~ Office Supplies ~~ Buy Posters ~~ A-Z Products ~~ Website Advertising


Social engineering - Wikipedia

<<Up     Contents

Social engineering

In its most usual sense, social engineering is a mainly pejorative term used to describe the intended effects of authoritarian systems of government. The implication is that some governments are intending to change or "engineer" their citizens, for example, by the use of propaganda.

Social engineering has been used by programmers to mean the art of conning a naive person into revealing sensitive data on a computer system, often the Internet. With the profusion of poorly-secured computers with known security holes connected to the Internet, the majority of security compromises are now done by exploiting such; however, social engineering attacks remain extremely common and are a way to attack systems protected against other methods - for instance, computers which are not connected to the Internet. It is an article of faith amongst experts in the field that "users are the weak link".

A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam). After earlier malicious emails led software vendors to disable automatic execution of attachments, users now have to explicitly activate attachments for this to occur. Many users, however, will blindly click on any attachments they receive, thus allowing the attack to work.

A common approach is dumpster-diving for a piece of paper with a username[?] and password on it. Another ploy is to obtain a username through a similar method and call a secretary or low-level bureaucrat[?] on the telephone, posing to be that person (or systems administrator) and requesting a password change or feigning a forgotten password.

Perhaps the simplest, but still effective attack is tricking the user into thinking you are an administrator and requesting the password for debugging purposes. Users of internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation. Users of these systems must be warned early and frequently to not to divulge sensitive information, passwords or otherwise, to people claiming to be administrators. In reality, administrators of computer systems rarely, if ever, need to know the user's password to perform administrative tasks.

Training users about security policies and ensuring that they are followed is the primary defence against social engineering.

wikipedia.org dumped 2003-03-17 with terodump




 
 
3 gram Blue Green AMAZONITE Feldspar gem stone Tumbled lapidary cab cabbing rough freeform gemstone
 3 gram Blue Green AMAZONITE Feldspar Tumbled lapidary cab cabbing freeform  
 
88 carat Unique Mexican CRAZY LACE AGATE rough cabbing gemstone tumbled jewelry wirewrap piece nice
 88 carat Unique Mexican CRAZY LACE AGATE cabbing tumbled jewelry wirewrap piece nice 
 
8 carat black OBSIDIAN gem stones Polished rectangle blocks Cabbing cab cabochon rough gemstones
 8 carat black OBSIDIAN Polished rectangle blocks Cabbing cab cabochon  
 
158 carats gray AGATE gem Polished slab rectangle block Cabbing cab cabochon rough gemstone 31 grams
 158 carats gray AGATE Polished slab rectangle block Cabbing cab cabochon 31 grams 
 
27 gr brown blue PETRIFIED FOSSIL WOOD Cab lapidary carving rough tumbled polished gemstone jewelry
 27 gr brown blue PETRIFIED FOSSIL WOOD Cab lapidary carving tumbled polished jewelry