31.07.2010
A few companies in the Fortune 500 need to upgrade their Web browsers. And while they're at it, a little in-house training on social engineering wouldn't be a bad idea, either.
Social engineering hackers -- people who trick employees into doing and saying things that they shouldn't -- took their best shot at the Fortune 500 during a contest at Defcon Friday and showed how easy it is to get people to talk, if only you tell the right lie.
Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple and Shell, to give up all sorts of information that could be used in a computer attack, including what browser and version number they were using (the first two companies called Friday were using IE6), what software they use to open pdf documents, their operating system and service pack number, their mail client, the antivirus software they use, and even the name of their local wireless network.
The first two contestants made it look easy.
Wayne, a security consultant from Australia who wouldn't give his last name, was first up Friday morning. His mission: Get data from a major U.S. company. (IDG News Service has chosen not to report which companies fell for which attacks because of possible security risks.)
Sitting behind a sound-proof booth before an audience, he connected with an IT call center and got an employee named Ledoi talking. Pretending to be a KPMG consultant doing an audit under deadline pressure, Wayne got Ledoi to spill details, big time.
» Android » Blackberry » Cloud Computing » iPad » iPhone
» Linkedin » Office 365 » Projektmanagement
» Rolle des CIO » SaaS » Scrum » SWOT-Analyse
Newsletter von CIO.de
