From: StyleWar (stylewar@cox.net)
Date: Sat Aug 26 2006 - 19:39:14 EDT
Disappointing that your experience has been different.
Every pen test I have ever engaged in involved some level of social
engineering...and most were successful.
-
StyleWar
"I dare do all that may become a man; Who dares do more is none."
Macbeth, 1. 7
> -----Original Message-----
> From: Arian J. Evans [mailto:arian.evans@anachronic.com]
> Sent: Monday, August 21, 2006 11:46 PM
> To: pen-test@securityfocus.com
> Subject: RE: Penetration Testing - Human Factor
>
> I've seen nothing quantifiable.
>
> FWIW - every forensic engagement I have done of "true"
> hacking has had nothing to do with social engineering, and
> was entirely technical. Most appeared to be performed by
> SKiddies, but at least one was very subtle, and was performed
> by someone with real skill.
>
> I do see a biased sample though, since people do not
> generally come to me after they've been socially engineered,
> unless it's a girl I've dated.
>
> Your first statement does raise the question though about how
> does a skeptic conclude something before they gather evidence?
>
> Arian J. Evans
>
> > -----Original Message-----
> > From: Marios A. Spinthiras [mailto:mario@netway.com.cy]
> > Sent: Monday, August 21, 2006 1:20 AM
> > To: pen-test@securityfocus.com
> > Subject: Penetration Testing - Human Factor
> >
> > As a thorough sceptic Id like to conclude in most cases of a TRUE
> > hacking incident social engineering has been a factor of
> success for
> > the malicious user attacking a system.
> > For quite a while now I have been compiling methodology on the
> > assessment of the weak human security link which can be exploited
> > through social engineering. Has anyone got any thoughts they would
> > like to share or guidelines to the audit of the human factor when
> > security is concerned?
> >
> > Any information is much apreciated.
> >
> >
> > Many Thanks,
> > Mario A. Spinthiras
> >
> >
> > --------------------------------------------------------------
> > ----------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php
> > --------------------------------------------------------------
> > ----------
>
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> --------------------------------------------------------------
> ----------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:50 EDT