View previous topic :: View next topic |
Author |
Message |
sequru Just Arrived
Joined: 31 Jul 2004 Posts: 0
|
Posted: Sun May 22, 2005 12:58 pm Post subject: Social engineering |
|
|
Hi,
Can we define key logging and phishing attacks as social engineering methods? I need to make a categorization of attacks in an article and I am thinking to put phishing and key logging under social engineering. Is this a right approach?
Thanks
|
|
Back to top |
|
|
zeedo SF Reviewer
Joined: 01 Sep 2004 Posts: 24 Location: Scotland
|
Posted: Sun May 22, 2005 7:31 pm Post subject: |
|
|
Phishing yes that's social engineering.
Key logging certainly is not social engineering. The simplest way to define social engineering is, do you need a human at the other end of the attack for the attack to occur. The method of getting the key logger on the machine may be accomplished by social engineering it also may be accomplished by physical breakin or remote exploitation, the act of logging the keys is not social engineering in itself. The classification of key logging would fall under surveillance possiblly, depends what classifications you are using and for what purpose.
|
|
Back to top |
|
|
nathan_house Just Arrived
Joined: 22 Jul 2005 Posts: 0 Location: London
|
Posted: Fri Jul 22, 2005 2:42 pm Post subject: SE is ..... |
|
|
Quote: |
Social Engineering: Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology. |
- Kevin Mitnick
He has spent the most time behind bars thinking of a definition for his actions than anyone i know!
Nathan House
|
|
Back to top |
|
|
AZOR Just Arrived
Joined: 25 Jun 2006 Posts: 0 Location: Czech Republic
|
Posted: Fri Jul 28, 2006 7:27 pm Post subject: Re: Social engineering |
|
|
I think same as prevouse poster.
Key logging is not social engieering. SE can be example way to install key logger to computer (unkow cd on your table, great name of keylogger installer, it looks as porn...)
But phishing is social engineering method, it is about psychology... but Sociel Hackers are usually want only one special target. Phishing is SE, but is not importnat who will phished, many are from all
|
|
Back to top |
|
|
scriptshadow Just Arrived
Joined: 28 Oct 2006 Posts: 0
|
Posted: Sat Oct 28, 2006 4:06 pm Post subject: Re: Social engineering |
|
|
I would have to agree, the actual act of logging key-strokes is not SE, but the method which is used to install the logger (be it hardware or software) could be SE if some sort of trickery was used to convince the user to install the software, or find a way into the building and access to the computer to install a physical logger.
I would also say that phishing attacks are not pure SE, as there need not be any actual contact with the user (i.e. fake websites).
|
|
Back to top |
|
|
|