[lug] Re: [BLUG-ANNOUNCE] April 11, 2002 - Boulder Linux User Group Meeting

Glenn Ashton gfa at idiom.com
Wed Apr 10 16:41:31 MDT 2002 

Phil,

"I'm in alot of trouble- it's a matter of life and death- can you email me
your username and password?  I really need to borrow your account- please
help! If you don't I'll probably fail my class."

Thanks so much,

Ms. Plantive Wail
------------------------------------------------------------------------
This is an (admittedly bad) example of a social attack.  It's like a con
job used to get access to an environment.  In many cases, it's used to get
usernames and passwords to systems by folks pretending to be customers,
members of an end-user community etc.

The social engineering refers to the use of psychology- it's easier to beg
and cajole you to give me priviledged info than it is to actually break in
sometimes.

Think of the spy Mata Hari.

It's a great topic really because admins really do like to be helpful and
sometimes have a problem saying no to requests in a fast paced
environment.

-Glenn Ashton

On Wed, 10 Apr 2002, Phil Weinstein wrote:

> As hard as I try, I can't seem to wrap my mind around "social
> engineering attacks."  Are these attacks from friendly
> engineers?   Attacks that are intended to have a friendly
> outcome?  Attempts by the Colorado legislature to denigrate a
> minority population through offensive legislation? (maybe HB
> 1356) -- that would be interesting.  But somehow a control panel
> is involved.  Sign me up!
> 
> Phil Weinstein
> 
> 
> Chris Riddoch wrote:
> > 
> > Abstract: A computer network is only as secure as it's weakest link.
> >           More and more that link is becoming the natural tendency to
> >           trust others that we all have. In this talk I will go over
> >           how social engineering attacks against your networks work,
> >           and what you can do to reduce your exposure to them.
> >
> > Demo Speaker: Rob Riggs <RRiggs at doubleclick.net>
> > 
> > Demo:     configuring the PAM console module, which is used to manage
> >           device ownership & permissions so that the console user has
> >           access to the various devices on a workstation.
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list