Hacker Mitnick teaches Social Engineering(social engineering) awareness-vulnerability warning-the black bar safety net

2006-10-30T00:00:00
ID MYHACK58:62200612592
Type myhack58
Reporter 佚名
Modified 2006-10-30T00:00:00

Description

Security adviser as well as the famous hacker Kevin Mitnick noted that the staff be properly trained to be than a technology better able to avoid sensitive information by Social Engineering attack. “People previously used techniques to solve such problems, but Social Engineering can circumvent these technological protection, including firewall,”Mitnick said,“technology is important, but we must see the people and the process value. Social Engineering is through the use of means of influence and the reach invasion.” In the year in Sydney held by the Citrix iForum Conference on speech, Mitnick said hackers are now analyzing more long-term plans, and in looking for the weakest link---“like you and I like ordinary people.” “Why do hackers use Social Engineering to? Because this is more than finding a technical loophole to be simple.” He said,“You don't think easy prey and go to download a Windows upgrade program.” Mitnick said Social Engineering was by hackers welcomed because in the vast Internet space, it can avoid all of the anti-intrusion system, and requires only a relatively low cost, sometimes even free, and low risk, in each of theoperating systemare running, leaving no trace, almost one hundred percent effective, and the public generally on this issue of lack of awareness. “Social Engineering intrusion can be quite simple can also be very complex, sometimes minutes, sometimes takes several years.” He said. Survey shows nine out of ten people in the exchange of Easter eggs the time will give out their password. Mitnick talked about hackers how to use Social Engineering to from banks extracted millions of dollars, as well as how he is by an employee of the identity into the Motorola R&D sector, and access to the phone's source code. Miotnick that he himself could not for Social Engineering intrusion immunity, and earlier this year sent a letter of”phishing”e-mail from his PayPal user name to obtain information. “This invasion is Real, the threat is also real, so I hope everyone on this action.” He said. He also pointed out that the maintenance Group is the main target, because they provide help people. He said that those who say that Social Engineering is the center of the hacking rumors saying some refuse. Because the public need a reasonable proof to meet their needs. Hackers establish an identity and role, and through connections or other means to establish contact, and destruction of resources. Intelligence-gathering activities might include company, position title, which makes the hackers targeted, but the old-fashioned“drill garbage truck”still work---the company's junk shows a lot of information. Mitnick said even some big companies also from the trash to look for information, such as Oracle recently been discovered in the From the Microsoft junk filter information. When Mitnick17 the age of it from some trash found in a list of employees and some of the source code. Mitnick said that with Social Engineering invasion combat, the institutions they need to build a“human firewall”to fill the already existing vulnerabilities such as not affected by the invasion of the illusion. This can happen in every person, because people instinctively want to help others, and underestimate the information value. Mitigation techniques are from top-level management involvement as well as proof of personal weakness. Mitnick said to be the establishment of an employee participation plan, and the establishment of a simple regulation to clarify who is sensitive information, and build a human firewall to improve this aspect of consciousness. “On the use of technology to replace employee decision-making is the biggest challenge in work efficiency and sensitivity between to maintain balance.”