Security Basics: Social Engineering

June 4, 2005, 1:40 am

It has been said the the users are the weakest link in the security chain. This is especially exemplified in Social Engineering. This is a practice wherein a user is lured to give in sensitive information such as password and credit card numbers. This is typically directed at the users and not on a security hole. The success of many of virus and phishing attacks are due largely to social engineering.

Let us take the case of the Love Bug worm. The worm made an international sensation because it was able to infiltrate even the Pentagon. This is not because there were known security holes in the system of the Pentagon, but because of the psychological motivation of “love” which prompted users to execute the worm. Aside from that, social engineering also plays a big part in phishing or attacks directed at getting user information through e-mail, instant messages, or websites that asks for them.

These activities are not exclusive to the Internet. This include chain e-mails, like the case of “Bill Gates giving away his money” if you forward the e-mail and made it look authentic with a signature of a lawyer at the end of the mail; scams such as the “Nigerian Scam“; and even text scams.

According to Sophos, there are measures one need to consider in order to avoid phishing scams:

  1. Never respond to emails that request personal financial information
  2. Visit banks’ websites by typing the URL into the address bar
  3. Keep a regular check on your accounts
  4. Check the website you are visiting is secure
  5. Be cautious with emails and personal data
  6. Keep your computer secure
  7. Always report suspicious activity

Recommended sites for more information:

http://www.fightidentitytheft.com/
http://www.windowsecurity.com/articles/Avoid-Phishing.html

Next on Security Basics: PHP

Posted by Francis under: Security

  • Security Basics: PHP
    • For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait for
  • WordPress 2.0.3 Released
    • The latest in the stable 2.0 series, 2.0.3, is now available for download at WordPress.org. This is a bug fix and security release, and is
  • Apache 1.3.36 Security Update
    • A new version of Apache (1.3.36) was just released for Cpanel servers. We don't recommend upgrading rightaway, because you quite often wind up with more
  • CGI Scripts disabled
    • We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since
  • WordPress 1.5.1.3 Security Update
    • WordPress version 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals = on in the PHP configuration. perl and PHP
  • Enable register_globals on individual cPanel accounts
    • Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enable
  • Upgrade your blogs to WordPress 2.1.13 & 2.0.10
    • The new release of WordPress are versions 2.1.13 and 2.0.10. There are security updates so download your copy now and upgrade your blogs.

    Leave a Comment

    You must be logged in to post a comment.

    Trackback this post  |  Subscribe to the comments via RSS Feed

    plogHost Web Services

    Calendar

    November 2008
    M T W T F S S
    « May    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930

    Most Recent Posts