Forwarded from: security curmudgeon <jericho (at) attrition.org> On Mon, 7 Jun 2010, InfoSec News wrote: : http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=225400253 : : By Kelly Jackson Higgins : DarkReading : Jun 04, 2010 : : In a twist to the popular "capture the flag" game played by hacking : teams every year at Defcon, the hacker conference is hosting a contest : that aims to test participants' social engineering skills -- without : anyone getting hurt. : Hacking contests are all the rage at Defcon every year, and social : engineering has been among the games in past years. This year's contest : is different in that there are specific ground rules -- participants : must legally socially engineer their way into the company, and they are : not allowed to get credit card numbers, social security numbers, : passwords, involve porn, or make the target feel "at risk." They can't : use government agencies, law enforcement, or legal entities as a ruse to : get inside, nor can they contact relatives or family of the targeted : firm's employees. Your average CTF involving computer systems, web applications and 'hacking' are designed to be "real world". They do a good job of it. Read the above quoted paragraph and the ground rules. Seriously? Did someone not read what 'social engineering' entails? Did the whole "legally" aspect escape the organizers, in differentiating between real world and CTF? On a web application, there is no dividing line between the tools, methods and ability involved, just the yes or no permission involved. With social engineering on a 'real target', hands tied to this degree... yeah. Enough said. - jericho _____________________________________________________________________________________ Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit www.blackhat.comReceived on Tue Jun 08 2010 - 01:23:37 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 08 2010 - 01:34:04 PDT