Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Old con tricks pose the 'greatest security risk'

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Old con tricks pose the 'greatest security risk'
Date: Tue, 2 Nov 2004 02:51:12 -0600 (CST) 
http://news.com.com/Old+con+tricks+pose+the+greatest+security+risk/2100-7349_3-5435199.html

By Munir Kotadia 
Special to CNET News.com
November 1, 2004

The greatest security risk facing large companies and individual
Internet users over the next 10 years will be the increasingly
sophisticated use of social engineering to bypass IT security
defenses, according to Gartner.

The research firm defined social engineering as "the manipulation of
people, rather than machines, to successfully breach the security
systems of an enterprise or a consumer," in an announcement Sunday.  
This involves criminals persuading a user to click on a link or open
an attachment that they probably know they shouldn't.
 
Rich Mogull, research director for information security and risk at
Gartner, said in the announcement that social engineering is more of a
problem than hacking.

"People, by nature, are unpredictable and susceptible to manipulation
and persuasion. Studies show that humans have certain behavioral
tendencies that can be exploited with careful manipulation," he said.  
"Many of the most damaging security penetrations are, and will
continue to be, due to social engineering, not electronic hacking or
cracking."

Mogull said that identity theft is a major concern because more
criminals are "reinventing old scams" using new technology.

"Criminals are using social engineering to take the identity of
someone either for profit, or to gather further information on an
enterprise. This is not only a violation of the business, but of
someone's personal privacy," he said.

Rob Forsyth, managing director at Sophos in Australia and New Zealand,
described a recent "malicious and cynical" scam that targeted
unemployed Australians. The potential victim received an e-mail that
purported to come from Credit Suisse bank advertising a job
opportunity. The e-mail asked the recipient to go to a Web site that
was an almost exact replica of the actual Credit Suisse site--but this
version contained an application form for the "job posting."

Forsyth said the replicated Web site was recreated so thoroughly that
it took experts some time to confirm that it was actually a fraud.

"It took us some time to determine it was a fake site. It was not
necessarily groundbreaking, but quite a clever combination of
technology. They are targeting those people in the community that are
most in need--those seeking work. It is exactly those people that
might be vulnerable to this kind of overture," Forsyth said.

Gartner's Mogull said: "We believe social engineering is the single
greatest security risk in the decade ahead."


Munir Kotadia of ZDNet Australia reported from Sydney.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Old con tricks pose the 'greatest security risk', InfoSec News <=
Previous by Date:  RE: [ISN] Second sight, InfoSec News
Next by Date:  [ISN] Secure state of mind, InfoSec News
Previous by Thread:  RE: [ISN] Second sight, InfoSec News
Next by Thread:  [ISN] Secure state of mind, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]