Great, detailed ways of protecting your organization agaist these pesky social engineers. In stead of just recapping what Steve has so eloquently laid out for us, I would like to offer a funny ending to this blog.
The main thing that I will take away from reading this book is to BELIEVE NO ONE!!!!!
Did any of us ask for some proper identification from our own Molly Wasko? If that is even her real name. She could of been cleverly collecting social data on us from the very beginning. We have all given up so much personal information along the way in this course. She could use this information against us after we graduate and create our own small businesses and strike it rich. We are investments if you will. She knows some deep secrets about us all and she clearly knows how to use them. She read Art of Deception as well. She could, or have one of her children, call one of us and say that she is our vet and that our precious 'boo boo' doggie has been hit in car accident and the only hope for survival is to give all of your pin numbers pass codes and your mothers' maiden name. It could happen. Watch out.
Tuesday, November 27, 2007
Chapter 15
One one more to go after this one. YEA!!!
Finally we are getting to the real solution portion of the book. The examples, though entertaining, are getting harder and harder to stay focused on because they are very repetitive. This chapter starts the problem solving strategies through awareness and training. I think I mentioned it back in chapter three or four about starting a company that tries to break into companies, well looks like I am behind the times. Businesses like that already exist. If I were shopping for my own organization I would definitely look for a program that combines that technological aspect with that of human touch. I love to hear stories of casinos that hire ex-cons to help them learn how they can get ripped off. I looked up Mitnick on Wikipedia and he himself was quite the social engineer himself. I actually did this before chapter fifteen, but it is applicable to blog about it now. The criminal is the best resource to ward against theft.
What do you guys think? Would you hire an ex-con to help secure your company? How would you know if they were helping or hurting your cause. I am so scared of the unknown and all this technical stuff is well out of my learning range. I could learn to be more skeptical, but I would still need to rely on a strong IT person to help me decipher all the possible ways I could get scammed.
Finally we are getting to the real solution portion of the book. The examples, though entertaining, are getting harder and harder to stay focused on because they are very repetitive. This chapter starts the problem solving strategies through awareness and training. I think I mentioned it back in chapter three or four about starting a company that tries to break into companies, well looks like I am behind the times. Businesses like that already exist. If I were shopping for my own organization I would definitely look for a program that combines that technological aspect with that of human touch. I love to hear stories of casinos that hire ex-cons to help them learn how they can get ripped off. I looked up Mitnick on Wikipedia and he himself was quite the social engineer himself. I actually did this before chapter fifteen, but it is applicable to blog about it now. The criminal is the best resource to ward against theft.
What do you guys think? Would you hire an ex-con to help secure your company? How would you know if they were helping or hurting your cause. I am so scared of the unknown and all this technical stuff is well out of my learning range. I could learn to be more skeptical, but I would still need to rely on a strong IT person to help me decipher all the possible ways I could get scammed.
Chapter 14
This is short one, so I am sure the post will follow suit.
I enjoyed the Rick Daggot story. What a charmer. We had a joke at Borders about the authors. Many times an author would come into the store and just grab their own book off the shelf and sign them. Or they would ask the book sellers to direct them to the title just to see if they had ever heard of the book. I guess this is how authors can feed their egos. Anyway, we said we would tour the country posing as authors and signing books. Not much money to made by this, but it is a nice form of revenge or sabotage.
Sammy Sanford, what a coward. I have more respect for the thief that steals from me face to face. These social engineers are very cowardice. Except for good old Rick Daggot, he had some guts. I like that.
I enjoyed the Rick Daggot story. What a charmer. We had a joke at Borders about the authors. Many times an author would come into the store and just grab their own book off the shelf and sign them. Or they would ask the book sellers to direct them to the title just to see if they had ever heard of the book. I guess this is how authors can feed their egos. Anyway, we said we would tour the country posing as authors and signing books. Not much money to made by this, but it is a nice form of revenge or sabotage.
Sammy Sanford, what a coward. I have more respect for the thief that steals from me face to face. These social engineers are very cowardice. Except for good old Rick Daggot, he had some guts. I like that.
Chapter 13
I do not think we should have to do this one. Bad luck and all.
Shocker that caller 'ID' can not be trusted. Now I have lost all faith in modern technology.
I wish that I had read this book or at least this chapter years ago. I have had more than my fair share of traffic violations. I am good at a lot of things, but driving is not one of them. It is generally not for speeding, more like careless driving. I am the person that is easily distracted(go figure) and drives other drivers crazy. I have heard that if officers do not show for the court date that you have a greater chance of winning your case. If the other witness is not there to defend their side that makes sense. This has never been the case with myself. The officer always shows up, and I always lose. Paul Durea's scam would of come on handy.
Oh my goodness, our first female social engineers hit. Of course they use their seductive voice. Not sure how I feel about that. I am all for Samantha and her revenge. What a waste of a clever employee. They could of benefited from her ingenious if they would have not been so sexist.
Shocker that caller 'ID' can not be trusted. Now I have lost all faith in modern technology.
I wish that I had read this book or at least this chapter years ago. I have had more than my fair share of traffic violations. I am good at a lot of things, but driving is not one of them. It is generally not for speeding, more like careless driving. I am the person that is easily distracted(go figure) and drives other drivers crazy. I have heard that if officers do not show for the court date that you have a greater chance of winning your case. If the other witness is not there to defend their side that makes sense. This has never been the case with myself. The officer always shows up, and I always lose. Paul Durea's scam would of come on handy.
Oh my goodness, our first female social engineers hit. Of course they use their seductive voice. Not sure how I feel about that. I am all for Samantha and her revenge. What a waste of a clever employee. They could of benefited from her ingenious if they would have not been so sexist.
Chapter 12
Oh the poor, poor pitiful entry level employees. They are certainly getting the brunt of the examples of ignorance in this book. This is a point that Steve has made painfully clear. TRAIN those entry level employees until you run out of money.
It seems as though much is said about the con and how to commit these crimes. In great detail I might add. What about the punishments? You can not have the crime without the punishment. What is the author doing to detour this behavior. He does suggest safe guards along the way and I know he gives many solutions in the end, but the consequences would be nice to hear along the way. I read about Steve's time in the 'big house' on the Internet. What about Bill the bank robber that wanted to retire at 24, Joe Harper the 17 year old trill seeker or Anthony Lake the lazy businessman? Where are they now? Behind bars or behind lap tops finding more ways to scam us?
The Kurt Dillion story made me think if we could hack into the 'turnitin' web site we would have an artillery of academic resources at our mouse tips. More fun might be to get a hold of someones case study before they turn it in. This is not too hard because many of the MBA's leave their blackboard up on the computers in the lab. I have even seen a credit card account up on a screen one day. True story, ask Jenna. Once we have acquired the paper before they turn it in we could post some of the material on line. Then when they 'turnitin' it will come up as a stolen piece of material.
It seems as though much is said about the con and how to commit these crimes. In great detail I might add. What about the punishments? You can not have the crime without the punishment. What is the author doing to detour this behavior. He does suggest safe guards along the way and I know he gives many solutions in the end, but the consequences would be nice to hear along the way. I read about Steve's time in the 'big house' on the Internet. What about Bill the bank robber that wanted to retire at 24, Joe Harper the 17 year old trill seeker or Anthony Lake the lazy businessman? Where are they now? Behind bars or behind lap tops finding more ways to scam us?
The Kurt Dillion story made me think if we could hack into the 'turnitin' web site we would have an artillery of academic resources at our mouse tips. More fun might be to get a hold of someones case study before they turn it in. This is not too hard because many of the MBA's leave their blackboard up on the computers in the lab. I have even seen a credit card account up on a screen one day. True story, ask Jenna. Once we have acquired the paper before they turn it in we could post some of the material on line. Then when they 'turnitin' it will come up as a stolen piece of material.
Monday, November 26, 2007
Chapter 11
I think I am just a skeptical of hackers getting into a prison system as I am of them hacking from prison. Remember Shawshank redemption? Tim Robbins was a clever social engineer. He befriended his way into working for the Warden in a variety of ways. He was given a great deal of responsibility and clearance into the financial and person portions of the employees of the jail. These tactics exemplified the definition of a social engineer on page 173 'a social engineer lives by his ability to manipulate people into doing things that help him achieve his goal.'
The cleaning people point came up in a conversation with my brother over the weekend. He works for the Air Force in an extremely high security confidential project. They are not allowed to even bring their cell phones into the building for fear of infiltration. He and I thought that the best approach to stealing information would be to dress up like a janitor and have a camera in our mop. He told me that cleaning people just blend into the terrain and no one would even notice their existence. Many of the programmers regularly leave information up on the screens. We could also bug the room when no one was looking. He did say however that the information along is not that valuable. The combination of the information is worth much more. They separate the projects so that only a small few actually have access to the project as a whole. That seems like a good strategy for security.
The cleaning people point came up in a conversation with my brother over the weekend. He works for the Air Force in an extremely high security confidential project. They are not allowed to even bring their cell phones into the building for fear of infiltration. He and I thought that the best approach to stealing information would be to dress up like a janitor and have a camera in our mop. He told me that cleaning people just blend into the terrain and no one would even notice their existence. Many of the programmers regularly leave information up on the screens. We could also bug the room when no one was looking. He did say however that the information along is not that valuable. The combination of the information is worth much more. They separate the projects so that only a small few actually have access to the project as a whole. That seems like a good strategy for security.
Friday, November 23, 2007
Chapter Ten
I was wondering how challenging it is for hackers to penetrate the blackboard system and change their grades. For an MBA trying to get a job on Wall-Street straight A’s are extremely valuable when getting the pay that you want.
Former employees seem like the most dangerous threat. Disgruntled employees are known for heinous acts up to and including murder. Stealing from an ex-employer that the employee feels has wronged them almost seems justifiable. Having staff members change all passwords after a termination is a great idea. I can tell you about three combination/passwords from former employments that I can almost guarantee still work. I know how bad I hate changing my personal ones. I have over 15 different accounts that require log-ins and passwords. It would take about an hour month if I changed them that frequently. I know for a fact that my ex has the one for my e-mail account, and knowing this changes some of my e-mail behaviors. I could change it, but I actually like that they still tap in sometimes. I will give them the information that I want them to know. I am starting to sound like a small time social engineer myself.
Former employees seem like the most dangerous threat. Disgruntled employees are known for heinous acts up to and including murder. Stealing from an ex-employer that the employee feels has wronged them almost seems justifiable. Having staff members change all passwords after a termination is a great idea. I can tell you about three combination/passwords from former employments that I can almost guarantee still work. I know how bad I hate changing my personal ones. I have over 15 different accounts that require log-ins and passwords. It would take about an hour month if I changed them that frequently. I know for a fact that my ex has the one for my e-mail account, and knowing this changes some of my e-mail behaviors. I could change it, but I actually like that they still tap in sometimes. I will give them the information that I want them to know. I am starting to sound like a small time social engineer myself.
Subscribe to:
Posts (Atom)