- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Toxic Mix or Bit of a Mixed Blessing? 31/12/2007 10:36:30
“Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . ” The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare’s Macbeth, but even so it makes “for a charm of powerful trouble”"Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . " The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare's Macbeth, but even so it makes "for a charm of powerful trouble" - +
Hiring Manager: Emphasize Integrity, Attitude 14/12/2007 11:18:07
William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool.William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool. - +
Doing Your Sums on . . . Build, Buy or Rent 05/11/2007 13:32:30
You’re trying to build a world-class IT team, but everyone’s going after the same talent pool. What mix works best? Should you grow your own, draft your players or barter your way to the line-up you want to field?CIOs should never forget that while new technologies have a maturity cycle, the maturity cycle for human beings in IT is even longer
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Best Practice in Building an Integrated Information Management Strategy
How to Beef Up Your Sales Pipeline
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Revolutionising Back-up and Recovery
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Email Archiving Implementation: Five Costly Mistakes to Avoid
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Con job, pretexting, social engineering -- the art and science of manipulating human beings for nefarious ends -- goes back as far as the origin of the species. The techniques have been practiced and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen.
But in our modern, security-centric world, this ancient craft poses an ever-present danger: Despite technological advances that present an illusion of security, we are as vulnerable as ever to the con.
IT security pros frequently employ social engineering when analyzing a company's overall security strategy. After all, even a completely locked-down computer network won't protect your company's secrets if someone can "tailgate" a group of employees through the front door, plug a remote-access device into an open network port, and walk out again. And the sad fact is, even a social engineering amateur can be successful. People are gullible, and without a real-world test, you'll never know how vulnerable your company really is.
With that in mind, we spoke to security experts in the field who perform these kinds of physical penetration tests on a regular basis to learn the tricks they use to bypass security. Armed with this knowledge, you stand a better chance at preventing a real attacker from stealing the recipe to your company's secret sauce.
Do: Research your target before you make contact
If you're going to do a realistic test, you need to do your homework. Going to school on a target -- whether a person or a company -- is a fundamental first step to any social engineering project. Why go to the trouble to sneak into a building if, once inside, you find that the info you're looking for resides elsewhere?
"What you've got to do is learn [as much as you can] about the target itself, and what information is valuable to the target," says Ira Winkler. And Winkler should know: Author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day and Zen and the Art of Information Security, Winkler is among the foremost experts in the art and science of social engineering.
Winkler makes a crucial point, because even white hat social engineers can get into trouble. One penetration tester interviewed for this story, who asked that his name not be used, admitted that a lack of preparation early in his career nearly got him arrested.
The task, commissioned by a U.S.-based firm to get inside its London office, seemed simple enough, but he had no idea that the same building that housed the company that hired him also housed Britain's domestic intelligence agency, MI5.
"They had spotted me when I was still a block away, followed me using CCTV cameras, and picked me up just before I was able to approach a female employee and ask her to let me into the building," he said.
In other words, a successful social engineering hack is no snatch-and-grab job. It requires real diligence. "If you're going to be doing this work, you have to have a detailed plan," Winkler says. "The less training you have, the more detailed the plan you have to follow."
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 2008-09-05 11:05:00+10
F-Secure delivers fastest protection in the online world 2008-09-04 16:50:00+10
NETGEAR expands ProSafe team as business-class products take off in SME market 2008-09-04 16:27:00+10
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 2008-09-04 16:00:00+10
Adaptec Intelligent Power Management Reduces Storage Power Consumption Up to 70 Percent 2008-09-04 11:28:00+10
Did you GET the memo? Getting you from Web 1.0 to Web 2.0 Security
Enterprises have forged ahead with the rapid evolution from Web 1.0 to Web 2.0 without addressing the inherent security risks. It is imperative for organisations to continue to embrace new technologies to survive, but security must shift from being an after thought to a primary consideration. Read on to find out more.
