social engineering

ALSO NOTED: IRS vulnerable to social engineering hacks; Nortel begins trolling for takeover targets;

Mon, 06 Aug 2007 06:59:58 -0400

> IRS vulnerable to social engineering hacks. Article

> Nortel begins trolling for takeover targets. Article

> Cisco plans to hold onto Linksys brand. Article

> General Motors' CIO in favor of Oracle's latest acquisitions. Article

> San Francisco's voters to weigh in on municipal WiFi network. Article

And finally... After 14 months of blogging anonymously and assuming the persona of Steve Jobs, the 'Fake Steve' finally reveals himself. Article

People as the greatest security threat

Wed, 11 Apr 2007 20:01:36 -0400

Companies are often so focused on network attacks that they forget that real human beings pose a great threat as well. Called social engineering, people pretending to have credentials they don't can exploit human vulnerabilities rather than technical ones. For example, an attacker could simply phone and ask for security details. Part of the problem is that HR thinks information security is an IT issue. To fix the problem, start by bringing IT, physical and human security together under a true information security management system. Also think about how you allocate your security budget. Is it balanced in proportion to the threats you face and the spread of vulnerabilities within your organization? Develop a thorough understanding of human vulnerabilities, with an appropriate balance between systemic improvements to shield human weaknesses, and effectively targeted training and awareness building.

Read more about social engineering:
- read the article at Computer Weekly

Latest rootkit threat illustrates sophistication

Tue, 29 Aug 2006 20:01:37 -0400

Just on the heels of a recent report on the popularity of rootkits with hackers comes news of a new threat. A new form of malware loads a rootkit onto the compromised PC, then changes the local DNS settings and finally, dumps more malicious code on to the drive. Panda Software says that this so-called "Zcodec" malware is a part of a program that claims to install codecs required for multimedia formats. The security vendor says that the intricate attack demonstrates how malware writers are getting smarter everyday and are now using rootkits, social engineering, and Trojans to commit their dirty deeds.

For further insight on the new malware approach:
- check out this article at Vnunet

Microsoft: Products not lone security issue

Wed, 05 Apr 2006 20:01:36 -0400

As its monthly Patch Tuesday arrives next week, Microsoft is going on the offensive in response to continued criticism about the insecurity of its products. A program manager with Microsoft's Anti-Malware Technology Team, Matt Braverman, is pointing out how social engineering bodes as much risk and danger to today's enterprises than product security issues. The act of "duping" users into clicking to malicious Web sites and giving up confidential information is just as perilous and requires just as much attention as product issues.

For more on the debate about Microsoft security:
- read this article at InformationWeek

People: The biggest security threat

Mon, 13 Mar 2006 19:01:35 -0500

As a recent story about ex-hacker Kevin Mitnick outlined, social engineering is often the biggest factor in hackers gaining confidential and financial information from unsuspecting users. A test case last month in London highlights the issue as unsuspecting PC users dropped in a CD offering a free vacation opportunity despite the potential security issues inherent in loading an unknown disk. The experiment by a consulting firm, The Training Camp, illustrates what most IT folks know already--that people are the weakest link in the computing environment.

For more on the social engineering test:
- read this InfoWorld article

Hacker's perspective proves valuable

Tue, 07 Mar 2006 19:01:38 -0500

The best way to prevent hacking is to have a hacker show you where the holes are, how to secure the environment and what aspects you might be missing in terms of user and client security. That's exactly what ex-convicted hacker Kevin Mitnick is doing as a security consultant these days. While he was prohibited from using computers or the Net after his prison stint, he's now advising and consulting companies about the dangers inherent in social engineering--how users give out confidential information without even realizing it sometimes and how they share files they shouldn't.

For more on the value of a hacker's perspective:
- read this article at News.com