Re: Valid/sufficient identification mechanisms/credentials for personal data collection.

From: Michael Krymson (krymson@gmail.com)
Date: Tue Aug 01 2006 - 13:03:59 EDT


Social engineering is just that: social. What stops most people is their
personal level of morals. Lying, by our upbringings, is bad. Therefore,
many people don't go to any great lengths beyond "white lies" or small
deceptions. The consequences of being caught keep most people from ever
truly attempting social engineering for any particular gain.

But yes, once you try it, it is very successful. In a capitalist,
working, largely christian society, not helping people is a black mark.

Serg B. wrote:
> I am not sure if this is a suitable topic for this list but it is
> certainly within the scope.
>
> This article is not related to IT as such, but has a lot to do with
> social engineering and identity theft. I suppose this is an iffy area
> of IT since the Internet has not only enabled perpetrators to realise
> much greater returns on their crimes but has became an indispensable
> tool in every arsenal.
>
> Since I read The Art of Deception few years ago I started to notice
> real life situations where an individual could easily get away with
> almost anything (theft, scams, etc.) by carefully choosing their words
> and people they talk to. When I first read the book I thought it
> didn't look like any of this could be possible. It was certainly
> fascinating to read but not possible, not for me any way. As I worked
> through my young grasshopper IT career days I became more and more
> exposed to the security side of the industry that in turn made it
> possible for me to observe some of these tricks, or at least attempts
> to do so, first hand. Soon after I realised that things are even
> simpler then an average case study in the book. Especially if you are
> an insider, you have access to everything and anything. As long as you
> are confident and don't mind lying like there is no tomorrow the world
> is yours.
>
>
> Serg
> ubermonkey.wordpress.com

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:29 EDT