On Wed, Apr 27, 2011 at 2:30 PM, Daniel Fussell <dfuss...@byu.edu> wrote:
> > fall. But when all is said and done, social engineering is frequently > the easiest and most successful attack. > > I absolutely agree. While at BYU, I had a student, who loved security, perform an audit on our systems and group. I told him that he could use anything but key loggers and attempts to break systems out of our control to gain access to privileged accounts. I also had an encrypted file for him to tell me what the contents were. The only way he was able to gain the access was through social engineering and that didn't take long (mostly because of the trust he had built up). It was a good exercise for us and we learned a lot. What we took away was: 1. Never login and walk off. 2. If someone needs to use your privileged account watch everything they do and ask questions about what they are doing. 3. Of course, never give out passwords (or write them down). Robert
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list