Security Basics mailing list archives
Re: Steps to avoid Social Engineering
From: Times Enemy <times () krr org>
Date: Wed, 20 Apr 2005 01:40:15 -0700
Greetings. I like the use of the Patriot Act. :) Also, a lot of these "fixes" are dependent on the environment(s), and as such, require customizations and/or common sense. A personal favorite of mine is to ask a bogus question ..., "Yes, before i give you that information needed to utterly ruin my clients existence, may i please have your S.U.C.K.A #?" ... [ click ]. .times enemy David wrote:
Contact someone you know at the third company and ask them for a list of people who could potentially be contacting you for access. Then have them register themselves with an account with a user ID and password. Or, alternately, you could use a provision of the Patriot Act and report them as terrorist spies. If they survive the trip to Lebanon for torture and their stay in Guantanamo Bay and successfully make it back then they are probably OK. -----Original Message----- From: Tabs The Cat [mailto:tabsthecat () gmail com] Sent: Tuesday, April 19, 2005 1:39 AM To: security-basics () securityfocus com Subject: Steps to avoid Social Engineering Hello y'all, I have a question for you guys (and gals). We all know about social engineering. Some of us use it on a daily basis. And we all know how it can be even more dangerous than any computerized attacks, but how can we protect against it? I'll give you an example: we have a database based program that was written by and maintained by a third party that is in another city. In the past when they needed access for maintenance, we would provide them it via VPN. Recently there has been a problem so they were contacted. Earlier today someone from that company phoned me to discuss details about the VPN. I haven't given them any information yet. In this case I am fairly positive it is legit since they knew the company that we use as well as who lodged the complaint. But how could I get this person (or any one in the future) prove to me that they are the people who are they say they are? Any advice? Tabs
Current thread:
- Steps to avoid Social Engineering Tabs The Cat (Apr 18)
- Re: Steps to avoid Social Engineering Cd Pirate (Apr 19)
- Re: Steps to avoid Social Engineering Micheal Espinola Jr (Apr 20)
- Re: Steps to avoid Social Engineering Dave Peters (Apr 21)
- RE: Steps to avoid Social Engineering J B (Apr 19)
- Re: Steps to avoid Social Engineering T. Shannon Gilvary (Apr 19)
- Re: Steps to avoid Social Engineering David Roman Esteban (Apr 19)
- RE: Steps to avoid Social Engineering David (Apr 19)
- Re: Steps to avoid Social Engineering Times Enemy (Apr 20)
- RE: Steps to avoid Social Engineering Aruna (Apr 19)
- RE: Steps to avoid Social Engineering Patoff Pat-EtHiQ (Apr 19)
- RE: Steps to avoid Social Engineering Yashodhan Deshpande (Apr 20)
- RE: Steps to avoid Social Engineering Matt Cunnane (Apr 19)
- Re: Steps to avoid Social Engineering Raoul Armfield (Apr 20)
- Re: Steps to avoid Social Engineering Alvaro Prieto (Apr 20)
- <Possible follow-ups>
- RE: Steps to avoid Social Engineering Reece, Terry (Apr 19)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 19)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- Re: Steps to avoid Social Engineering rusty chiles (Apr 20)
(Thread continues...)
- Re: Steps to avoid Social Engineering Cd Pirate (Apr 19)