declined to five Fortune 500 employees of social engineering hackers aim to provide information about the company - all women
Fortune 500 employees 135 people, through social engineering hackers in recent contests, only five of them headed by refusing to provide solid information. And you know what? The five girls.
This is the interesting point that the data collected by the organizer of the competition, which occurs after a public event at DEFCON hacker conference last month. Organizers in Washington this week, reported the U.S. Federal Bureau of Investigation, what they have learned, but they hope to publish a report with more details next week.
Participants dealt with 17 major companies in the two-day event, such as Google, Wal-Mart, Symantec, Cisco Systems, Microsoft, Pepsi, Ford and Coca-Cola. Sitting in the glass room, the spectators, who called the company's employees, tried to do to provide information.
Participants were very successful, "said Chris Hadnagy, an event organizer. A single company will reveal secret tidak dari participants are required untuk mendapatkan tanah, and itu hanya terjadi karena ada no tubuh yang hidup satu get on the phone." If kita received by each companies to conduct safety audits on the side of social engineering, not nearly everyone in the company, "said Hadnagy.
Participants are not allowed to ask for information such as passwords or sensitive social security numbers, but they're trying to provide information that can be misused by attackers, how to find where the operating system, antivirus and browser software used by their victims. They tried to sign and communicate with a Web site to visit is not valid.
One of the most interesting findings: half of the companies contacted are using Internet Explorer 6, the browser is known to have serious security vulnerabilities. Another discovery: if the participants try to visit people at a site outside ready for the competition, they are always successful, eventually.
The results showed that it can be said and done, even the safest company by employees, or, that is not damaged.
And a real threat, said Christopher Burgess, Cisco senior security adviser, one of these companies are designed by the participants. "In real life simulation of the call happens in many companies," he said. "This is a great art from the collection of perfect information."
People have called Cisco, claimed that the system when trying to download and urgent appointments for employees the information they do not have to, says Burgess. "We are trained to recognize social engineering as a way to manipulate people in the implementation of the action or disclosure of confidential information."
Cisco can do a lot of training of security procedures that are available to the public, other companies to learn from experience over the years.
Although Cisco is one of the competing companies run social engineering Hadnagy information about a particular company
Dry phonetic SimakBaca
ListenRead phonetically
No comments:
Post a Comment