Phone Calls More Dangerous Than Malware To Companies

Phone Calls More Dangerous Than Malware To Companies 82

Posted by samzenpus on Wednesday October 30, 2013 @07:48PM from the watch-what-you-say dept.

dinscott writes "During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses."

Phone Calls More Dangerous Than Malware To Companies

This discussion has been archived. No new comments can be posted.

Search 82 Comments Log In/Create an Account

Comments Filter:

and the contestants spoofed caller ID, as I do (Score:5, Informative)

by raymorris ( 2726007 ) writes: on Wednesday October 30, 2013 @08:20PM (#45287159) Journal

The report said the contestants did in fact spoof the caller ID. Though some people know it can be spoofed, most people trust it anyway. We're accustomed to fake links in e-mail, we look for that, but we generally assume caller ID is accurate.
This can be very useful for encouraging bad guys to reveal information.

Re:complete results? (Score:5, Informative)

by mythosaz ( 572040 ) writes: on Wednesday October 30, 2013 @08:32PM (#45287219)

The article links to the entire PDF report, in which the values are given for all flags.
http://www.social-engineer.org/defcon21/DC21_SECTF_Final.pdf [social-engineer.org]

Apple Scored Badly (Score:5, Informative)

by mythosaz ( 572040 ) writes: on Wednesday October 30, 2013 @08:35PM (#45287239)

Apple scored badly...
http://www.social-engineer.org/defcon21/DC21_SECTF_Final.pdf [social-engineer.org]
...but a good deal of the flag points were given for gathering OS, service pack, browser, mail and PDF program/version information -- which I'm going to guess was a probably a given at Apple.

Re:complete results? (Score:5, Informative)

by mythosaz ( 572040 ) writes: on Wednesday October 30, 2013 @08:41PM (#45287277)

When you look at the list of the flags, there's a great deal of them that would just happen naturally in net-conversation. They could get 5+7 points for finding out if they had a cafeteria and then finding out who does the food service. That's the sort of thing every idiot on Instagram takes a picture of every morning while they're blogging about their breakfast. Feel free to get 5 "free" points from Linkedin if you get an employee's name. Get a few more points he shouted "Payday, bitches!" on Facebook one Friday afternoon.
The threat is relative. The points assigned to each were subjective.

Re:complete results? (Score:5, Informative)

by 8tim8 ( 623968 ) writes: on Wednesday October 30, 2013 @09:08PM (#45287455) Journal

You're right, the link is to a lame story. However, at the end of the story is the actual results: http://www.social-engineer.org/defcon21/DC21_SECTF_Final.pdf [social-engineer.org]. That, on the other hand, is full of information and analysis, although they don't provide specific information that was harvested from the companies, only analysis of the methods employed and the success rates of those methods.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Phone Calls More Dangerous Than Malware To Companies 82

Phone Calls More Dangerous Than Malware To Companies More Login

Phone Calls More Dangerous Than Malware To Companies

and the contestants spoofed caller ID, as I do (Score:5, Informative)

Re:complete results? (Score:5, Informative)

Apple Scored Badly (Score:5, Informative)

Re:complete results? (Score:5, Informative)

Re:complete results? (Score:5, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot