Yes but this was a simple contrived example at how a social engineering example would work. In reality it would be a little more complex but social engineering is a way of "hacking" that combines social interaction with technology to form a 'best of breed' sort of system infiltration.
It is all about what you know. Try cracking someone's 4096 bit PHP key, or just put a little recorder on their system bypassing the encryption all together? (Recent FBI case) (Okay this is not strictly social engineering but its a good example of how it works) You can have the tightest most awesome firewall and the most secured systems in the world in the world. But if you can trick someone with privileged access the most strict security measures are completely useless. Jeremy Allen elliptIQ Inc. -----Original Message----- From: Angel Stewart [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 16, 2001 10:21 AM To: CF-Talk Subject: RE: Test Hacking a web site. 0_0 You are bad bad person. *makes copious notes* Oh..but what if the person at target company knows Phil? Whoever you're going to be talking to would likely be in Technical at Target Company to know to FTP files into specific directories on the webserver, and thus chances are that s/he and Phil had interacted before.... Ahhh HA! -Gel -----Original Message----- From: Dan Kemp [mailto:[EMAIL PROTECTED]] But you missed out one of the best one: social engineering, go to target companies CF web site and find out who build/designed it (most sites have this, if not phone). Then go to that companies web site, look at the case studies and note down the other people they've done work for. Phone call 1. to the developers to get the name of the person in charge of developing that project. "Hi I'm Jim from *made up company* We're looking for some database backend web work in ColdFusion, and errr... we've been looking at other web sites to kinda see what things we like and saw *target company name*, and *couple more companies* it kinda close to what we want, but I've a couple of questions, could I very quickly ask you, did you work on them, you did? (or "who did?" can I speak to them)"... ask couple of half intelligent questions. Phone call 2. to the target company. "Hi it's Phil here from *design company name*, we worked on your site. Dave (person who was in charge), tells me that we need to fix the image size problem with your site before it starts to become apparent. Trouble is I'm on holiday so I can't connect and upload the image checking file I need, I'm stuck in a hotel and can only get to my hotmail account. If I email you the file can you put it into the imgs folder for me? Yeah, if I email to you, can I phone back in about half an hour to check it's in the right place? Cheers." Send encrypted imageCheck.cfm to target person. Let's see the firewall stop that one! Dan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
