About
RiskPundit

RiskPundit

Opinions about information security from a risk management perspective

The Robin Sage saga – social engineering at its finest

25. July 2010 · Comments Off on The Robin Sage saga – social engineering at its finest · Categories: blog · Tags: Robin Sage, Social Engineering

The Robin Sage story broke in early July and I am late in getting to it. I was going to skip it, but it’s such a good story, I wanted to note it. The Dark Reading version is quite detailed.

The key though is straightforward – people accepted invitations from someone they did not know. It’s that simple. This is a type of “inside-out,” social engineering attack vector which has become the primary method of cyber criminals. Why bother with the traditional “outside-in” attack on network device or endpoint software vulnerabilities when all you need to do is lure the victim to a malware-laden web page.

Running a Robin Sage type of “experiment” in your organization should be part of your security awareness training program.

Search:

Tweets by @riskpundit

Recent Posts

Evolution of Network Intrusion Detection
Cybersecurity Architecture in Transition to Address Incident Detection and Response
The evolution of SIEM
Jumping to conclusions about the Target breach
Prioritizing Vulnerability Remediation – CVSS vs. Threat Intelligence

Archives

Tags

Apple application security bank fraud botnets breach breaches C&C cloud security Command & Control compliance Damballa DNS Facebook FireEye Firesheep funds transfer fraud Gartner Google Heartland Payment Systems HIPAA identity theft information technology iPhone IT Security IT Security 2.0 Koobface malware Microsoft next-generation firewall Palo Alto Networks PCI DSS phishing Positive Control Model privacy risk Risk management SANS 20 Critical Controls security security management SIEM Social Engineering social networking Stuxnet Web 2.0 Zeus

Meta

Log in
Entries feed
Comments feed
WordPress.org

© 2024 RiskPundit. All rights reserved.

Design by picomol. Powered by WordPress.