SoCIT-al Engineering
This previous week (July 25, 2017 - July 28, 2017) one of APC's famous (and probably some of the only) week dedicated to the school of Computer science and IT happened. Recently we were discussing much about social engineering techniques that are being used. So, in my free time during that week I've been slowly trying to crack several SHS students by claiming to be one of the org members. With this method I was able to make said students to disclose some personal information about them. The effectiveness of my technique was deemed a success due to me being in a higher level than them (college) which made me look trustworthy, not to mention that I was camouflaged by the org's dynamic atmosphere.
Saturday, July 29, 2017
Friday, July 14, 2017
INFOSEC - Learning Log 3
Law's may be compared to a double edge sword:
-It protects you from threats or threatening actions.
-Yet, it can easily be turned against you.
The law concerning privacy is one that is complex, contains several complications and contradictions.
One may choose to draw out the law to protect their own privacy. However, another use their right for information distribution, especially concerning senate level confidentiality.
What I truly learned from such complex law's is that anonymity may be a right in order to protect ones identity but it can also be used as leeway to condemn the same person.
-It protects you from threats or threatening actions.
-Yet, it can easily be turned against you.
The law concerning privacy is one that is complex, contains several complications and contradictions.
One may choose to draw out the law to protect their own privacy. However, another use their right for information distribution, especially concerning senate level confidentiality.
What I truly learned from such complex law's is that anonymity may be a right in order to protect ones identity but it can also be used as leeway to condemn the same person.
Tuesday, July 4, 2017
INFOSEC - Learning Log 2
Social engineering - the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Several social engineering techniques could be done to ask or convince an employee of a company to answer in a way that compromises the company without the employee being aware of it. Manipulating a targeted individual is the same as striking a weak link in a chain. Preventing an SE attack proves to be somewhat difficult as the consistency of the security it provides will vary from person to person as well as the method of attack easy to execute to the point of being predictable. It's like having a chain with each link being worn-out differently, given enough time you'll find one link that breaks the chain entirely.
Several social engineering techniques could be done to ask or convince an employee of a company to answer in a way that compromises the company without the employee being aware of it. Manipulating a targeted individual is the same as striking a weak link in a chain. Preventing an SE attack proves to be somewhat difficult as the consistency of the security it provides will vary from person to person as well as the method of attack easy to execute to the point of being predictable. It's like having a chain with each link being worn-out differently, given enough time you'll find one link that breaks the chain entirely.
Subscribe to:
Posts (Atom)