Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Features

What Would You Do If You Were In His Position?

He felt that he had to seal the problem without exposing his key staff to higher management scrutiny. Call it loyalty, shrewdness, or just a plain old 'cover your ass' strategy, but he decided to batten down the hatches, attempt to retrieve the floating information from its online source, patch up all possible holes that he could find, slap a couple of people on the wrists, and ride out any storms that might have arisen.

There was no serious attempt to assess damage. This event clearly indicated that there was direct complicity between an administrative user and the hacker(s).

What was the potential for data damage? Databases containing tens of thousands of personal records possibly exposed. Machines handling thousands of credit card transactions possibly exposed. The complete network and server architecture was possibly exposed, and the highest echelon of IT administrators directly implicated in the firing line.

And it all went quietly away. This is a very subtle social engineering strategy that is often risked by hackers. If the potential for considerable damage to friends and brand is big enough, then there is a good chance that an intrusion will be allowed to sink from view, very quietly.

So what am I saying?

Am I implying that in addition to instances where you have been the victim of fraud and you know about it, that there are others that you do not know about? That there is a possibility that thieves out there may have information about you that has been stolen, and the situation has been elaborately covered up by the custodial organization? That there are instances where staff that have administrative responsibility for systems interact with hackers?

Am I saying that that's how it gets done? Am I saying that that's how the staggering levels of IT related fraud happen with almost total immunity from prosecution? That in many cases, where there is a significant threat to destabilization of a company infrastructure, or brand damage, or market depreciation, then an organization may decide to ride the hit and tighten security?

And More Examples...

Other examples of social engineering are also rampant, including some that apply to the end-user directly. Phishing is a form of social engineering. Another good example came about recently when hackers used excerpts from BBC News stories in emails, with a link at the end saying "Read more..." Users click on the link without checking it, or even questioning why they're getting emails from the BBC, and the next thing they know they're getting spyware and Trojans downloading onto their machines.

The list goes on and on, and so do the mistakes. In the problems that I have outlined above, it wasn't the security architecture that failed, it was the implementation, maintenance and basic adherence to protocol that did. The risks that this pose, both to the person and to the organization, are clear. Everything from credit card details to military secrets can be uncovered through clever social engineering, which essentially uses a lot of the manipulation tricks of the spy trade.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I have attached a 2TB WD elements and partitioned it for 1.8TB for network share and 200GB for use with jffs partition on a RTAC88U with Merlin 384.18...
Suricata is a free and open source, mature, fast and robust network threat detection engine.The Suricata engine is capable of real time intrusion dete...
Hello guys.Right now I'm using that line to make a backup of my entire jffs in shell:Bash: tar -cf some_folder/jffs_"$FWVER".tar /jffs >/dev/null 2>&...
This is FlexQoS, a fork of the original, groundbreaking FreshJR_QOS script written by @FreshJR.FlexQoS provides a fully customizable Adaptive QoS expe...
Supermicro SuperServer E302-9D Review: A Fanless 10G pfSense Powerhouse www.anandtech.com With this piece of kit, I could see myself wadin...

Don't Miss These

  • 1
  • 2
  • 3