Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
A few weeks ago I had the chance to take in SecTor. Normally when I go to an event like this I hang out in the Community Zone or am presenting or doing some other work. This time I showed up as an attendee, went to a load of sessions, networked, and hung out with like minded security people. It was a nice departure from the norm but I did get a chance to record some interviews for podcasts to share with you!
Steve Riley is up first. Steve is a member of Microsoft's Trustworthy Computing team in Redmond and is a very intelligent, exciting, engaging and entertaining speaker. He delivered a keynote session on social engineering which you check out but I sat down with him to talk about social engineering and what can be done to limit its effectiveness (Hint: Session 1 at My TechNet covered this)
http://www.canitpro.ca/podcasts/steveriley-social.mp3 - 7:27
I believe "Social Engineering" is what most of us have to do to get past Tech support at certain companies...
"Who are you?"
Respond with the husaband or boss' name.
"Ok Mr. Smith, what is your address?"
Look at the business card on the desk.
"Do you have your passcode handy?"
Come up with fake excuse, too busy, too many meetings, mail server is down, stressed.
Next thing you know you're John Q Smith, CEO of ABC Corporation getting support for his live Domain.
Happens all the time. Of course this is a case of sanctioned social Engineering by John Q. Smith BUT knowing how to the pull this off, I can definitely see people calling up with "just enough info" to 'become' that person.
Kinda scary eh?
The Powerpoint slide show is one of the most comprehensive presentations I've seen on the topic of