[PLUG-TALK] Social Engineering Q&A
Dwight Hubbard
dwight at dwightandamy.com
Tue Jul 10 17:30:08 UTC 2007
This could certainly be a social engineering attack, especially if the CEO
has just been booted off the board and the information hasn't been release
yet.
If getting the data immediately is critical then I would expect the correct
process would be to get all the parties that are part of the data
change/release process on a conf call and expidite the request through the
process.
Heck, if the data falls under government regulation like SOX or FERC there
could be potential legal liability with not following process in addition to
the security issues.
On 7/10/07, Michael Rasmussen <mikeraz at patch.com> wrote:
>
> I'm in a security class this week. Yesterday we talked about social
> engineering.
> A spirited discussion revolved around this question.
>
> The CEO of the organization needs to get access to data immediately.
> You definitely recognize her voice, but a proper request form hasn't
> been filled out to modify the premissions. She states that normally
> she would fill out the form and should not be an exception, but she
> urgently needs the data.
>
> Is this a social enginnering attack?
> True or False
>
>
> --
> Michael Rasmussen, Portland, Ore, USA
> Be Appropriate && Follow Your Curiosity
> http://www.patch.com/words/
>
>
> _______________________________________________
> PLUG-talk mailing list
> PLUG-talk at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug-talk
>
--
Dwight Hubbard (RHCE)
dwight at dwighthubbard.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pdxlinux.org/pipermail/plug-talk/attachments/20070710/c7d7f9ae/attachment.html>
More information about the PLUG-talk
mailing list