![[Home]](http://meatballwiki.org/meatball.gif)
SocialEngineering
MeatballWiki | RecentChanges | Random Page | Indices | CategoriesSocial engineering is the euphemistic term for con (short for "convince") artistry that crackers often use.
One example of "social engineering" is using easily-accessible information to convince an employee to give secret information. (For instance, one might call a network center, saying that one is a manager in the Western division working on the FooBar project, and one needs access to the ABC Fileserver for a critical meeting in 10 minutes.) Many people are willing to "bend" security rules given a sincere-sounding request.
Compare with PhonyFlood, which could be a form of social engineering in a more general sense.
People are often insecure about their information and fear the embarassment of making a mistake. If you are/seem more confident in what you know, less secure people will not challenge you.
Perhaps this is one way to thwart CommunitySolution-based SoftSecurity.
CommunitySolutions and SoftSecurity in general seem to rely on the ability to fix bad things quickly, rather than prevent them from happening. Can you give a scenario where SocialEngineering negates a CommunitySolution? It seems to me that it applies much more to HardSecurity (guard stations, login/password combos, etc).
One could log on to a wiki and pretend to be (say) SunirShah, and use publically available info about Sunir in order to convince others that one is Sunir, and therefore influence things greatly. Or s/Sunir/someone important...
Of course, first one would have to spell his name right...