Social engineering

Networking/Security Forums -> Physical Security and Social Engineering

Author: sequru PostPosted: Sun May 22, 2005 12:58 pm    Post subject: Social engineering

Can we define key logging and phishing attacks as social engineering methods? I need to make a categorization of attacks in an article and I am thinking to put phishing and key logging under social engineering. Is this a right approach?


Author: zeedoLocation: Scotland PostPosted: Sun May 22, 2005 7:31 pm    Post subject:
Phishing yes that's social engineering.

Key logging certainly is not social engineering. The simplest way to define social engineering is, do you need a human at the other end of the attack for the attack to occur. The method of getting the key logger on the machine may be accomplished by social engineering it also may be accomplished by physical breakin or remote exploitation, the act of logging the keys is not social engineering in itself. The classification of key logging would fall under surveillance possiblly, depends what classifications you are using and for what purpose.

Author: nathan_houseLocation: London PostPosted: Fri Jul 22, 2005 2:42 pm    Post subject: SE is .....
Social Engineering: Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.
- Kevin Mitnick

He has spent the most time behind bars thinking of a definition for his actions than anyone i know! Wink

Nathan House

Author: AZORLocation: Czech Republic PostPosted: Fri Jul 28, 2006 7:27 pm    Post subject: Re: Social engineering
I think same as prevouse poster.
Key logging is not social engieering. SE can be example way to install key logger to computer (unkow cd on your table, great name of keylogger installer, it looks as porn...)
But phishing is social engineering method, it is about psychology... but Sociel Hackers are usually want only one special target. Phishing is SE, but is not importnat who will phished, many are from all Laughing

Author: scriptshadow PostPosted: Sat Oct 28, 2006 4:06 pm    Post subject: Re: Social engineering
I would have to agree, the actual act of logging key-strokes is not SE, but the method which is used to install the logger (be it hardware or software) could be SE if some sort of trickery was used to convince the user to install the software, or find a way into the building and access to the computer to install a physical logger.

I would also say that phishing attacks are not pure SE, as there need not be any actual contact with the user (i.e. fake websites).

Networking/Security Forums -> Physical Security and Social Engineering

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group