Re: Testing the user community

From: M.B.Jr. (marcio.barbado@gmail.com)
Date: Tue Feb 06 2007 - 06:54:35 EST

• Next message: Thor (Hammer of God): "Re: Testing the user community"
• Previous message: layne@elsenot.com: "Every MS Exploit"
• In reply to: Gadi Evron: "Re: Testing the user community"
• Next in thread: Don Turnblade: "Re: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

actually, this aint new stuff.
last year, London's financial district faced something similar:
http://www.bankinfosecurity.com/articles.php?art_id=147

... with some scary results.

On 2/3/07, Gadi Evron <ge@linuxbox.org> wrote:
> On Fri, 2 Feb 2007, Thor (Hammer of God) wrote:
> >
> > Not withstanding the value of the other replies, the problem with this
> > method is that the outcome doesn't really prove anything one way or the
> > other. If he sends a mock virus out and no one opens it, it doesn't mean
> > that they won't open a real one that comes out the next day. If they do
> > open his, that doesn't mean they'll actually open a real one in the future.
> >
> >
> > You can always prove that your users will do something stupid. That's
> > trivial. If the goal is to actually improve the security posture of your
> > userbase, then engage in continued user education - not waste your time
> > trying to get them to open a virus.
>
> Look at it as "active user education".
>
> If you find out who always opens the attachments, or educate more and more
> between different such "learning attacks", it is worth it.
>
> It's up to the organization to choose doing it, and just once is
> pointless.
>
> >
> > t
> >
> >
> > On 2/1/07 6:55 AM, "Schanulleke" <schalulleke@gmail.com> spoketh to all:
> >
> > > webmaster@absolutenetworks.biz wrote:
> > >> We all know our weak link but how do you identify just how weak they are? I
> > >> think it's time to pen test my user community and have a couple ideas to
> > >> gather
> > >> statistics on just how nonaware they really are.
> > > What is the point you are trying to make, what is the goal you are
> > > trying to achieve?
> > >> Maybe a simple phishing scam
> > >> and bogus email with a fake virus attachment that emails me when it's opened
> > >> so
> > >> I can track how many folks actually opened it. Has anyone ever done this
> > >> before? I can't find any information about it on the web.. thoughts and ideas
> > >> anybody?
> > >>
> > >>
> > > It all has been done before for real. THere are plenty of real examples
> > > out there. If you have AV check how often it is triggered. Or are you
> > > really trying to prove that your users at 1d10ts?
> > >
> > > Frank
> > >
> > > ------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Need to secure your web apps?
> > > Cenzic Hailstorm finds vulnerabilities fast.
> > > Click the link to buy it, try it or download Hailstorm for FREE.
> > >
> > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> > > 08bOW
> > > ------------------------------------------------------------------------
> > >
> > >
> > >
> >
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

-- 
Marcio Barbado, Jr.
==============
==============
_bds Labs.
"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Thor (Hammer of God): "Re: Testing the user community"
• Previous message: layne@elsenot.com: "Every MS Exploit"
• In reply to: Gadi Evron: "Re: Testing the user community"
• Next in thread: Don Turnblade: "Re: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT