and it didn't include social engineering. > > -jp > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > http://www.cenzic.com/products_services/download_hailstorm.php > ------------------------------------------------------------------------ > >
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- RE: Penetration Testing - Human Factor, (continued)
- RE: Penetration Testing - Human Factor Paul Melson (Aug 21)
- RE: Penetration Testing - Human Factor Arian J. Evans (Aug 21)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- RE: Penetration Testing - Human Factor Isaac Van Name (Aug 24)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- Re: Penetration Testing - Human Factor R. DuFresne (Aug 22)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Catsworth (Aug 22)
- RE: Penetration Testing - Human Factor KeenerPB (Aug 22)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Message not available
- Re: Penetration Testing - Human Factor K K Mookhey (Aug 23)
- RE: Penetration Testing - Human Factor Robert D. Holtz - Lists (Aug 23)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Pen-testing/auditing MS Exchange Servers. Serge Vondandamo (Aug 24)
- RE: Pen-testing/auditing MS Exchange Servers. Justin Polazzo (Aug 25)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 29)