Social Engineering Still Best Way to Crack Security
binaryDigit writes "The Register has an amusing article about a study done in the UK where office workers were asked tricky questions like 'What is your password', and 75% of the respondents answered... They were also asked ethical questions, 'If you found a file with your coworkers salaries, would you look', 75% would, and 38% would pass the information around! Read on to be both amused (esp. the CEO) and scared."
Sure, most people might not be smart enough. But I'd have fun with it.
Guy: "What's your password."
Me: "My favorite tool. Dickfore."
Guy: "What's a dick-"
Me: "Nahahaha!" *scamper off*
What is music when you despise all sound?
Many people in my office will proudly announce what their password is. Infact sometimes they like to have a good laugh about who has the most simple password. A lot of times they'll spit out their password in a room full of clients. I tell ya it is a regular laugh riot
I turned on strong password authentication when I was promoted.
Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else. Lately during the monthly meetings I've been stressing the importance of security.
-Eod
A potential security flaw has been discovered in Human Employee. Please update all of your employees to Microsoft Android 2.0.
It's ********
Pen, please?
I have a great idea for the next Slashdot poll. Here we go ...
My computer password is:
- 12345
- jennajameson
- password
- Other, type here: _____________
- cowboyneal
Cyde Weys Musings - Scrutinizing the inscrutable
Sounds like they need to have a "Hey, Asshole!" note e-mailed to the boss from their account. Then let them try to figure out which of their trusted co-workers sent it.
A little paranoia would work wonders here.
You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
"Math in a song is good."-Linford
It's Frodo.
Don't worry about sending the pen, I called up your ISP and said I was Bob the field service tech and you were having trouble logging in, would they mind verifying that your password was 'patthebunny', they indicated it must have been changed, I indicated you had tried to change it to 'patthebunny', which hadn't apparently gone through, "maybe the password change object garbled it, what does it show?" With that tidbit I looked into your account and found a cookie with your Visa card number and some email with your home address. I called up Visa and changed the billing address (tip o' the hat to your mom wishing you a happy birthday) A carton should be arriving at the neighbor's (who happens to be away on business, but I have a fake DL with his name on it, thanks to the DMV who never check anything.)
Whoops! Look at the time. Better get my duds on and stroll into the governors mansion like I belong there. (I need to complete 6 place settings and only have 4 so far.)
Ta!
A feeling of having made the same mistake before: Deja Foobar
Sure, I'll bite. My slashdot password is "vIcNRc++j2". Now you only have ~640,000 slashdot user id's to try and see who I am, since I'm posting AC. Hope you have some programming skills. I'll change my password tonight at 8pm CST, you have until then.
The bad news is, BankOne will be contacting you shortly about the above violation of the DMCA by exposing and discussing the vulnerability.