I l @ ve RuBoard |
Social Engineering is the process of getting someone to divulge information through the process of using a false pretense. Most social engineering is done by people who will use a variety of tactics to get the target to divulge information. Some of these tactics include playing on the victim's sympathies, using intimidation , expressing that it is an urgent situation, and using the 5-til-5 syndrome, which is contacting the victim just before it is time to go home in hopes that he will hurry through with the request, skipping security checks, etc., so that he can get it done and get home soon. There are also programs which use social engineering tactics to get information or to gain privileges. SpoofsA spoof is a program that impersonates another program in order to gather information. A spoof is generally used to gain information by fooling a user or another computer into volunteering information. A spoof that simulates the login sequence can be planted by logging onto a terminal and running the program with the exec command. It will then appear to be a login session. After the victim enters his user ID and password, the program will tell him that the login is incorrect and will exit leaving the real login to reprompt. A careful eye will notice that most login spoofs do not prompt three times for login and password before the banner is reissued. To limit this type of spoof, users should get in the habit of hitting the break key before logging on. Simple spoofs will not reissue a login after a break is sent. It may also be advisable to hit the return key a few times before logging on to be sure that the login process is acting properly. There have been numerous login spoofs written and published in hacker publications . They vary from simple shell scripts to very involved programs that utilize the original source code. Trojan HorseA Trojan horse is a program that appears to be a useful program, and often is, but it actually has an alternate purpose. It works by getting someone to run the program unknowingly.
Some Trojan horses get victims to run them by having the same name as a known program or being advertised as a program that would be difficult to live without. Trojan horses are often touted to be useful utilities or games . |
I l @ ve RuBoard |