Privacy laws and social engineering

Tue Jul 6 22:00:26 PDT 2004

A friend of mine botched a suicide attempt and in order to get
any info I (we) pretended we were stepbrothers.  It occurred
to me a half hour later that we had the same first names.  So
it must have been confusing to our fictious stepmom :-)

But if you play up a story about dysfunctional separated families,
and adopting middle names as True Names, you can quickly
get the questioner to feel uncomfortable enough to accept your

Despite HIPAA.  Welcome to the world of social engineering,

So, which is better, Schneier's books or Mitnick's?   I suspect
the former, but am curious what the community opinion is?

Note that I am generally a guile-less person who does not
weave arbitrarily complex webs of lies.  In fact, brutally
honest at times.  But sometimes circumstances (like a brain
damaged virtual brother) demand it.  And I was bemused at my ability
to maintain it.  And multiple nurses/MDs to accept it.


While interviewing for a security job, I overheard the building-guards
shout passwords for the building as I waited in the lobby.  I thought
it a test at first, but realized later it was reality, in all its glory.

The passwords were regexps based on the company's name, of course.
I mentioned this to my future quasiboss, who dug it.  Which made
me feel better about him.

PS: Major kiratsu do not appreciate extreme programming
(or keeping the building open past 8PM).   Dinosaurs whose
eggs were eaten by warm furry little mutants did not do so well.
Though aligators eat a few kids a year in FLA, and an ostrich
can kick your ass, I ask you: who rules, mammals or reptiles and

Still, its a job, and a job these days is a pearl, even if the tech
is succeptible to reverse engineering, which you try to point out
but are told its ok to be lame.  Maybe they'll hire me after the
and we can do some PK/cert work for real.  Or maybe they'll
move strong passphrases around with PGP email.  One can hope,
if only to keep one's upper lip stiff, one's faith in mankind
nominally intact.  Hard sometimes.

PS: what is Michael Jackson's medical report worth in the
free market?

