Re: Social Engineering Data set

[qxlr () twmi rr com]

Today's "Social Engineers" operate in much the same way as their 
predecessors,
those ne’er-do-wells referred to in times past as grifters or 
confidence men.
They always have a clear cut objective, manipulation of other 
individuals and
circumstances is the means by which they meet it, and thanks to the 
facelessness of 21st century communications, exposure of a high value 
target, 
a rarity in the past, is now a commodity from a virtually 
inexhaustible 
supply. 

I rely a great deal on intuition, both personal and professional
experience, (I was a paralegal (torts) for ten years; married to an 
criminal
defense attorney) and the general hinkiness factor of someone or 
something. 
I sort of use my own psychological profile, which is in no way 
scientifically
sanctioned, but utilizes recognized behavioral patterns. 

xun dong wrote: 

> I think what you said is correct, that's why I decide to research 
> social 
> engineering properly. It is no doubt that Phishing and pharming 
> should 
> belong to the family of social engineering attacks. 
>
> The most important thing for this data set is that: completeness 
> (covers as wide range as possible). I feel that I must missed some 
> thing 
> and if more people contribute to it the more complete the data set 
> will 
> be. Thanks for all people gave me suggestions, I have so far got 
> 32 
> different social engineering attacks. I am now process it and then 
> I 
> will publish them on Internet for the community to use. I will try 
> to 
> get it done ASAP. 
>
>
> Robinson, Sonja wrote: 
> > Many attacks are of the social engineering type. In fact the 
> most 
> > notable are or have obtained much of their information by those 
> > techniques- mitnick, poulsen etc. 
> >
> > When doing audits and security reviews, I employ social 
> engineering to 
> > see what people 'fess up. It is truly amazing. 
> >
> > I would look at your search criteria. It is easier to have 
> people 
> > give the keys then steal them yourself. Technically phishing is 
> > social engineering. It is a manipulation of a user or other 
> party to 
> > "give up" pertinent information so that you can gain access. So 
> there 
> > is plenty of info. 
> >
> > ------Original Message------ 
> > From: xun dong 
> > To: pen-test () securityfocus com 
> > To: security-basics () securityfocus com 
> > Sent: Oct 11, 2006 6:31 AM 
> > Subject: Social Engineering Data set 
> >
> > Hello list; 
> >
> > I am currently doing research on Social Engineering Attacks. 
> Unlike the 
> > technical hack, I found that there is few useful and well 
> documented SE 
> > attack examples on the Internet. So I decided to create a data 
> set for 
> > SE attacks, and I am willing to publish it for free on the 
Internet. 
> > However, I think only my own experience would not be able to 
> make this 
> > dataset as comprehensive as possible. So I would like to ask for 
> help on 
> > this list. If you think you have SE attack examples, you can 
> email me. 
> > Of course for confidential reason you should not use the real 
> name in 
> > your example. If you don't mind I will also publish your name 
> along with 
> > the example you provided. Thanks a lot in advance. I hope this 
> could be 
> > a step forwards in protecting against SE attacks. 
> >
> > -- 
> > Xun Dong 
> > Research Associate 
> > Department of Computer Science 
> > University of York 

>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------