I would not dismiss "social engineering" too lightly... but I think the boat may be missed in that it works both ways.
Good security, at least as far as I can see through my myopic visual sensors, necessitates a form of reverse-social engineering in order to secure your infrastructure. Hardware and software limitations, as discussed ad nauseam here and in other arenas, are limited by the realities of business incentives and resources while hackers, phishers, spammers (salty), etc. are diverse in tactics and resources (infinite monkeys comes to mind). I know, we've all tried to teach "users" to take their own IT security more seriously, and with the same limited results, but it may soon be impossible to function outside of the "connected space" and people need to be aware that you can't roam around the internet without knowing a minimal amount of security anymore than you can walk around Compton* with $100.00 bills hanging out of your pockets. *Compton selected due to higher than average exposure via international media for street crime. See, I'm always looking out for our bretheren from out-of-country... even if I'm also there. ________________________________________ From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of David Harley [EMAIL PROTECTED] Sent: October 4, 2007 3:17 PM To: 'Paul Ferguson'; [email protected] Subject: RE: [funsec] Quote of the Day: Bruce Schneier > Note: This is an excellent summary of the Storm situation. I suppose. I did find his assertions about the powerlessness of AV and the citing of stuff like old school social engineering as the future of malware a little Chicken Little. -- David Harley http://www.smallblue-greenworld.co.uk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
