Re: Testing the user community

From: Matthew Snider (Matthew.Snider@SPARROW.ORG)
Date: Tue Jan 30 2007 - 17:10:43 EST

• Next message: Des Ward: "RE: Testing the user community"
• Previous message: Morris Sgt Derek P: "RE: Password cracker required"
• Maybe in reply to: webmaster@absolutenetworks.biz: "Testing the user community"
• Next in thread: Des Ward: "RE: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Kurt,

Here is a story about a very recent project of this type. The story is from SANS NewsBites, and it's definitely related to what you are asking about. Personally I think an internal "phishing" test could go a long way to increase awareness. Here's the article:

 --Half of Finance Managers Put Unsolicited USB Drive in Computers
(25 January 2007)
As a research project, a consulting firm sent USB sticks to finance
directors at 500 firms in the UK. The memory devices purported to be
invitations to "the Party of a Lifetime" with an anonymous sender but
were actually part of an experiment. Nearly half of the finance
directors inserted the stick into company computers. Media companies
fared the worst in the experiment, with 65 percent putting the memory
stick into computers. At technology, retail and transportation
companies, the figure was between 38 and 39 percent. The devices could
be used to plant malware on computer systems.
http://www.vnunet.com/computing/news/2173365/uk-firms-naive-usb-stick

Good luck!
Matt

>>> <webmaster@absolutenetworks.biz> 1/30/2007 9:12 AM >>>
We all know our weak link but how do you identify just how weak they are? I
think it's time to pen test my user community and have a couple ideas to gather
statistics on just how nonaware they really are. Maybe a simple phishing scam
and bogus email with a fake virus attachment that emails me when it's opened so
I can track how many folks actually opened it. Has anyone ever done this
before? I can't find any information about it on the web.. thoughts and ideas
anybody?

Many thanks

Kurt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Des Ward: "RE: Testing the user community"
• Previous message: Morris Sgt Derek P: "RE: Password cracker required"
• Maybe in reply to: webmaster@absolutenetworks.biz: "Testing the user community"
• Next in thread: Des Ward: "RE: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:33 EDT