Tuesday, November 9, 2010

Social Engineering

There are all sorts of engineering disciplines in the world ranging from Computer engineering, Software engineering, just to name a few. The one that really struck me is Social Engineering. At first I thought it was something to do with arrrrrrrrrrrr..........well, can't really tell! It was coined by hacker-turned-consultant Kevin Mitnick. 

Social Engineering involves falsely manipulating people's confidential information, without necessarily using force like hacking and cracking. I describe the act as swift. All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. The biases are normally known as "bugs in human hardware". These bugs are manipulated to create attack techniques. Some of the attack techniques used in social engineering are:

  • Phishing 
  • Pretexting
  • Quid pro quo
  • Diversion theft

Pretexting
Pretexting is the act of creating and using an invented scenario - pretext, to engage a targeted victim in a manner that increases the chance the victim willl divulge information or perform actions that would be unlikely in ordinary circumstances. It is more than a simple lie, as it most often involves some prior research or setup and the use of priori information for impersonation e.g., date of birth.
This technique can be used to trick a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc. Pretexting has been an observed law enforcement technique, under the auspices of which, a law officer may leverage the threat of an alleged infraction to detain a suspect for questioning and conduct close inspection of a vehicle or premises.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet.

Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

Diversion text
Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the East End of London. In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, "round the corner".

Quid pro quo
Quid pro quo means something for something:
  • An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware.

Thursday, November 4, 2010

Hackathons

Hackathon is a term that's very popular with programmers. In the Linux community, it's known as a codefest. Lemmi just stop beating around the bush and tell you its definition. Hackathon means a 'come-together' of programmers with only one thing roaming in their minds.Computer programming. The event mostly runs for several days and nights. A programmer is not restricted on what to create. instead, one has  freedom on what to create, marathon,hence the name hackathon (marathon & hack.)

Usually, during this time,programmers spend most nights awake, taking coffee, beer and coding. In simple terms, that's how i'd describe it. these events are normally fun although i've never been into one but am thinking of coming up with one soon!!!! I'd like to take part in one instead of spending time with girls. I HATE RELATIONSHIPS!!YACK...

Case Studies:

    Facebook 

    Facebook is the largest social networiking site with more than a staggering 500 million users! it holds hackathons every 6-8 weeks. All its programmers and software engineers come together to build awesome apps site chatting services, notifiactions AJAX wall posting , just to name a few. Anybody at facebook can call for a hackathon event except their CEO,Mark Zuckerberg. Hackathons for real programmers!!

    OpenBSD

    It's been 11 years now, since OpenBSD started holding hackathons yearly. During this special moment, OpenBSD faces a rapid development. Their first hackathon was held in Calgary, Alberta, Canada and was attended by ten developers.It  focused on cryptographic development; part of the reason for holding it in Canada was to avoid legal problems caused by United States regulations on the export of cryptographic software.