AOH :: ISNQ6967.HTM

Social Engineering Report Shows Corporate America At Risk




Social Engineering Report Shows Corporate America At Risk
Social Engineering Report Shows Corporate America At Risk



http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=227400472 

By Kelly Jackson Higgins
DarkReading
Sept 15, 2010

Among the unsettling results in the final report, released today, from 
the Social Engineering Capture The Flag contest held in August at 
Defcon: Security companies were just as susceptible to social 
engineering as nontechnology firms, Internet Explorer 6 was still in use 
at 65 percent of the Fortune 500 companies targeted in the contest, and 
nearly 90 percent of the targets willingly opened a URL that the 
contestants gave them.

The contest, in which the art of social engineering was demonstrated on 
a rare public stage using real-world targets, was aimed at gauging the 
vulnerability of major corporations to social engineering. And the 17 
contestants, who had to compile a dossier of as much information as they 
could gather passively on their assigned target company beforehand (no 
phone calls, email, or direct contact), had little trouble scoring 
information in the 25 minutes they had to social-engineer someone on the 
other end of the telephone line during the contest. The event was open 
to Defcon attendees to watch as the contestants made their calls from a 
soundproof booth.

Google, BP, McAfee, Symantec, Shell, Microsoft, Oracle, Cisco, Apple, 
and Walmart were on the list of targeted companies. The contest 
organizers aren't saying which company's employees gave up what 
information, but they admit the contestants were able to get plenty out 
of their targets.

"With every company called, if we had been hired to do an audit, they 
would have failed," says Chris Hadnagy, founder of social-engineer.org, 
which organized the Social Engineering Capture The Flag contest.

[...]



_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods