http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=225400253 By Kelly Jackson Higgins DarkReading Jun 04, 2010 In a twist to the popular "capture the flag" game played by hacking teams every year at Defcon, the hacker conference is hosting a contest that aims to test participants' social engineering skills -- without anyone getting hurt. The Social Engineering CTF will provide contestants beforehand with the name and URL of their "target" company, and they then must gather any information they can online or via other passive data-gathering methods (no phone calls, email, or direct contact with the targeted firms). They score points for the reconnaissance information gathered as well as for the plan of attack, all of which must be submitted one week prior to Defcon in a dossier format. Each contestant gets a 20-minute window to perform the attack live at Defcon -- in a phone call to the targeted firm -- plus five minutes to explain to attendees their technique and strategy. They score points based on the designated "flags" they capture and the information they gather from the target. Hacking contests are all the rage at Defcon every year, and social engineering has been among the games in past years. This year's contest is different in that there are specific ground rules -- participants must legally socially engineer their way into the company, and they are not allowed to get credit card numbers, social security numbers, passwords, involve porn, or make the target feel "at risk." They can't use government agencies, law enforcement, or legal entities as a ruse to get inside, nor can they contact relatives or family of the targeted firm's employees. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Sun Jun 06 2010 - 22:27:13 PDT
This archive was generated by hypermail 2.2.0 : Sun Jun 06 2010 - 22:34:59 PDT