Social engineering still works
Occasionally Slashdot still carries an interesting story, reminding us why we (just barely) put up with their random endorsements of junk science (over and over again). In this case, it’s this reminder that people are still a very important weak link in any kind of security set-up.
Recently, as an experiment, I wrote from my Hotmail account to ten different hosting companies that were each hosting some of my Web sites, asking for logins to change the domain settings. Even though I never provided any proof that the messages from the Hotmail account were really coming from me (the address they all had on file for me was a different one), half of them replied back and gave me the logins that I needed.
It’s not exactly news, but it’s a thing we need to be reminded of from time to time, and this type of reminder is at least a great deal less harmful than first-hand experience.
(Along similar lines, this story also vaguely amused me.)
Post a Comment
RSS feed for comments on this post · TrackBack URL