Tuesday, March 29, 2016

Risky Business

So to kick this off, what do suppose is the weakest kink in any security system? If you said anything other than you, you are sadly mistaken. Estimates of the percentage of successful hacks perpetrated by simple social engineering are as high as 80%!
So what is social engineering? Simply put, it is attacking using the tool of human fraility. A guy with a clipboard is 5 times more dangerous to your security than any thug with a ski mask.
Check this out:
We all know the basics—strong passwordstwo-factor authentication, and so on. However, the most recent security and privacy breaches have had less to do with bad passwords and more to do with social engineering. Let's look at what that is, why it can happen without you knowing, and how you can protect yourself.
 From the always excellent Lifehacker.

At its heart, social engineering is an essential form of hacking—it works around or outside existing systems to obtain a desired result. And just as it can be used for innocent fun, it can also be used to steal identities, violate people's privacy, and cause serious harm. Just ask Mat Honan, who had his identity stolen a few years ago thanks to a little clever social engineering of support reps at Apple and Amazon. Now, we're seeing it again, no thanks to the celebrity photos leaked and lurking around the internet, obtained by social engineering, not brute force cracking or sloppy security. In this case, the intruders likely used known information to defeat security prompts, reset passwords, and obtain access to otherwise secured information. And the most interesting (and scariest) part is that this kind of social engineering is relatively easy given a little research into your target.
If you are going to keep any form of security or compliance, you need to have an aggressive  policy and training program, because, in the immortal words of Pogo, "We have met the enemy and it is us."