From: qxlr@twmi.rr.com
Date: Fri Oct 20 2006 - 13:56:08 EDT
Today's "Social Engineers" operate in much the same way as their
predecessors,
those ne’er-do-wells referred to in times past as grifters or
confidence men.
They always have a clear cut objective, manipulation of other
individuals and
circumstances is the means by which they meet it, and thanks to the
facelessness of 21st century communications, exposure of a high value
target,
a rarity in the past, is now a commodity from a virtually
inexhaustible
supply.
I rely a great deal on intuition, both personal and professional
experience, (I was a paralegal (torts) for ten years; married to an
criminal
defense attorney) and the general hinkiness factor of someone or
something.
I sort of use my own psychological profile, which is in no way
scientifically
sanctioned, but utilizes recognized behavioral patterns.
xun dong wrote:
> I think what you said is correct, that's why I decide to research
> social
> engineering properly. It is no doubt that Phishing and pharming
> should
> belong to the family of social engineering attacks.
>
> The most important thing for this data set is that: completeness
> (covers as wide range as possible). I feel that I must missed some
> thing
> and if more people contribute to it the more complete the data set
> will
> be. Thanks for all people gave me suggestions, I have so far got
> 32
> different social engineering attacks. I am now process it and then
> I
> will publish them on Internet for the community to use. I will try
> to
> get it done ASAP.
>
>
> Robinson, Sonja wrote:
> >
> > Many attacks are of the social engineering type. In fact the
> most
> > notable are or have obtained much of their information by those
> > techniques- mitnick, poulsen etc.
> >
> > When doing audits and security reviews, I employ social
> engineering to
> > see what people 'fess up. It is truly amazing.
> >
> > I would look at your search criteria. It is easier to have
> people
> > give the keys then steal them yourself. Technically phishing is
> > social engineering. It is a manipulation of a user or other
> party to
> > "give up" pertinent information so that you can gain access. So
> there
> > is plenty of info.
> >
> > ------Original Message------
> > From: xun dong
> > To: pen-test@securityfocus.com
> > To: security-basics@securityfocus.com
> > Sent: Oct 11, 2006 6:31 AM
> > Subject: Social Engineering Data set
> >
> > Hello list;
> >
> > I am currently doing research on Social Engineering Attacks.
> Unlike the
> > technical hack, I found that there is few useful and well
> documented SE
> > attack examples on the Internet. So I decided to create a data
> set for
> > SE attacks, and I am willing to publish it for free on the
Internet.
> >
> > However, I think only my own experience would not be able to
> make this
> > dataset as comprehensive as possible. So I would like to ask for
> help on
> > this list. If you think you have SE attack examples, you can
> email me.
> > Of course for confidential reason you should not use the real
> name in
> > your example. If you don't mind I will also publish your name
> along with
> > the example you provided. Thanks a lot in advance. I hope this
> could be
> > a step forwards in protecting against SE attacks.
> >
> > --
> > Xun Dong
> > Research Associate
> > Department of Computer Science
> > University of York
> >
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT