RE: Testing the user community

[Des Ward <security () senticom co uk>]

Buy ten thumb drives, put a piece of code on them to sent a net message to your server internally or something similar 
(Basically you want the devices to phone home once placed in the users workstation) then you'll find how many people 
are still dumb enough to put an unknown device in their corporate system.

-----Original Message-----
From: webmaster () absolutenetworks biz
To: pen-test () securityfocus com
Sent: 30/01/07 14:12
Subject: Testing the user community

We all know our weak link but how do you identify just how weak they are? I 
think it's time to pen test my user community and have a couple ideas to gather 
statistics on just how nonaware they really are. Maybe a simple phishing scam 
and bogus email with a fake virus attachment that emails me when it's opened so 
I can track how many folks actually opened it.  Has anyone ever done this 
before? I can't find any information about it on the web.. thoughts and ideas 
anybody?

Many thanks

Kurt



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------