• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Social Engineering, the USB Way

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering

View previous topic :: View next topic  
Author Message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Fri Jun 09, 2006 1:26 am    Post subject: Social Engineering, the USB Way Reply with quote

Quote:
We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the social engineering button. In the past, they'd had problems with employees sharing passwords and giving up information easily. Leveraging our effort in the report was a way to drive the message home to the employees.


Interesting read, how many people would fall for this in your organisation?

Full article available at DarkReading.com
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
apperrault
Just Arrived
Just Arrived


Joined: 02 Nov 2005
Posts: 4
Location: Emeryville, CA

Offline

PostPosted: Fri Jun 09, 2006 1:33 am    Post subject: Reply with quote

I just passed this on to the rest of my IT group. I would bet most of our employees would do it. As an admin, how many of you have received these from vendors. I know that I have three of them sitting here on my desk right now. Granted, when we got them, i had one of the other admins plug it in first and we ran some virus scans etc on them, but I know that i have done it in the past without even thinking about it. it is reasons like this, that I would never purchase a USB drive from a place like e-bay.

Very interesting read.

app
Back to top
View user's profile Send private message Send e-mail
PSTUBb
Just Arrived
Just Arrived


Joined: 11 Nov 2005
Posts: 0


Offline

PostPosted: Fri Jun 09, 2006 3:01 am    Post subject: Reply with quote

Curiosity killed the cat!

Interesting read, I really like the concept of exploiting human nature.
Back to top
View user's profile Send private message
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Fri Jun 09, 2006 9:02 pm    Post subject: Reply with quote

We've done similar tests with CDs entitled "MP3's". The CD contains a trojan as well as an assortment of hideous music. Results are generally pretty good, but I could imagine how a USB stick would get better results.

Good read
Back to top
View user's profile Send private message Visit poster's website
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Sat Jun 10, 2006 1:57 am    Post subject: Reply with quote

Sgt_B wrote:
We've done similar tests with CDs entitled "MP3's". The CD contains a trojan as well as an assortment of hideous music. Results are generally pretty good, but I could imagine how a USB stick would get better results.

The CD can be very very deadly if they happen to be using Autorun (which is on by default) - no user interaction needed to install the trojan (hell, think Sony Wink).

Of course one would hope that a competently secure network wouldn't have Autorun enabled, but then again...
Back to top
View user's profile Send private message
PSTUBb
Just Arrived
Just Arrived


Joined: 11 Nov 2005
Posts: 0


Offline

PostPosted: Sun Jun 11, 2006 12:28 am    Post subject: Reply with quote

capi, I believe there are certain ways to get autorun on USBs too.

Something with flashing the firmware or maiking the USB bootable or something.

Google will surely know.
Back to top
View user's profile Send private message
STox
Just Arrived
Just Arrived


Joined: 13 May 2006
Posts: 0


Offline

PostPosted: Sun Jun 11, 2006 2:50 pm    Post subject: Reply with quote

PSTUBb wrote:
capi, I believe there are certain ways to get autorun on USBs too.


USB flash disks will only auto-run in Windows XP SP2 (I don't know about Server 2003) - It uses the same method as CD's (i.e. autorun.inf, etc).
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register