Penetration Testing mailing list archives
Assessing the security awareness of web users at a national level
From: "Demetris Papapetrou" <dpapapetrou () internalaudit gov cy>
Date: Fri, 18 Sep 2009 13:29:03 +0300
Dear list members, I am currently setting up a project, in which I will assess the security awareness level of my fellow citizens concerning social engineering attacks that are launched through the web. The scope of the project is to gather statistical data and possibly draw some useful conclusions as to the level of awareness of lets say, male vs female users in my country, young vs old people, linux vs windows users or even firefox vs internet explorer users. The attack methods will simulate real life scenarios such as fake virus detection messages, missing codec messages or even "click me" buttons that are often utilized by attackers to infect computers with viruses/backdoors/malware/etc. I should note here that no harmful programs will be sent to users during the assessment. Instead the "malicious website" will record whether the users clicked on the download button/malicious link or not. I was wondering whether any of you know of similar projects performed and if you are kind enough to point me to any relevant links. Any suggestions regarding the method of distribution (e.g. emails, forums, IRC, facebook, myspace, etc) or the different attack vectors (e.g. virus message, codec missing messages, etc) or anything else that comes to your mind will be much appreciated. Thank you in advance, Demetris ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Assessing the security awareness of web users at a national level Demetris Papapetrou (Sep 22)