Slashdot Mirror


Social Engineering Still Best Way to Crack Security

binaryDigit writes "The Register has an amusing article about a study done in the UK where office workers were asked tricky questions like 'What is your password', and 75% of the respondents answered... They were also asked ethical questions, 'If you found a file with your coworkers salaries, would you look', 75% would, and 38% would pass the information around! Read on to be both amused (esp. the CEO) and scared."

11 of 472 comments (clear)

  1. How could they tell if someone was lying? by sielwolf · · Score: 5, Funny

    Sure, most people might not be smart enough. But I'd have fun with it.

    Guy: "What's your password."
    Me: "My favorite tool. Dickfore."
    Guy: "What's a dick-"
    Me: "Nahahaha!" *scamper off*

    --
    What is music when you despise all sound?
  2. Amusing examples by Arvah · · Score: 5, Funny
    I'm in the middle of reading "Hacking Linux Exposed" second edition right now, and am in chapter 4, which deals with social engineering, trojans, and other tricks like that. It has a burch of examples of social engineering tricks. My favorite is this one. (Spelling errors are mine, if any.)

    For example, at one university dormitory, someone placed a big sheet of paper in the lobby, which read as follows:

    Password Contest!

    Want to show your creativity? Want to win a prize? List your campus username and password here we ll be giving out free school football merchandise to the top five most original and witty passwords. Standard UNIX password rules apply no more than eight characters, case sensitive and the password must be verifiable by our judges.

    There wasn't anything indicating who put up the sheet or where the prizes were coming from, yet within a day, more than 50 usernames and passwords were written on the sheet. The accounts were accessed hundreds of times from all over the globe almost instantly.

    It lists a bunch of different categories of social engineering, and typical examples of how a baddie might use them successfully to breach security. Very enlightening.
  3. Security just isn't the focus of a lot of people by eodmightier · · Score: 5, Funny

    Many people in my office will proudly announce what their password is. Infact sometimes they like to have a good laugh about who has the most simple password. A lot of times they'll spit out their password in a room full of clients. I tell ya it is a regular laugh riot

    I turned on strong password authentication when I was promoted.

    Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else. Lately during the monthly meetings I've been stressing the importance of security.

    --
    -Eod
  4. Employee Update by chill182 · · Score: 5, Funny

    A potential security flaw has been discovered in Human Employee. Please update all of your employees to Microsoft Android 2.0.

    1. Re:Employee Update by Anonymous Coward · · Score: 5, Funny

      I would, but the damned things just keep following me around the office demanding to be registered over and over again.

  5. Re:Let's Test the Theory by RLiegh · · Score: 5, Funny

    Free Pilot rolling ball gel pen to the first person who gives me their Slashdot password!

    It's ********
    Pen, please?
  6. Now that chrisd is gone ... by Ignorant+Aardvark · · Score: 5, Funny

    I have a great idea for the next Slashdot poll. Here we go ...

    My computer password is:
    - 12345
    - jennajameson
    - password
    - Other, type here: _____________
    - cowboyneal

  7. Re:Security just isn't the focus of a lot of peopl by Rick.C · · Score: 5, Funny
    Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else.

    Sounds like they need to have a "Hey, Asshole!" note e-mailed to the boss from their account. Then let them try to figure out which of their trusted co-workers sent it.

    A little paranoia would work wonders here.

    --
    You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
    "Math in a song is good."-Linford
  8. Re:Let's Test the Theory by ackthpt · · Score: 5, Funny
    Free Pilot rolling ball gel pen to the first person who gives me their Slashdot password!

    It's Frodo.

    Don't worry about sending the pen, I called up your ISP and said I was Bob the field service tech and you were having trouble logging in, would they mind verifying that your password was 'patthebunny', they indicated it must have been changed, I indicated you had tried to change it to 'patthebunny', which hadn't apparently gone through, "maybe the password change object garbled it, what does it show?" With that tidbit I looked into your account and found a cookie with your Visa card number and some email with your home address. I called up Visa and changed the billing address (tip o' the hat to your mom wishing you a happy birthday) A carton should be arriving at the neighbor's (who happens to be away on business, but I have a fake DL with his name on it, thanks to the DMV who never check anything.)

    Whoops! Look at the time. Better get my duds on and stroll into the governors mansion like I belong there. (I need to complete 6 place settings and only have 4 so far.)

    Ta!

    --

    A feeling of having made the same mistake before: Deja Foobar
  9. My password is by Anonymous Coward · · Score: 5, Funny

    Sure, I'll bite. My slashdot password is "vIcNRc++j2". Now you only have ~640,000 slashdot user id's to try and see who I am, since I'm posting AC. Hope you have some programming skills. I'll change my password tonight at 8pm CST, you have until then.

  10. Re:my password... by Shadestalker · · Score: 5, Funny

    The bad news is, BankOne will be contacting you shortly about the above violation of the DMCA by exposing and discussing the vulnerability.