Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Businesses

Phone Calls More Dangerous Than Malware To Companies 82

Posted by samzenpus from the watch-what-you-say dept.
dinscott writes "During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses."
This discussion has been archived. No new comments can be posted.

Phone Calls More Dangerous Than Malware To Companies More

Phone Calls More Dangerous Than Malware To Companies

Comments Filter:

  • Re:Boeing employee here (Score:5, Interesting)

    by undefinedreference ( 2677063 ) on Wednesday October 30, 2013 @10:21PM (#45287785)

    Nothing annoys me more than plain text passwords in emails. Double bonus points if it's a password for something sensitive like my financial information (ex: 401(k), which are among the worst offenders in the bad security department...it's not like they have the largest sum of money in my name, after all).

    The other disconcerting thing (probably the most frightening) is that they sent you your password in plain text. This means that your password is, at most, protected with a reversible cipher and is likely stored with no protection at all. That means if someone broke in (which doesn't even mean a threat from outside is necessary, and there are probably tens, if not hundreds, of people with accounts and/or passwords to get to the database) they could get your password and potentially every one you ever used. Then the real social engineering begins, when they call your bank with all your legitimate information and every likely password for your account in hand... Scary.

  • practice? Re:complete results? (Score:4, Interesting)

    by Fubari ( 196373 ) on Thursday October 31, 2013 @12:08AM (#45288217)
    Pop quiz: what are the chances that somebody practicing social engineering and penetration testing would place the tantalizing results of this amazing DEFCON exercise just one click away inside of the super-secure never been exploited format known as PDF?
    *shrug* A bit of paranoia seems like cheap insurance.

  • Re:complete results? (Score:5, Interesting)

    by cusco ( 717999 ) <brian.bixby@gmail . c om> on Thursday October 31, 2013 @01:01AM (#45288393)

    If you're in the building you have physical access to some of the company resources, unless you're very closely watched. One local software company found a wireless access point had been plugged into a network port in a conference room and taped to the bottom of the table so that the network could be browsed from the parking lot or the coffee shop downstairs. They think it was a job applicant being interviewed who planted it. In another janitorial staff plugged a netbook into a port in an empty cubicle, where it sniffed the network for a few days until it was removed and handed off.

    Did you know that your network printer has a hard drive that stores print jobs? Depending on the model that interface can be available via USB, Bluetooth, or even its own WAP. Security on that all-in-one printer tends to be pitiful, many of them run a customized Linux kernel that can run a network sniffer and store the results. So if you don't watch your soda delivery guy you might be losing data.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close