From: Joey Peloquin (joeyp@cotse.net)
Date: Wed Aug 23 2006 - 08:09:48 EDT
KeenerPB@mcnosc.usmc.mil wrote:
> I would disagree with Arian regarding the technical aspects of "true"
> hacking...in my experience, social engineering plays a huge role in
> successful compromise of a network. Most of the time the boundaries are
> pretty tight so you have to lob one over the fence (social engineering) in
> order to punch out from the inside to defeat the boundary devices.
All due respect, I'm both an Enterprise pen-test customer and an internal
pen-tester at the same company, and I don't see social engineering on the
radar at all, save a mention as part of our security awareness program.
How many enterprises do you all contract with that *actually* include social
engineering, and the like, in the scope? We've paid as much as 40K for an
engagement and it didn't include social engineering.
-jp
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:47 EDT