[Home]SocialEngineering

MeatballWiki | RecentChanges | Random Page | Indices | Categories

Social engineering is the euphemistic term for con (short for "convince") artistry that crackers often use.

One example of "social engineering" is using easily-accessible information to convince an employee to give secret information. (For instance, one might call a network center, saying that one is a manager in the Western division working on the FooBar project, and one needs access to the ABC Fileserver for a critical meeting in 10 minutes.) Many people are willing to "bend" security rules given a sincere-sounding request.

Compare with PhonyFlood, which could be a form of social engineering in a more general sense.


People are often insecure about their information and fear the embarassment of making a mistake. If you are/seem more confident in what you know, less secure people will not challenge you.

Perhaps this is one way to thwart CommunitySolution-based SoftSecurity.

CommunitySolutions and SoftSecurity in general seem to rely on the ability to fix bad things quickly, rather than prevent them from happening. Can you give a scenario where SocialEngineering negates a CommunitySolution? It seems to me that it applies much more to HardSecurity (guard stations, login/password combos, etc).

One could log on to a wiki and pretend to be (say) SunirShah, and use publically available info about Sunir in order to convince others that one is Sunir, and therefore influence things greatly. Or s/Sunir/someone important...

Of course, first one would have to spell his name right...


Discussion

MeatballWiki | RecentChanges | Random Page | Indices | Categories
Edit text of this page | View other revisions | Search MetaWiki
Search: