Talk:Social engineering (security)
From Wikipedia, the free encyclopedia
Contents |
[edit] limits
All this talk on changing the category, and nobody's done it yet? I'll gladly volunteer. 65.9.221.117 19:48, 24 September 2005 (UTC)
Isn't social engineering more than just getting them to reveal sensitive information? Isn't getting them to do something other than that also social engineering? Example: I call up blockbuster, pretend to be another store, ask them to remove my balance, and they do that. That's social engineering ne?
Yes! Absolutely! Obtaining sensitive information is but one goal, albeit typically the end game of social engineers who are being paid to do their thing. Social engineers, in general, will use deception, guile and bravado (a.k.a. "cojones") to get their marks to reveal sensitive information directly OR unwittingly provide access to such information, for example by loading a Trojan. If the 'sentive information' includes, say, the ROOT password, well, you can see where I'm heading. "All your base is ours". [NoticeBored]
My concept of social engineering goes beyond just computer security, but security in general. The computer is merely the means to access some information, or the means to perform some action. Replace the computer with an entry porter, or the secretary to a company, or someone's PA and social engineering would apply just the same. As the first comment in this section, I therefore believe this article is too limited. What do others think? -Wikibob | Talk 04:16, 2005 Jun 18 (UTC)
Yes again! Sales reps, as a breed, are consummate social engineers. So too are three-year-olds (trust me, I'm a parent). Aside from dealing with family friends, a good proportion of human communications could be classified as social engineering in the widest sense. Politics and sales especially. [NoticeBored]
As mentioned above Social Engineering does not just apply to computer Security. And let’s not mix social engineering with manipulation. Three year olds are not social engineers they manipulate. There is a dim line between manipulation and Social engineering but, it is there. Social engineering on the other hand is a means to something else, it is a "planned" process with a "specific" goal to circumvent protocols, i.e. to gather intel for later use in stealing data (Computer Security), or pretending you are another Blockbuster store to clear out a balance is using social engineering to commit fraud. Social engineering should stay within the category Security. Protocols are your processes for protecting what is yours. I.e That the engineer not discuss cost of a project with a sales rep. or employees never give out their passwords.
[edit] Cryptographic attacks
Is the category:Cryptographic attacks really suitable for this? --Easyas12c 09:43, 25 Jun 2005 (UTC)
- I don't think so. I made the translation to the spanish version and labeled it Categoría:Seguridad informática. I think it should be changed to "Computer security" instead, although it's applicable to every security facility, just as said above. --Endo/spanish Wikipedia
- Endo 22:58, 18 August 2005 (UTC)
[edit] Scope?
Social engineering is also used for non-computing, its limitless in its boundries. Many a stalker or sociopath has used social engineering to get into the life of their victims to create a similar lifestyle from which to "be" the victim. —The preceding unsigned comment was added by 142.166.146.178 (talk • contribs) 22:28, 15 May 2006 (UTC).
- Yes, social engineering is definitely more than a computer security issue. (I've done it offline on several occasions — we all have at one time or another.) Perhaps this should be moved to Social engineering (psychology) or some-such. æle ✆ 2006-05-24t23:51z
[edit] "Social engineering"
Isn't Kevin Mitnick the person that coined the phrase social engineering'? --Abdull 19:29, 16 Jun 2005 (UTC)
NO -- he popularized the term but it's been around longer than he has. It's also known as pretexting. 24.126.126.105 04:43, 18 September 2006 (UTC)
[edit] Close Ties to Con Artistry
Social Engineering does have close ties with conning people out of, say, money. Rather, it's for information. Getting something for nothing or very little is a big part of social engineering similar with cons.
Also, here is another thing to concider... A person who has interests in something, can obtain parts of that information from one induvidual, and another, and another, then put the peices into perspective, while confirming with others, the big picture can be formed, when the single induviduals might find it trivial amounts of data.
Just my two cents. (Unsigned)
You're certainly right, however the term "Social Engineering" at least in the last 10 years or so, has more been linked with computer fraud, hacking and various technioques used for information gathering. What you DO with the information (theft, fraud, whatever) does not matter or really even apply to the term - it's just the collection of techniques used to get the information. 24.126.126.105 04:20, 27 September 2006 (UTC)
[edit] Add Pretexting by Police
I am the person who has twice tried to add a paragraph on pretexting by the police. It read:
"Some pretexting comes from where you would least expect it - the officials who are supposed to protect you! In California, many police departments send out computer-generated red light camera "tickets" that have not been filed with the Superior Court and thus have no legal weight. The intent is to bluff the registered owner into contacting a website, or writing back, and revealing the name, address and driver's license number of the person who was driving the car. Fake ticket"
The first person who removed it explained his action with this note: "remove opinion and rant without references."
His short note seems to make three assertions. That the article is not factual ("opinion"), that it is a rant, and that it is without refererences. To him:
1. It is factual, albeit something that you didn't know about before. (But learning new things is the purpose of reading an encyclopedia, isn't it?)
2. A "Rant" is "loud, wild, extravagant speech." My paragraph doesn't begin to qualify.
3. The link given at the end of my paragraph refers to a large website with a full discussion of the fake tickets, including images of examples from four cities. —The preceding unsigned comment was added by 71.116.129.206 (talk • contribs) .
- So, now that you've talked on the talk page, and defended yourself. I'm going to add my rebuttals:
- 1. Highwayrobbery.net isn't notable. Google("link:highwayrobbery.net") returns 25 results, 10 of which are either wikipedia (or derived from it), or are from the site itself. This leaves 15 links. I'd prolly put that at a non-notable level.
- 2. Now that I've read the content of the page, it's interesting and helpful information, but it is Original Research, which is frowned upon in wikipedia.
- As a sumary, I don't think that there is a problem with the content, but I think that we should find a better source than the one provided. McKay 13:11, 28 September 2006 (UTC)
- Also, see Talk:Phishing for more information.
If anyone else here would like to participate in a discussion of the suitability of the entry, please join in, in the discussion section of "Phishing," under the heading "Phishing by the Police."--Einsteininmyownmind 17:29, 29 September 2006 (UTC)
While I'm certain your claim is legitimate, that's not the problem with your entry here. Your entry is specific to abuse of power by the police and more appropriate to something dealing with that (e.g. Police abuse of authority or something) It's kind of like discussing how you painted your house under the paint topic: yeah they're related, but someone interested in paint and what it is is not likely interested in your specific experience. Check out: Police#Ethical_issues_related_to_police to see what I mean. There is a whole area devoted to that topic and your reference to phishing and pretexting would make a lot of sense there and probably open up the minds and eyes of a lot of people who would never look up this stuff normally.24.126.126.105 20:15, 7 October 2006 (UTC)
