Re: [ISN] Defcon To Host 'Capture The Flag' Social Engineering Contest

From: InfoSec News <alerts_at_private>
Date: Tue, 8 Jun 2010 03:23:37 -0500 (CDT)
Forwarded from: security curmudgeon <jericho (at) attrition.org>

On Mon, 7 Jun 2010, InfoSec News wrote:

: http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=225400253
: 
: By Kelly Jackson Higgins
: DarkReading
: Jun 04, 2010
: 
: In a twist to the popular "capture the flag" game played by hacking 
: teams every year at Defcon, the hacker conference is hosting a contest 
: that aims to test participants' social engineering skills -- without 
: anyone getting hurt.

: Hacking contests are all the rage at Defcon every year, and social 
: engineering has been among the games in past years. This year's contest 
: is different in that there are specific ground rules -- participants 
: must legally socially engineer their way into the company, and they are 
: not allowed to get credit card numbers, social security numbers, 
: passwords, involve porn, or make the target feel "at risk." They can't 
: use government agencies, law enforcement, or legal entities as a ruse to 
: get inside, nor can they contact relatives or family of the targeted 
: firm's employees.

Your average CTF involving computer systems, web applications and 
'hacking' are designed to be "real world". They do a good job of it.

Read the above quoted paragraph and the ground rules. Seriously? Did 
someone not read what 'social engineering' entails? Did the whole 
"legally" aspect escape the organizers, in differentiating between real 
world and CTF? On a web application, there is no dividing line between 
the tools, methods and ability involved, just the yes or no permission 
involved. With social engineering on a 'real target', hands tied to this 
degree... yeah. Enough said.

- jericho


_____________________________________________________________________________________
Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, 
offering over 60 training sessions and 11 tracks of Briefings from security 
industry elite. To sign up visit www.blackhat.com
Received on Tue Jun 08 2010 - 01:23:37 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 08 2010 - 01:34:04 PDT