Re: Penetration Testing - Human Factor

From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Aug 22 2006 - 21:27:22 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 21 Aug 2006, Marios A. Spinthiras wrote:

> As a thorough sceptic Id like to conclude in most cases of a TRUE hacking
> incident social engineering has been a factor of success for the malicious
> user attacking a system.

My observations differ. There tend to still remain enough low hanging
fruit that one need not resort to directed victim contact. As well,
social engineering can be hampered and has limitations; especially in
cross border incidents. Yes this does sound as though I'm bundling all
social engineering into the Mitnick realm of phone calls for information,
but consider, am I more likely to respond in the fashion you wish if the
spelling and grammar match the language and region I'm in and accustomed
to?

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE6679st+vzJSwZikRAp83AJ4pz9uQA8QoTi/1EB7aDZa1T0DIQwCg0cWF
V1lJFW7qTCQTJlyhVKi1+Gs=
=2W6B
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:47 EDT