Today's "Social Engineers" operate in much the same way as their
predecessors,
those ne’er-do-wells referred to in times past as grifters or
confidence men.
They always have a clear cut objective, manipulation of other
individuals and
circumstances is the means by which they meet it, and thanks to the
facelessness of 21st century communications, exposure of a high value
target,
a rarity in the past, is now a commodity from a virtually
inexhaustible
supply.
I rely a great deal on intuition, both personal and professional
experience, (I was a paralegal (torts) for ten years; married to an
criminal
defense attorney) and the general hinkiness factor of someone or
something.
I sort of use my own psychological profile, which is in no way
scientifically
sanctioned, but utilizes recognized behavioral patterns.
xun dong wrote:
I think what you said is correct, that's why I decide to research
social
engineering properly. It is no doubt that Phishing and pharming
should
belong to the family of social engineering attacks.
The most important thing for this data set is that: completeness
(covers as wide range as possible). I feel that I must missed some
thing
and if more people contribute to it the more complete the data set
will
be. Thanks for all people gave me suggestions, I have so far got
32
different social engineering attacks. I am now process it and then
I
will publish them on Internet for the community to use. I will try
to
get it done ASAP.
Robinson, Sonja wrote:
Many attacks are of the social engineering type. In fact the
most
notable are or have obtained much of their information by those
techniques- mitnick, poulsen etc.
When doing audits and security reviews, I employ social
engineering to
see what people 'fess up. It is truly amazing.
I would look at your search criteria. It is easier to have
people
give the keys then steal them yourself. Technically phishing is
social engineering. It is a manipulation of a user or other
party to
"give up" pertinent information so that you can gain access. So
there
is plenty of info.
------Original Message------
From: xun dong
To: pen-test@securityfocus.com
To: security-basics@securityfocus.com
Sent: Oct 11, 2006 6:31 AM
Subject: Social Engineering Data set
Hello list;
I am currently doing research on Social Engineering Attacks.
Unlike the
technical hack, I found that there is few useful and well
documented SE
attack examples on the Internet. So I decided to create a data
set for
SE attacks, and I am willing to publish it for free on the
Internet.
However, I think only my own experience would not be able to
make this
dataset as comprehensive as possible. So I would like to ask for
help on
this list. If you think you have SE attack examples, you can
email me.
Of course for confidential reason you should not use the real
name in
your example. If you don't mind I will also publish your name
along with
the example you provided. Thanks a lot in advance. I hope this
could be
a step forwards in protecting against SE attacks.
--
Xun Dong
Research Associate
Department of Computer Science
University of York
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
