Starting with just an e-mail address, a pen tester manages to get the goods on a high-net-worth executive in less than a day
By Joan Goodchild, Senior Editor
42
0
0
19
1
November 18, 2010 — CSO —
Chris Roberts, founder of One World Labs, too often meets people who assume they have nothing worth stealing. His Colorado-based consultancy assists businesses with security assessments, including what Roberts calls "the human side of pen testing." In other words, he helps organizations find out which employees pose a security risk because they're likely to fall prey to social engineering traps and other cons.
"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal."
As part of his penetration testing services, Roberts is sometimes called on to penetrate the identity of an individual to find out just how easy it is to get sensitive information. He explains how quickly it can be done by detailing a recent assignment.
Chris Roberts: We conducted a test on a high-net-worth individual. We were engaged to see what their profile was like online and what we could find out about them. We were asked to do it by the physical security guards looking after that person.
Read the rest. Well written and points out some very interesting tactics.
Stay Safe
Oram Security
No comments:
Post a Comment