From: xun dong (xundong@cs.york.ac.uk)
Date: Thu Oct 12 2006 - 18:51:55 EDT
I think what you said is correct, that's why I decide to research social
engineering properly. It is no doubt that Phishing and pharming should
belong to the family of social engineering attacks.
The most important thing for this data set is that: completeness
(covers as wide range as possible). I feel that I must missed some thing
and if more people contribute to it the more complete the data set will
be. Thanks for all people gave me suggestions, I have so far got 32
different social engineering attacks. I am now process it and then I
will publish them on Internet for the community to use. I will try to
get it done ASAP.
Robinson, Sonja wrote:
>
> Many attacks are of the social engineering type. In fact the most
> notable are or have obtained much of their information by those
> techniques- mitnick, poulsen etc.
>
> When doing audits and security reviews, I employ social engineering to
> see what people 'fess up. It is truly amazing.
>
> I would look at your search criteria. It is easier to have people
> give the keys then steal them yourself. Technically phishing is
> social engineering. It is a manipulation of a user or other party to
> "give up" pertinent information so that you can gain access. So there
> is plenty of info.
>
> ------Original Message------
> From: xun dong
> To: pen-test@securityfocus.com
> To: security-basics@securityfocus.com
> Sent: Oct 11, 2006 6:31 AM
> Subject: Social Engineering Data set
>
> Hello list;
>
> I am currently doing research on Social Engineering Attacks. Unlike the
> technical hack, I found that there is few useful and well documented SE
> attack examples on the Internet. So I decided to create a data set for
> SE attacks, and I am willing to publish it for free on the Internet.
>
> However, I think only my own experience would not be able to make this
> dataset as comprehensive as possible. So I would like to ask for help on
> this list. If you think you have SE attack examples, you can email me.
> Of course for confidential reason you should not use the real name in
> your example. If you don't mind I will also publish your name along with
> the example you provided. Thanks a lot in advance. I hope this could be
> a step forwards in protecting against SE attacks.
>
> --
> Xun Dong
> Research Associate
> Department of Computer Science
> University of York
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec
> management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>
> Sent from my wireless
>
> Sonja Robinson
> Cell: 646-468-6518
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:11 EDT