http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=225400253 

By Kelly Jackson Higgins
DarkReading
Jun 04, 2010

In a twist to the popular "capture the flag" game played by hacking 
teams every year at Defcon, the hacker conference is hosting a contest 
that aims to test participants' social engineering skills -- without 
anyone getting hurt.

The Social Engineering CTF will provide contestants beforehand with the 
name and URL of their "target" company, and they then must gather any 
information they can online or via other passive data-gathering methods 
(no phone calls, email, or direct contact with the targeted firms). They 
score points for the reconnaissance information gathered as well as for 
the plan of attack, all of which must be submitted one week prior to 
Defcon in a dossier format.

Each contestant gets a 20-minute window to perform the attack live at 
Defcon -- in a phone call to the targeted firm -- plus five minutes to 
explain to attendees their technique and strategy. They score points 
based on the designated "flags" they capture and the information they 
gather from the target.

Hacking contests are all the rage at Defcon every year, and social 
engineering has been among the games in past years. This year's contest 
is different in that there are specific ground rules -- participants 
must legally socially engineer their way into the company, and they are 
not allowed to get credit card numbers, social security numbers, 
passwords, involve porn, or make the target feel "at risk." They can't 
use government agencies, law enforcement, or legal entities as a ruse to 
get inside, nor can they contact relatives or family of the targeted 
firm's employees.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/