HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 9 guests and 2 members online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow CEH - Certified Ethical Hackerarrow CEH - Official Course Modules v5arrow CEH v5 Module 9: Social Engineering
Ethical Hacker Community Forums
October 12, 2008, 01:21:10 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: CEH v5 Module 9: Social Engineering  (Read 4503 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2304


Editor-In-Chief


View Profile WWW
« on: November 15, 2006, 11:32:31 AM »
 What is Social Engineering?
 Human Weakness
 “Rebecca” and “Jessica”
 Office Workers
 Types of Social Engineering
    o Human-based
    o Computer-based
 Preventing Insider Threat
 Common Targets of Social Engineering
 Factors that make Companies Vulnerable to Attacks
 Why is Social Engineering Effective?
 Warning Signs of an Attack
 Tool : Netcraft Anti-Phishing Toolbar
 Phases in a Social Engineering Attack
 Behaviors Vulnerable to Attacks
 Impact on the Organization
 Countermeasures
 Policies and Procedures
 Security Policies - Checklist
 Phishing Attacks and Identity Theft
 What is Phishing?
 Phishing Report
 Attacks
 Hidden Frames
 URL Obfuscation
 URL Encoding Techniques
 IP Address to Base 10 Formula
 Karen’s URL Discombobulator
 HTML Image Mapping Techniques
 Fake Browser Address Bars
 Fake Toolbars
 Fake Status Bar
 DNS Cache Poisoning Attack

Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

Don
Logged
CISSP, MCSE, CEH, Security+ SME
Negrita
Sr. Member
****
Offline Offline

Posts: 289



View Profile
« Reply #1 on: November 16, 2006, 01:57:12 PM »
Who or what's “Rebecca” and “Jessica”?  Huh
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
SpudniX
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: November 16, 2006, 04:09:23 PM »
In Social Engineering, Rebecca and/or Jessica are the nice people who answer the phone or work at reception who are more than happy to divulge sensitive information without knowing it. The idea is to exploit their helpfulness to get information you want.

For instance, in a social engineering scenario, a hacker may call the front desk and claim to be from the helpdesk trying to solve a problem, therefore requiring Rebecca’s login and password. Rebecca being helpful and not wanting to get into trouble gives out her login and password…or the name of IT manager, or other sensitive information a hacker could find useful.

To be politically incorrect, Rebecca and/or Jessica are the “dumb blondes” (for lack of a better word and at the risk of sounding sexist) who can compromise security by their naïveté.

Remember, millions of dollars of security can be compromised by exploiting the weakest link of an organization—its people. Often times, these people are the ones who whose job it is to be friendly and helpful to the public.
Logged
-.-
SpudniX
CEI, CEH, CHFI
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1008


View Profile WWW
« Reply #3 on: November 16, 2006, 11:34:27 PM »
cool so Dave and Steve wont give up the password, good stuff  Grin
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
SpudniX
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #4 on: November 17, 2006, 03:33:04 AM »
That's a good point Chris, the terms Jessica and Rebecca seem a bit sexists, in addition to being ambiguous. Perhaps there is a better term. Do you have a suggestion?  Smiley
Logged
-.-
SpudniX
CEI, CEH, CHFI
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1008


View Profile WWW
« Reply #5 on: November 17, 2006, 01:23:26 PM »
no not really...

how about steve and rebecca problem

or you could still use bob and alice like with all the PKI examples
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
Kev
Guest
« Reply #6 on: November 18, 2006, 04:36:02 PM »
How about Dumb and Dumber, lol? Just leave the sex thing out altogether.
Logged
sgt_mjc
Full Member
***
Offline Offline

Posts: 141


View Profile
« Reply #7 on: February 06, 2008, 11:14:39 AM »
Quote from: SpudniX on November 16, 2006, 04:09:23 PM
In Social Engineering, Rebecca and/or Jessica are the nice people who answer the phone or work at reception who are more than happy to divulge sensitive information without knowing it. The idea is to exploit their helpfulness to get information you want.

For instance, in a social engineering scenario, a hacker may call the front desk and claim to be from the helpdesk trying to solve a problem, therefore requiring Rebecca’s login and password. Rebecca being helpful and not wanting to get into trouble gives out her login and password…or the name of IT manager, or other sensitive information a hacker could find useful.

To be politically incorrect, Rebecca and/or Jessica are the “dumb blondes” (for lack of a better word and at the risk of sounding sexist) who can compromise security by their naïveté.

Remember, millions of dollars of security can be compromised by exploiting the weakest link of an organization—its people. Often times, these people are the ones who whose job it is to be friendly and helpful to the public.


That is a great point about security being given the run around by a helpfull and well meaning employee doing something completely stupid. That alone make SE so effective. The weakest link is always the end user.
Logged
Mike Conway
CompTia Security +
C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 25 queries.
 
Polls
Why a Career in Ethical Hacking:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.