Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Testing the user community

from [Matthew Snider] Network Security [Permanent Link]
Subject: Re: Testing the user community
Date: Tue, 30 Jan 2007 17:10:43 -0500 
Hi Kurt,

Here is a story about a very recent project of this type.  The story is from 
SANS NewsBites, and it's definitely related to what you are asking about.  
Personally I think an internal "phishing" test could go a long way to increase 
awareness.  Here's the article:

 --Half of Finance Managers Put Unsolicited USB Drive in Computers 
(25 January 2007)
As a research project, a consulting firm sent USB sticks to finance
directors at 500 firms in the UK.  The memory devices purported to be
invitations to "the Party of a Lifetime" with an anonymous sender but
were actually part of an experiment.  Nearly half of the finance
directors inserted the stick into company computers.  Media companies
fared the worst in the experiment, with 65 percent putting the memory
stick into computers.  At technology, retail and transportation
companies, the figure was between 38 and 39 percent.  The devices could
be used to plant malware on computer systems.
http://www.vnunet.com/computing/news/2173365/uk-firms-naive-usb-stick 


Good luck!
Matt



<webmaster@absolutenetworks.biz> 1/30/2007 9:12 AM >>>

We all know our weak link but how do you identify just how weak they are? I 
think it's time to pen test my user community and have a couple ideas to gather 
statistics on just how nonaware they really are. Maybe a simple phishing scam 
and bogus email with a fake virus attachment that emails me when it's opened so 
I can track how many folks actually opened it.  Has anyone ever done this 
before? I can't find any information about it on the web.. thoughts and ideas 
anybody?

Many thanks

Kurt



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
 
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Password cracker required, Morris Sgt Derek P
Next by Date:  RE: Testing the user community, Des Ward
Previous by Thread:  Siebel Statistics Page - Information Disclosure, Getsumei No Michi
Next by Thread:  RE: Testing the user community, Des Ward
Indexes:  [Date] [Thread] [Top] [All Lists]