EH-Net

Ethical Hacking Discussions and Related Certifications => Social Engineering => Topic started by: johnnekar on April 02, 2010, 01:37:57 AM


Title: How to prepare the "Human OS" for a malware scan???
Post by: johnnekar on April 02, 2010, 01:37:57 AM
Well there are loads of AVs that not only alert you of some threats but also provide online security. Securing your computer/OS to some extent(No machine is completely secure, never) is easy but what about the OS that is installed on our brain? The biggest vulnerability of the Human OS (HOS) is "trust". So we can define Social Engg as "The clever manipulation of the natural human tendency to trust".

Well the biggest questions over here are:
1) Though AVs, firewalls and IDSs keep the networks perimetere secure, how can we train the HOS to identify any mischief?

2) People who are naive to the internet will never know that they are becoming a victim of a phishing attack. Even after warning the population to check the URL, the SSL favicon, the padlock symbol to ensure the authencity of a websit, how many bother to check that?

3) Techniques like email spoofing add to the nuisance. Who bothers to check the headers of an email to verify the origin if the message?

4) Can there never be a security solution to Social Engg?

I as a script-kiddie had launched quite a few phishing attacks. But being a White Hat I only grabbed email a/cs, no bank accs. Though I never misused them, but merely accessing those accounts gave enormous information about that person including bank & credit card details.

Will we ever have a solution??

j0hnn3k4r
http://techkranti.blogspot.com

Title: Re: How to prepare the "Human OS" for a malware scan???
Post by: pizza1337 on April 02, 2010, 08:57:44 AM
Educate your workers. of course not everyone is going to be patched, but if some understand they can protect each other.

http://www.seas.ucla.edu/security/social_eng.html
http://www.windowsecurity.com/articles/Social_Engineers.html
http://www.bestsecuritytips.com/xfsection+article.articleid+126.htm
http://schaumburgcomputers.com/?p=15

Title: Re: How to prepare the "Human OS" for a malware scan???
Post by: j0rDy on April 06, 2010, 03:29:05 AM
security awareness trainings should be standard within every organization atleast once a year. there are many do's and dont's for giving these trainings, but the fact should be that people think before they act. If the budget doesnt let you perform a simple phising scam (with authorization from your manager) and calculate the results to a simple chart showing how many people "clicked the wrong button". even this is effective in educating people for such attacks.

Title: Re: How to prepare the "Human OS" for a malware scan???
Post by: pizza1337 on April 06, 2010, 04:45:00 AM
http://www.youtube.com/user/mindfulsecurity#grid/user/EC5CB2F0B9123BF6 
found this last night.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com