First-Person Account of a Social Engineering Attack

darkreadingman writes, "A penetration tester tells how he broke into a bank's network dressed as a copier repairman. Some good lessons here — many companies spend millions on network security, but don't teach their employees how to challenge a stranger in the building. Social engineering at the company site can be one of the most difficult attacks to defend against." From the article: "Before departing scenes like these, we try to document the effort and provide proof of our success. I usually leave something behind and then contact the person who hired me and direct them to the mark. In this case I wrote his password on a ream of paper and tucked it under the machine."

Re:If you call them on it, people get upset.

[slcdb]

Wait... you called 911 because your DSL went down?

Re:Mac Addresses are easily faked

[lukas84]

802.1x configs can be deployed trivially through group policy in windows based networks(and it doesn't make take more effort to configure a non-encrypted network rather than a 802.1x enabled network).

Also, 802.1x can be used both an 802.11 networks, as on ethernet networks.

Using mac address filters or VPN for something which already has a clean, well developed, universally supported solution is stupid.

There are 802.1x supplicants for OS X (integrated into the OS) and linux (available with most distributions.