Privacy laws and social engineering
A friend of mine botched a suicide attempt and in order to get any info I (we) pretended we were stepbrothers. It occurred to me a half hour later that we had the same first names. So it must have been confusing to our fictious stepmom :-) But if you play up a story about dysfunctional separated families, and adopting middle names as True Names, you can quickly get the questioner to feel uncomfortable enough to accept your ploy. Despite HIPAA. Welcome to the world of social engineering, Major. So, which is better, Schneier's books or Mitnick's? I suspect the former, but am curious what the community opinion is? Note that I am generally a guile-less person who does not weave arbitrarily complex webs of lies. In fact, brutally honest at times. But sometimes circumstances (like a brain damaged virtual brother) demand it. And I was bemused at my ability to maintain it. And multiple nurses/MDs to accept it. ------- While interviewing for a security job, I overheard the building-guards shout passwords for the building as I waited in the lobby. I thought it a test at first, but realized later it was reality, in all its glory. The passwords were regexps based on the company's name, of course. I mentioned this to my future quasiboss, who dug it. Which made me feel better about him. PS: Major kiratsu do not appreciate extreme programming (or keeping the building open past 8PM). Dinosaurs whose eggs were eaten by warm furry little mutants did not do so well. Though aligators eat a few kids a year in FLA, and an ostrich can kick your ass, I ask you: who rules, mammals or reptiles and birds? Still, its a job, and a job these days is a pearl, even if the tech is succeptible to reverse engineering, which you try to point out but are told its ok to be lame. Maybe they'll hire me after the contract and we can do some PK/cert work for real. Or maybe they'll move strong passphrases around with PGP email. One can hope, if only to keep one's upper lip stiff, one's faith in mankind nominally intact. Hard sometimes. PS: what is Michael Jackson's medical report worth in the free market?
On Tue, 6 Jul 2004, Major Variola (ret) wrote:
So, which is better, Schneier's books or Mitnick's? I suspect the former, but am curious what the community opinion is?
You may like one side of the coin more than the other one, but they still belong to the same flat, dirty, formerly shiny and now dull and mildly corroded disc of an alloy of not so noble metals. Sometimes you get access by telnet. Sometimes by a voice call. Hack the mainframe. Hack the secretary. What's better? (Okay, I agree, you can't sleep with the mainframe.) There are many ways to the hilltop. Some travelers argue what one is better. Others quarrel if the hilltop is more important than the pathway or the other way. Some don't care and march forward. I feel zen today.
On Wed, 7 Jul 2004, Thomas Shaddack wrote:
Sometimes you get access by telnet. Sometimes by a voice call. Hack the mainframe. Hack the secretary. What's better? (Okay, I agree, you can't sleep with the mainframe.)
I feel zen today.
Me too: http://www.openbsd.org/lyrics.html#31 ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3 BSD fight buffer reign Flowing blood in circuit vein Quagmire, Hellfire, RAMhead Count Puffy rip attacker out Crackin' ze bathroom, Crackin' ze vault Tale of the script, HEY! Secure by default Can't fight the Systemagic Uber tragic Can't fight the Systemagic Sexty second, black cat struck Breeding worm of crypto-suck Hot rod box unt hunting wake Vampire omellete, kitten cake Crackin' ze boardroom, Crackin' ze vault Rippin' ze bat, HEY! Secure by default Chorus Cybersluts vit undead guts Transyl-viral coffin muck Penguin lurking under bed Puffy hoompa on your head Crackin' ze bedroom, Crackin' ze vault Crackin' ze whip, HEY! Secure by default Crackin' ze bedroom, Crackin' ze vault Crackin' ze whip, HEY! Secure by default Chorus
participants (3)
-
Major Variola (ret) -
Sunder -
Thomas Shaddack