Re: [ISN] Social Engineering: The Human Side Of Hacking

From: InfoSec News (isnat_private)
Date: Fri May 10 2002 - 01:36:39 PDT

  • Next message: InfoSec News: "[ISN] Smith Bill Raises Police Power Concerns"

    Forwarded from: rferrellat_private
    > Social engineering is the human side of breaking into a corporate
    > network. Companies with authentication processes, firewalls, VPNs
    > and network monitoring software are still wide open to an attack if
    > an employee unwittingly gives away key information in an email, by
    > answering questions over the phone with someone they don't know or
    > even by talking about a project with coworkers at a local pub after
    > hours.
    One prime source of information that I seldom see mentioned is
    vacation messages generated by SMTP agents.  Setting aside for now the
    fact that a lot of brain-dead email programs rudely send out these
    things in response to every incoming message, no matter the source, a
    distressing number of people include not only their complete contact
    information, but details about the projects they're working on (even
    including internal code names), title and responsibilities of other
    employees in the company, and even details about their own and other
    employees' short-term and long-term schedules.
    Acceptable vacation message policy should quite definitely be spelled
    out as part of the overall infosec operational plan.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri May 10 2002 - 04:56:03 PDT