Social Engineering
 

Social Engineering does it work?
Have you ever tried it (not in a real malicious way, more as a prank)?

well I heard someone mention this some time ago, so out of bordem I google it today (just read the definition to tired to read wiki), i then tried, on a friend, it sort of work but not to the extent of what information i gathered was a threat top them in anyway. My point is, i can't see or believe how people would casually give out critical information out such as system password or something to that extent, or did i misunderstood it or just did it wrong

This is a very interesting topic. You should read The Art of Deception by Kevin Mitinick it really shows you how all of this works. Naive people really can be a security threat for companies. You would be surprised what kind of information can be gained by social engineering. However many people just use it to get free food and stuff like that.

works quite well actually... all you need is credibility really. It would never work at my employer though, because we are all computer nerds.

For the 99% of the population that isn't particularly conscious about their security habits, using their dog's name as a password seems like a reasonable idea. After all, you'd have to know them and their dog to even guess the password. Social engineering comes into play at that point.

You'll never get my password from me. You'll have to read the yellow sticky note on my monitor.

Forcing users to use 15+ character passwords (must include uppercase, lowercase, digits, and symbols) if they have special privileges on their account is ludacris... but also a rule in my local cubeville. The janitors could easily get login information right off the top of someone's desk... but some wizard in DC decided to also have a key card with certificates on it to provide an additional pain in the ass... ehh hemm... security measure.

Yeah, i can see how it works.

reminds me of a tshirt i have seen for sale, which says:
social engineering: because there is no patch for human stupidity

There is a great movie called Takedown, its partly based on kevin mitnick, also, have a look at revision3 (online site for video / pod casting) and a series known as "the broken" where they actually have an interview with him, where he explains identity theft

It's pretty funny actually if you guess someones password. When some of my friends crashed at another friends house one night, they ended up playing Diablo 2. There was the default name on the screen, so they guessed the dogs name, and it worked. They gave away all of his items to some random person. It's hilarious because I know there was some decent stuff in there :P I know people who spent there lives playing that game.

But yeah, 'social engineering' does happen. I can't relate to it over give any examples though. I only know the essence of a strong password.

I've read that book and really enjoyed it. Its amazing how stupid people can be.

In order to generate a password I create it using letters that can't be discovered with a Dictionary Attack. Basically, I just use random characters. I have about 5 passwords that are over 10 characters long using this technique for everything I need a password for.

Good luck trying to break into my server.