Social Engineering Mark Shtern Social Engineering SE is
- Slides: 10
Social Engineering Mark Shtern
Social Engineering • SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation – Trickery
Goals • Install spyware, other malicious software • Trick persons into handing over passwords and/or other sensitive information
Movie • http: //www. youtube. com/watch? v=8 TJ 4 XOv. Y 7 II&feature=related • http: //www. youtube. com/watch? v=k. W 1 DPPp 1 VQ
Tactics • Pretexting • Phishing • Fake Websites • Fake Pop-up • Reverse Social Engineering • Phone Social Engineering • Spoofing • – Caller. ID – SMS Tiny. URL
Human nature • Reciprocity Principle - People tend to feel obliged to discharge perceived debts. • Authority Principle – People tend to respond to authority figures • Social Proof Principle – People tend to use people who are similar to themselves as behaviour models • Scarcity Principle – People value things they perceive as scarce more than things they perceive as common • Consistency / Commitment Principle – People tend to act to maintain their self image (even without conscious knowledge)
Attack Pattern • Information gathering • Developing relationship • Exploitation • Execution
Examples • Facebook – Made a fake Facebook account to get access to your friends list. • Twitter – photo advertising a video with girls posted • “new version of Adobe Flash” is required to watch the video
Countermeasures • Management buy-in • Security policy • Physical security • Education/Awareness • Good security architecture • Limit data leakage • Incident response strategy • Security culture
RSA: Phishing Attacks • Sent phishing e-mail – Subject • "2011 Recruitment Plan" – Attachment • Excel spreadsheet with discovered Adobe Flash zero day flaw CVE 20110609 • Trojan • Harvested credentials • Obtained privileged access to the targeted system
- Mark shtern cancun
- Mark shtern
- Arpoison
- Apa itu social thinking
- Social thinking social influence social relations
- Computer based system engineering in software engineering
- Forward engineering and reverse engineering
- Engineering elegant systems: theory of systems engineering
- Engineering elegant systems: theory of systems engineering
- Forward and reverse engineering
- Social engineering can occur through