I'm on vacation now. Why, you might ask, am I writing a blog post when I should be on a beach somewhere? That, my friends, is the magic of pre-posting...

Me telling you that I'm on vacation could be used maliciously. How? Sometimes the most mundane bits of information can provide an attacker with a great opportunity.

Comment (0) Read More...

Social media is all the buzz these days. Along with the increased popularity of these services comes the increased cries from security professionals to "watch what you post". Most people focus on the issues of privacy and reputation when they think about social media. Those are certainly important considerations but just as important are the security risks. That's what this post is going to focus on.

This is not a new problem. As long as I have been doing penetration testing, social engineering and blind vulnerability assessments (around 9 years) I have used similar technologies to my advantage.  Newsgroups have long been a great resource for gaining knowledge of a customers systems.

Comment (0) Read More...

"Spoofed source email" is any email message where the  sender misrepresents themselves by changing the sender address to one that isn't their own.

Spammers routinely use mail spoofing to increase their catch rates. In this case the result is more of an inconvenience but there are other more serious possibilities.

Comment (0) Read More...

It's absolutely no secret that computing power is getting exponentially more powerful (and inexpensive) every passing week. However, it is also getting smaller, less power hungry, and more ubiquitous. Combine these things together and it's no wonder people are finding novel and niche ways to use this additional computing power for specific embedded tasks.

For instance... cameras. Specifically, security cameras. To many people, increasing processing horsepower in an IP camera doesn't immediately make much sense. That is, unless you have some insight into the actual process that takes place within a network enabled camera. Basically, the camera acquires a digital image (frame) of a given resolution and then encodes it, via a video codec into a stream of data that is then passed via TCP/IP over the network to one or more destinations.

Comment (0) Read More...

Email is great and I love it. But, when it comes to getting action done, nothing works better than a good old fashion live conversation. Job consellors will always tell you that an email isn't enough if you are trying to get a job. You need to follow it up with a call or visit.  This is true in finding a job but it also works for people trying to scam you or your business.

In my experience a phone call is gold when you are trying to pull off a social engineering attack. You can try to accomplish the goal through email or fax but if you really want to take someone for a ride you need to talk to them. This is assuming of course that you can keep up your character properly during the ruse!

Comment (0) Read More...

Social Engineering is all about hacking people. Not in the Frankenstein sense but in the Kevin Mitnick, manipulating, sense.  It's about using people in ways that they shouldn't be used, to your benefit.

 The reason why social engineering is important is because it is commonly understood that people are the weakest link in security.  The reason for this is simple, people generally like to help others and people generally trust others. 

The fact that people are so trustworthy is a good thing in a societal sense. It helps us act as better people in our community. On the other hand, from a business risk management perspective, it is not so good. The reason for this is that if your trust in people makes you susceptible to manipulation then that is a risk to the company and its information assets.

Comment (0) Read More...