Tuesday, March 24, 2015

So now we are all modern, and still, they trick us like it's nothing

Which is the most dangerous tool in computer security? Maybe some new exploit to attack the BIOS? Perhaps the nth vulnerability in Adobe? Well, no. After 20 years wreaking havoc, social engineering is still the number one threat to computer systems. And people are still the biggest failure. We're usually fooled by our ambition to win prizes, or our natural tendency to help others. This is, by far, the "bug" number one.

Kevin Mitnick, the king of social engineering, reminded it to us in CeBIT 2015. Mitnick forged his legend without practically touching computers, his "hacking" was developed through social engineering, deceiving others. During his talk at the world's largest computer fair, Mitnick showed some tricks that still work, like digging through the trash to find confidential business information, or a virus disguised to look like a legitimate program update.

Possibly, social engineering has played a role in the theft of data from the streaming" platform Twitch games, owned by Amazon. Yesterday, in a brief note on their blog, Twitch informed its users of the theft of their name in the service and associated email account, password, IP address and personal information, such as phone number, date of birth, names and postal addresses.

Another current example of using social engineering for nefarious purposes is Whatsapp scam: a website where we offer getting active calls through this famous messaging client. But first, we must invite 10 friends, who also receive the scam and then, answer a survey which asks all kinds of personal data. A variant of the scam offers to download an .exe file in order to activate the service, which will fill your computer from malicious code.

They have other problems in Australia , far more serious: this weekend there are elections and several researchers have found that the electronic voting system used since 2011, has many faults, including the famous FREAK, which would allow intercepting and manipulating votes. The Government ensures that those are failures that require very specific conditions to breed, and do not affect the entire system, created by the way for the Spanish company Scytl, only to a tool which is part of the software.

And that is, Sitting in front of a computer can give us many pleasures, but if we're talking about getting some peace of spirit, that's becoming more and more complicated.


Post a Comment