tgoe wrote:What is your time frame? I would've been looking at social engineering by now. If it is worth the hassle, get a job there and do it from inside.
Pheo14 wrote:tgoe wrote:What is your time frame? I would've been looking at social engineering by now. If it is worth the hassle, get a job there and do it from inside.
+7GMT, yes, I'm working from the inside
As far as I know, social engineering is about manipulating people, they can do that by creating a faked website or by posting links into the forum...
Anyway, there is none community interaction in the website, therefore the only way for a social engineering campaign to be conducted is by posting a link to the faked website elsewhere (it will never be posted on the main site, simply because they can't). In that case, those who fall for the trap deserve it, they should've known how to protect themselves before going online.
hellow533 wrote:ocial engineering goes much further than phishing.
"hey I'm new here, what's the login/password for the system/website/whatever?"
"Oh hey man, the username is genericname1 and the password is somepassword123"
Once you have user access (assuming there is user access) to the system you may be able to take another step forward to admin access. A big reason I have to make REAAALLLL shitty slideshows (that eventually get remade anyway because I can't explain shit to people properly) is because of user error. "Oh, I'm going to give a username and password to some random guy in the office I don't know."
Or my favorite,
"I think I'll disable the password and mac address filter for our wireless, then bitch about any further problems such as employees loafing around and not doing work to possible security risks."
Users browsing this forum: No registered users and 0 guests