Tag Archives: Social Engineering

Nude Celebrity Scandal, Cloud Service Security and You!

September 04, 2014

Following the slew of private celebrity photos leaked earlier this week, both end-users and organisations are understandably concerned. Invariably, user confidence in the security of online services, and the confidentiality of any data stored, has been shaken by such leaks.

This is especially worrying for organisations, as more and more enterprise services move onto remotely hosted cloud platforms, which are now home to the corporate crown jewels (emails, commercially sensitive information, intellectual property etc).

The same security issues that appear to have caused the recent iCloud breaches typically affect these cloud platforms. From a security perspective, using a cloud system is effectively outsourcing and therefore should be treated as diligently as any other outsourcing arrangement.

According to Apple , the recent celebrity photo compromise occurred due to a “very targeted attack on user names, passwords and security questions” – in other words, social engineering password resets. Continue reading

You’re only as strong as your weakest link

July 02, 2012

By Jacqui Henderson

If Australian comedians Hamish and Andy are able obtain enough sensitive information to potentially steal the London 2012 Olympic flame, then there’d better be big red lights flashing somewhere.

Having never been trained in social engineering, rather merely a comedian who is capable of putting on a disguise in attempt to get a laugh, Hamish with his bogus British accent, managed to get the “inside scoop” on security, from just one 5 minute phone call to the London 2012 help desk.

Through his impersonation of an elderly ex-Olympian concerned about his personal safety, Hamish was able to build rapport and trust with the lady on the end of the line. He used his charisma to informally feed her probing questions in regards to what security will be surrounding the Olympic flame and she proved eager to assist. Her willingness to answer all of Hamish’s questions, no matter how outrageous, left the duo with nearly enough information to ‘launch a strike’ and potentially steal the Olympic flame. Continue reading