silpol » from archive
Fake femme fatale dupes IT guys at US government agency -
Lakhani, a counter-intelligence and cyber defense specialist, presented the results on Wednesday at the RSA Europe security conference in Amsterdam. The lynchpin was spoof new hire at the agency: attractive, smart, female graduate of MIT named Emily Williams whom World Wide Technology invented for the test. The pen-test team rigged Emily Williams's profiles with Christmas card that enabled team to use privilege escalation exploits and gain administrative rights. Lakhani pointed out lessons from experiment: * Attractive women can open locked doors in male-dominated IT industry. * People trust and want to help others. Lakhani said that social engineering awareness training can help, but annual basis doesn't cut it - it needs to be constant, so employees develop instincts. Read complete article ‎· silpol