[plug] Trade [flame alert]

[russ]

Christian wrote:
> Jeremy Malcolm wrote:
> 
> I call it "social engineering" because that is the name of this class of
> attacks.  However, if you do a brief threat analyses, then you will
> probably find that the biggest threat to your machines aren't your
> friends and people you know but random, anonymous strangers on the other
> side of the world who know nothing more about your system than it's IP
> address.  Hence the social engineering attacks, while clever in some
> ways, may not tell you as much as you would hope about the security of
> your network.
>
> > (b)     if you know the person's family (which I did) or workmates, make
> > an excuse to pay them a visit and gain physical access to his computer
> > (which didn't actually work for me on that occasion);
>
> Also useless since most of the people attacking your systems won't know
> your family.

Not being a sys admin or even having the slightest experience in the
area, I'd agree that certainly on your home computer both these
paragraphs seem true. But in companies, I thought most breaches of
were internal?


-- 

Regards
russ

http://www.powerstech.com/hex