As Mitnick states the following:
"Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation."
, then it is very hard for me to find a good case. Manipulating or fooling people is commonly a bad thing. I would imagine, that a good case of social engineering is very hard to find. But possible.
For example defence war - there would be no greater good for example, when Russia invaded Georgia (or when Georgia killed innocent Russian citizens), when the nation under attack would have used social engineering to gain necessary information about the enemy's systems. Social engineering is closely tied to spying, and spying is a good cause, because it enables a country to achieve goals with lesser casualties to both sides at war.
And who hates Bond anyway?
Measures against social engineering attempts
#1 Known sites
Use well known sites when in the internet. Twitter in twitter, social-network in Facebook, e-mail in Google etc. Although the sites are huge and therefore lack of personal touch, they have a greater responsibility towrds their user-base, because of the high public attention on the owners. And credential thefts are unlikelier to appear in these sites (administrators are faster to help). Of course I haven't used any alternatives for the before-mentioned sites, so I don't KNOW how things are there, but I assume it.
#2 Passwords
Change your password every two month. Use 2 or 3 password types for websites (classify the passwords into categories - eg. e-mails, random sites and essential sites (banking)).
#3 Notice
Notice everything. The website's address. Uncommon changes in the content. News about sites that you use. Random browsing is convenient but dangerous to your privacy.
#4 Internet is not superior
When your friend sends you a love-letter or hate-mail, don't believe it at once. There is an opportunity that his or hers account has been compromised. When everything else fails, count on the traditional communication - meeting a person face to face.
#5 Use of biometric securities
Install a finger-print reader to your laptop and use it. That hardens the task for the social engineer to steal your identity.
No comments:
Post a Comment