An interesting topic that was mentioned in class was the idea of social engineering. The basic idea behind social engineering is manipulating or tricking people into revealing sensitive information. For instance, answering questions like ‘mothers maiden name’ or ‘hometown’ can pose a serious security issue, as they may be password-reset questions. Bruce Schneier from the article I found also brings up an interesting scenario of USB sticks with malicious software installed, being dropped in parking lots. Good Samaritans who want to return lost property without thinking, would plug the newly found USB drive into their computer. Without their knowledge, malicious software would be installed on their system and a possible back door into their computer could be opened. Allowing the ‘bad guy’ to have full access to their system. Bruce Schneier does a great job of explaining how sensitive data can’t ever be fully protected. Nothing is 100% fail proof. Most likely, the bad guys will figure out how access the data if they want it bad enough. Overall, it’s a good article to introduce the subject of social engineering and possibly create certain awareness around the vulnerabilities and possible threats of being tricked into giving away sensitive information to bad guys.
How can social engineering be minimized? How can less computer savvy people become educated about social engineering hacks? It may be impossible to prevent all attacks, but if may be worthwhile to provide them with tools to help them recognize when they may become a victim of social engineering.
To Read the Yet Another “People Plug in Strange USB Sticks” Story visit-http://www.schneier.com/blog/archives/2011/06/yet_another_peo.html