Archive for the 'social engineering' Tag
Kevin Mitnick, the infamous hacker and social engineer turned security consultant, gave a presentation at this year’s History Conference at the Naval Academy today. He gave numerous examples of extracting information from people and companies by using their own trust and knowledge against them. His demonstrations likely startled many of the audience members with the range of methodologies and, more importantly, the success rate.
Some may look at the seemingly endless list of ways attackers can obtain what they’re looking for and throw their hands up in despair. It’s important to take a step back and consider some important factors in responding to, and hopefully mitigating, attack vectors.
Technology alone won’t save you. If you fight technology with technology, you’ll lose. All the firewalls and intrusion detection systems in the world won’t be a guarantee that networks won’t be breached. There’s no such thing as an impenetrable system, and no such thing as bugless software. Kevin’s demonstration of exploiting vulnerabilities in widely used commercial software proves this. Moreover, this isn’t just software being used in the private sector. Many of the exploits he demonstrated take advantage of software that’s become an integral part of the way the military handles its information. As if this weren’t enough, the files used to carry out every successful exploit passed antivirus scanning without incident, and were run on fully patched, up-to-date systems.
That’s not to say technological security measures are pointless; far from it. Strong passwords, multi-factor authentication, limited access permissions, and strict data management are as important now as they’ve ever been. Placing full faith in their protection, however, is misguided.
- On Midrats 23 November 14: “Episode 255: Commanding the Seas -the Surface Force with Bryan Clark from CSBA”
- A Magical Metrical Mystery Tour of Ineffective U.S. Drug Policy
- On Midrats 16 November 14, “Episode 254: John A. Nagl: 13 Years into the War”
- Gabe’s Gambit: Celebrating the Marine Corps Birthday and Reflecting on Talent Management
- On Midrats 9 November 14 Episode 253: “The Fleet we Have, Want, and Need” – with Jerry Hendrix