Title: CEH v5 Module 9: Social Engineering
Post by: don on November 15, 2006, 11:32:31 AM

 What is Social Engineering?
 Human Weakness
 “Rebecca” and “Jessica”
 Office Workers
 Types of Social Engineering
o Human-based
o Computer-based
 Preventing Insider Threat
 Common Targets of Social Engineering
 Factors that make Companies Vulnerable to Attacks
 Why is Social Engineering Effective?
 Warning Signs of an Attack
 Tool : Netcraft Anti-Phishing Toolbar
 Phases in a Social Engineering Attack
 Behaviors Vulnerable to Attacks
 Impact on the Organization
 Countermeasures
 Policies and Procedures
 Security Policies - Checklist
 Phishing Attacks and Identity Theft
 What is Phishing?
 Phishing Report
 Attacks
 Hidden Frames
 URL Obfuscation
 URL Encoding Techniques
 IP Address to Base 10 Formula
 Karen’s URL Discombobulator
 HTML Image Mapping Techniques
 Fake Browser Address Bars
 Fake Toolbars
 Fake Status Bar
 DNS Cache Poisoning Attack

Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

Don

Title: Re: CEH v5 Module 9: Social Engineering
Post by: Negrita on November 16, 2006, 01:57:12 PM

Who or what's “Rebecca” and “Jessica”? ???

Title: Re: CEH v5 Module 9: Social Engineering
Post by: SpudniX on November 16, 2006, 04:09:23 PM

In Social Engineering, Rebecca and/or Jessica are the nice people who answer the phone or work at reception who are more than happy to divulge sensitive information without knowing it. The idea is to exploit their helpfulness to get information you want.

For instance, in a social engineering scenario, a hacker may call the front desk and claim to be from the helpdesk trying to solve a problem, therefore requiring Rebecca’s login and password. Rebecca being helpful and not wanting to get into trouble gives out her login and password…or the name of IT manager, or other sensitive information a hacker could find useful.

To be politically incorrect, Rebecca and/or Jessica are the “dumb blondes” (for lack of a better word and at the risk of sounding sexist) who can compromise security by their naïveté.

Remember, millions of dollars of security can be compromised by exploiting the weakest link of an organization—its people. Often times, these people are the ones who whose job it is to be friendly and helpful to the public.

Title: Re: CEH v5 Module 9: Social Engineering
Post by: ChrisG on November 16, 2006, 11:34:27 PM

cool so Dave and Steve wont give up the password, good stuff ;D

Title: Re: CEH v5 Module 9: Social Engineering
Post by: SpudniX on November 17, 2006, 03:33:04 AM

That's a good point Chris, the terms Jessica and Rebecca seem a bit sexists, in addition to being ambiguous. Perhaps there is a better term. Do you have a suggestion? :)

Title: Re: CEH v5 Module 9: Social Engineering
Post by: ChrisG on November 17, 2006, 01:23:26 PM

no not really...

how about steve and rebecca problem

or you could still use bob and alice like with all the PKI examples

Title: Re: CEH v5 Module 9: Social Engineering
Post by: Kev on November 18, 2006, 04:36:02 PM

How about Dumb and Dumber, lol? Just leave the sex thing out altogether.

Title: Re: CEH v5 Module 9: Social Engineering
Post by: sgt_mjc on February 06, 2008, 11:14:39 AM

Quote from: SpudniX on November 16, 2006, 04:09:23 PM

That is a great point about security being given the run around by a helpfull and well meaning employee doing something completely stupid. That alone make SE so effective. The weakest link is always the end user.

Ethical Hacker Community Forums

Ethical Hacking Discussions and Related Certifications => CEH - Official Course Modules v5 => Topic started by: don on November 15, 2006, 11:32:31 AM