Slashdot Mirror


Social Engineering Still Best Way to Crack Security

binaryDigit writes "The Register has an amusing article about a study done in the UK where office workers were asked tricky questions like 'What is your password', and 75% of the respondents answered... They were also asked ethical questions, 'If you found a file with your coworkers salaries, would you look', 75% would, and 38% would pass the information around! Read on to be both amused (esp. the CEO) and scared."

14 of 472 comments (clear)

  1. How could they tell if someone was lying? by sielwolf · · Score: 5, Funny

    Sure, most people might not be smart enough. But I'd have fun with it.

    Guy: "What's your password."
    Me: "My favorite tool. Dickfore."
    Guy: "What's a dick-"
    Me: "Nahahaha!" *scamper off*

    --
    What is music when you despise all sound?
  2. Amusing examples by Arvah · · Score: 5, Funny
    I'm in the middle of reading "Hacking Linux Exposed" second edition right now, and am in chapter 4, which deals with social engineering, trojans, and other tricks like that. It has a burch of examples of social engineering tricks. My favorite is this one. (Spelling errors are mine, if any.)

    For example, at one university dormitory, someone placed a big sheet of paper in the lobby, which read as follows:

    Password Contest!

    Want to show your creativity? Want to win a prize? List your campus username and password here we ll be giving out free school football merchandise to the top five most original and witty passwords. Standard UNIX password rules apply no more than eight characters, case sensitive and the password must be verifiable by our judges.

    There wasn't anything indicating who put up the sheet or where the prizes were coming from, yet within a day, more than 50 usernames and passwords were written on the sheet. The accounts were accessed hundreds of times from all over the globe almost instantly.

    It lists a bunch of different categories of social engineering, and typical examples of how a baddie might use them successfully to breach security. Very enlightening.
  3. Security just isn't the focus of a lot of people by eodmightier · · Score: 5, Funny

    Many people in my office will proudly announce what their password is. Infact sometimes they like to have a good laugh about who has the most simple password. A lot of times they'll spit out their password in a room full of clients. I tell ya it is a regular laugh riot

    I turned on strong password authentication when I was promoted.

    Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else. Lately during the monthly meetings I've been stressing the importance of security.

    --
    -Eod
  4. Employee Update by chill182 · · Score: 5, Funny

    A potential security flaw has been discovered in Human Employee. Please update all of your employees to Microsoft Android 2.0.

    1. Re:Employee Update by Anonymous Coward · · Score: 5, Funny

      I would, but the damned things just keep following me around the office demanding to be registered over and over again.

  5. Re:Let's Test the Theory by RLiegh · · Score: 5, Funny

    Free Pilot rolling ball gel pen to the first person who gives me their Slashdot password!

    It's ********
    Pen, please?
  6. Now that chrisd is gone ... by Ignorant+Aardvark · · Score: 5, Funny

    I have a great idea for the next Slashdot poll. Here we go ...

    My computer password is:
    - 12345
    - jennajameson
    - password
    - Other, type here: _____________
    - cowboyneal

  7. Re:Security just isn't the focus of a lot of peopl by Rick.C · · Score: 5, Funny
    Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else.

    Sounds like they need to have a "Hey, Asshole!" note e-mailed to the boss from their account. Then let them try to figure out which of their trusted co-workers sent it.

    A little paranoia would work wonders here.

    --
    You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
    "Math in a song is good."-Linford
  8. Re:Let's Test the Theory by ackthpt · · Score: 5, Funny
    Free Pilot rolling ball gel pen to the first person who gives me their Slashdot password!

    It's Frodo.

    Don't worry about sending the pen, I called up your ISP and said I was Bob the field service tech and you were having trouble logging in, would they mind verifying that your password was 'patthebunny', they indicated it must have been changed, I indicated you had tried to change it to 'patthebunny', which hadn't apparently gone through, "maybe the password change object garbled it, what does it show?" With that tidbit I looked into your account and found a cookie with your Visa card number and some email with your home address. I called up Visa and changed the billing address (tip o' the hat to your mom wishing you a happy birthday) A carton should be arriving at the neighbor's (who happens to be away on business, but I have a fake DL with his name on it, thanks to the DMV who never check anything.)

    Whoops! Look at the time. Better get my duds on and stroll into the governors mansion like I belong there. (I need to complete 6 place settings and only have 4 so far.)

    Ta!

    --

    A feeling of having made the same mistake before: Deja Foobar
  9. My password is by Anonymous Coward · · Score: 5, Funny

    Sure, I'll bite. My slashdot password is "vIcNRc++j2". Now you only have ~640,000 slashdot user id's to try and see who I am, since I'm posting AC. Hope you have some programming skills. I'll change my password tonight at 8pm CST, you have until then.

    1. Re:My password is by nybble_me · · Score: 4, Funny

      I'm trying to reach you to give you your free pen. What was your Slashdot user id again?

      --

      reenigne
  10. Re:my password... by Shadestalker · · Score: 5, Funny

    The bad news is, BankOne will be contacting you shortly about the above violation of the DMCA by exposing and discussing the vulnerability.

  11. Password anecdote by f97tosc · · Score: 4, Funny

    In my engineering school there was this story about a guy in the CS department who had been "living" in front of one of the workstations for years.

    On one occasion, he was helping some newbie with something; and he allowed the guy to log into his account. Naively, the newbie asked for the password across the room; everyone else in the computer center listened up expecting a refusal.

    But instead, this CS guy just started to tell his password "j3Y9_fg..." loudly; the newbie started to type. But the password just kept comming; it was up towards 50 completely random characters long!

    It turned out that the system insisted on a changed password every month; but the default selection was the old password. Rather than coming up with something new every month, this guy had just added one more character every time. Of course, it is not too hard to memorize one more character per month month either.

    Tor

  12. Re:Let's Test the Theory by The_Laughing_God · · Score: 4, Funny

    Man! I thought you wer joking, but I guess Taco is the one with the weird sense of humor.

    One thing though... when I'm logged him as him, I can't see any of the articles. Any suggestions?