Re: Social Engineering

[theanathema.at.gmail.com () securityfocus com]

Social Engineering is a human flaw, not a system flaw. As far as what products minimize/prevent social engineering - 
The only thing that can really help is training. There are many (read: thousands) companies that provide personnel 
training services.

As you specifically mention Mitnick, you obviously are familiar with his particular texts on the subject. I recommend 
that you start there. Research his company, visit some sites like astalavista.com, etc... You can find 
psudo-underground texts walking you through some of the finer points of social engineering there.

As to programs that tell you if a particular person works at a particular company - that is up to the company to 
install, and instruct the employees to use. Most companies have a central employee listing available in some for to 
current employees. I would guess something like 1:10^-5 employees actually use this kind of resource in daily 
operations to combat social engineering.

Cheers,
Joshua

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------