Social Engineering

An interesting topic that was mentioned in class was the idea of social engineering. The basic idea behind social engineering is manipulating or tricking people into revealing sensitive information. For instance, answering questions like ‘mothers maiden name’ or ‘hometown’ can pose a serious security issue, as they may be password-reset questions. Bruce Schneier from the article I found also brings up an interesting scenario of USB sticks with malicious software installed, being dropped in parking lots. Good Samaritans who want to return lost property without thinking, would plug the newly found USB drive into their computer. Without their knowledge, malicious software would be installed on their system and a possible back door into their computer could be opened. Allowing the ‘bad guy’ to have full access to their system. Bruce Schneier does a great job of explaining how sensitive data can’t ever be fully protected. Nothing is 100% fail proof. Most likely, the bad guys will figure out how access the data if they want it bad enough. Overall, it’s a good article to introduce the subject of social engineering and possibly create certain awareness around the vulnerabilities and possible threats of being tricked into giving away sensitive information to bad guys.

How can social engineering be minimized? How can less computer savvy people become educated about social engineering hacks? It may be impossible to prevent all attacks, but if may be worthwhile to provide them with tools to help them recognize when they may become a victim of social engineering.

To Read the Yet Another “People Plug in Strange USB Sticks” Story visit-http://www.schneier.com/blog/archives/2011/06/yet_another_peo.html

Enhanced by Zemanta
Advertisements

5 thoughts on “Social Engineering

  1. This is such a popular issue today. Flash drives are becoming more and more common in our everyday life. These drives are so nice to have because you don’t have to drag around a laptop to access information. Just plug it into a public computer and there you go. Of course these drives are vulnerable and can me used a vessels of attack and that’s what this blog post is about. Hackers are dropping these small portable drives all over just so they can have some fun with messing with another persons life by attacking them virtually. I wouldn’t be surprised if the government has special people of security to inspect parking lots around federal buildings to pick up any “lost” flash drives. Or even federal building have signs that warn employees to avoid picking up and using any of these “lost” flash drives.

    • That’s such a great point. Rather than preventing the use of flash drives- as they can be useful tools. By posting signs in parking lots and or around government buildings warning about the risks of strange USB flash drives, hopefully it would make people more cautious. Also having a security guard scan the parking lot wouldn’t be a bad idea.

      Sent from my iPhone

  2. I think the point of nothing is 100% fail proof is incredibly true! I’ve seen many people get so comfortable with their workstations as well as their personal computers because they think they have these security measures in place and they are “untouchable” and because of this false sense of security they miss signs that they are under attack or that they can be susceptible to these cyber attacks. I prefer an approach of a person who realizes that they are perfectly vulnerable to attacks and takes precautions to protect against them.

  3. Exactly. I believe it’s okay to be a little paranoid as long as it keeps you from being attacked. It doesn’t do any harm to be a little extra careful.

    Sent from my iPhone

  4. Education on the matter is key. Many people are oblivious to the fact people are thinking of new and different ways to steal information. crf3718 mentioned posting signs, I think that is a great idea. Spreading the word is a great way to inhibit attempts like that.

Comments are closed.