Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Steps to avoid Social Engineering (voice recognition)

from [Steve] Network Security [Permanent Link]
Subject: Re: Re: Steps to avoid Social Engineering (voice recognition)
Date: Mon, 25 Apr 2005 08:04:22 -0400 
Somebody mentioned voice recognition as a possibility.  And while it might
be expensive for this certain purpose I read a very interesting article
recently about the use of such technology at a bank related to
authentication and authorization. See
http://www.nwc.com/showArticle.jhtml?articleID=48800445
The Payoff: Voice of Authority
Associated Bank, Green Bay, Wis.
Associated Bank is reducing customer calls by using voiceprint technology to
dole out personal ID numbers without human intervention.


STEVE
----- Original Message ----- 
From: "Steve" <securityfocus@delahunty.com>
To: "Raoul Armfield" <armfield@amnh.org>; "Tabs The Cat"
<tabsthecat@gmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Thursday, April 21, 2005 12:20 PM
Subject: Re: Re: Steps to avoid Social Engineering


For email verification, could use PGP.

We have a service provider that makes us use keyfob (SecureID) to
authenicate when we call in.

STEVE
----- Original Message ----- 
From: "Raoul Armfield" <armfield@amnh.org>
To: "Tabs The Cat" <tabsthecat@gmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, April 19, 2005 3:58 PM
Subject: [Re: Steps to avoid Social Engineering


Tabs The Cat wrote:

Hello y'all,

     I have a question for you guys (and gals). We all know about social
engineering. Some of us use it on a daily basis. And we all know how
it can be even more dangerous than any computerized attacks, but how
can we protect against it?

     I'll give you an example: we have a database based program that
was written by and maintained by a third party that is in another
city. In the past when they needed access for maintenance, we would
provide them it via VPN. Recently there has been a problem so they
were contacted. Earlier today someone from that company phoned me to
discuss details about the VPN. I haven't given them any information
yet. In this case I am fairly positive it is legit since they knew the
company that we use as well as who lodged the complaint.

     But how could I get this person (or any one in the future) prove
to me that they are the people who are they say they are? Any advice?

Tabs



I am a security newbie so take this with a grain of salt.

How about if you agree, in advance, on an (list of) email address(es)
you can send something to.  Then when they call send a message to that
email address and have them read off a keyword.  The reason I suggest
doing it in advance is that the person you speak with may give you a
fake address rendering this method useless.



-- 
Raoul Armfield
Support Specialist
IT-Call Center
armfield at amnh dot org
American Museum of Natural History
Central Park West at 79th Street
New York, New York 10024-5192
(212) 313-7258

5152 1277 A04B 04C2 BBE4
3EE8 8369 3541 8B93 42DA
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Re: Steps to avoid Social Engineering (voice recognition), Steve <=
Previous by Date:  RE: how to trace what is accessing the nic ?, Bonmariage, Serge
Next by Date:  RE: how to trace what is accessing the nic ?, Simon Li
Previous by Thread:  access to files at the filesystem, Lars Weste
Next by Thread:  SF new article announcement: Bluetooth Security Review, Part 1, Kelly Martin
Indexes:  [Date] [Thread] [Top] [All Lists]