I think what you said is correct, that's why I decide to research social
engineering properly. It is no doubt that Phishing and pharming should
belong to the family of social engineering attacks.
The most important thing for this data set is that: completeness
(covers as wide range as possible). I feel that I must missed some thing
and if more people contribute to it the more complete the data set will
be. Thanks for all people gave me suggestions, I have so far got 32
different social engineering attacks. I am now process it and then I
will publish them on Internet for the community to use. I will try to
get it done ASAP.
Robinson, Sonja wrote:
Many attacks are of the social engineering type. In fact the most
notable are or have obtained much of their information by those
techniques- mitnick, poulsen etc.
When doing audits and security reviews, I employ social engineering to
see what people 'fess up. It is truly amazing.
I would look at your search criteria. It is easier to have people
give the keys then steal them yourself. Technically phishing is
social engineering. It is a manipulation of a user or other party to
"give up" pertinent information so that you can gain access. So there
is plenty of info.
------Original Message------
From: xun dong
To: pen-test@securityfocus.com
To: security-basics@securityfocus.com
Sent: Oct 11, 2006 6:31 AM
Subject: Social Engineering Data set
Hello list;
I am currently doing research on Social Engineering Attacks. Unlike the
technical hack, I found that there is few useful and well documented SE
attack examples on the Internet. So I decided to create a data set for
SE attacks, and I am willing to publish it for free on the Internet.
However, I think only my own experience would not be able to make this
dataset as comprehensive as possible. So I would like to ask for help on
this list. If you think you have SE attack examples, you can email me.
Of course for confidential reason you should not use the real name in
your example. If you don't mind I will also publish your name along with
the example you provided. Thanks a lot in advance. I hope this could be
a step forwards in protecting against SE attacks.
--
Xun Dong
Research Associate
Department of Computer Science
University of York
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Sent from my wireless
Sonja Robinson
Cell: 646-468-6518
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
