Thursday, November 30, 2006

Thursday, November 30, 2006
10:26 PM

First-Person Account of a Social Engineering Attack: "darkreadingman writes, 'A penetration tester tells how he broke into a bank's network dressed as a copier repairman. Some good lessons here — many companies spend millions on network security, but don't teach their employees how to challenge a stranger in the building. Social engineering at the company site can be one of the most difficult attacks to defend against.' From the article: 'Before departing scenes like these, we try to document the effort and provide proof of our success. I usually leave something behind and then contact the person who hired me and direct them to the mark. In this case I wrote his password on a ream of paper and tucked it under the machine.'


(Via Slashdot.)

No comments: