http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=227400472 By Kelly Jackson Higgins DarkReading Sept 15, 2010 Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at Defcon: Security companies were just as susceptible to social engineering as nontechnology firms, Internet Explorer 6 was still in use at 65 percent of the Fortune 500 companies targeted in the contest, and nearly 90 percent of the targets willingly opened a URL that the contestants gave them. The contest, in which the art of social engineering was demonstrated on a rare public stage using real-world targets, was aimed at gauging the vulnerability of major corporations to social engineering. And the 17 contestants, who had to compile a dossier of as much information as they could gather passively on their assigned target company beforehand (no phone calls, email, or direct contact), had little trouble scoring information in the 25 minutes they had to social-engineer someone on the other end of the telephone line during the contest. The event was open to Defcon attendees to watch as the contestants made their calls from a soundproof booth. Google, BP, McAfee, Symantec, Shell, Microsoft, Oracle, Cisco, Apple, and Walmart were on the list of targeted companies. The contest organizers aren't saying which company's employees gave up what information, but they admit the contestants were able to get plenty out of their targets. "With every company called, if we had been hired to do an audit, they would have failed," says Chris Hadnagy, founder of social-engineer.org, which organized the Social Engineering Capture The Flag contest. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Sep 16 2010 - 23:38:34 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 16 2010 - 23:55:20 PDT