Penetration Testing mailing list archives
Re: Valid/sufficient identification mechanisms/credentials for personal data collection.
From: Michael Krymson <krymson () gmail com>
Date: Tue, 01 Aug 2006 12:03:59 -0500
Social engineering is just that: social. What stops most people is their personal level of morals. Lying, by our upbringings, is bad. Therefore, many people don't go to any great lengths beyond "white lies" or small deceptions. The consequences of being caught keep most people from ever truly attempting social engineering for any particular gain. But yes, once you try it, it is very successful. In a capitalist, working, largely christian society, not helping people is a black mark. Serg B. wrote:
I am not sure if this is a suitable topic for this list but it is certainly within the scope. This article is not related to IT as such, but has a lot to do with social engineering and identity theft. I suppose this is an iffy area of IT since the Internet has not only enabled perpetrators to realise much greater returns on their crimes but has became an indispensable tool in every arsenal. Since I read The Art of Deception few years ago I started to notice real life situations where an individual could easily get away with almost anything (theft, scams, etc.) by carefully choosing their words and people they talk to. When I first read the book I thought it didn't look like any of this could be possible. It was certainly fascinating to read but not possible, not for me any way. As I worked through my young grasshopper IT career days I became more and more exposed to the security side of the industry that in turn made it possible for me to observe some of these tricks, or at least attempts to do so, first hand. Soon after I realised that things are even simpler then an average case study in the book. Especially if you are an insider, you have access to everything and anything. As long as you are confident and don't mind lying like there is no tomorrow the world is yours. Serg ubermonkey.wordpress.com
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Kurt Seifried (Aug 01)
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Serg B. (Aug 01)
- <Possible follow-ups>
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Michael Krymson (Aug 01)