The Null Device
Posts matching tags 'social engineering'
A nursing home in Düsseldolf has come up with a novel way of dealing with stray Alzheimer's patients; they set up a fake bus stop outside the home:
“It sounds funny,” said Old Lions Chairman Franz-Josef Goebel, “but it helps. Our members are 84 years-old on average. Their short-term memory hardly works at all, but the long-term memory is still active. They know the green and yellow bus sign and remember that waiting there means they will go home.” The result is that errant patients now wait for their trip home at the bus stop, before quickly forgetting why they were there in the first place.
(via Boing Boing) ¶ 1
Facebook is in the news again, with (so far) the first known instance of a Facebook application being used to install adware on users' PCs. If your friends invite you to install the "Secret Crush" application, you accept, and you are using Windows, then the application will install the Zango adware program on your PC, not to mention arm-twist you into spamming your friends with requests to add it.
If Secret Crush actually needs you to click buttons to invite your friends to add it, the criminal scumbags who designed it have missed a trick; some other applications, such as RockYou's Super Wall and related applications, are able to send messages to randomly selected individuals from a user's friend list, purporting to be that user and asking to be installed to see a message from them, without the user's intervention. (I once found in my notifications the notice that I had messaged three randomly-chosen people, whose relationships to me have nothing in common, inviting them to install Super Wall. Soon after that, Super Wall was no longer installed on my page.)
After Stephen Fry commented that British actors have an unfair advantage in America because Americans mistake British accents for brilliance, the BBC has published a piece on what a British accent gets you in the US. (And, apparently, a "British accent" includes anything from Hugh Grant plumminess to deepest darkest Geordie.)
"For most Americans, there's no distinction between British accents. For us, there's just one sort of British accent, and it's better than any American accent - more educated, more genteel," says Rosina Lippi-Green, a US academic and author of English with an Accent: Language, Ideology and Discrimination in the United States.
"There was a sitcom called Dead Like Me with a Brit [Callum Blue] in it. He was a scruffy, 20-something drug dealer. Even he had that sort of patina - his was not an RP accent, it was a working class London accent."
Katharine Jones, author of Accent of Privilege: English Identities and Anglophilia in the US, says the "educated and cultured" associations have a long history. "British etiquette books have been used for years; and although Americans say they have no class system, they do - and the American upper class apes the British upper class."Another point the article makes: British expatriates in Australia (where their accent is associated with complaining and being bad at cricket, and/or where refinement and intelligence have traditionally been associated with weakness and/or metaphorical or literal homosexuality rather than any positive attributes) tend to lose their accents pretty quickly, whereas those in the US (where their accents make them appear intelligent and sophisticated, and often get them preferential treatment) retain theirs. Funny, that.
How to win a basketball game: go online before the game, pretending to be an attractive young woman, chat up one of the opposing team's players and agree to meet him after the game to "party"; then, at the game, get your team's supporters to chant her name and flash her (purported) phone number:
On Saturday, at the game, when Pruitt was introduced in the starting lineup, the chants began: "Victoria, Victoria." One of the fans held up a sign with her phone number. The look on Pruitt's face when he turned to the bench after the first Victoria chant was priceless. The expression was unlike anything ever seen in collegiate or pro sports. Never did a chant by the opposing crowd have such an impact on a visiting player. Pruitt was in total shock.
The chant "Victoria" lasted all night. To add to his embarrassment, transcripts of their IM conversations were handed out to the bench before the game: "You look like you have a very fit body." "Now I want to c u so bad."Via Bruce Schneier, who called this the cleverest social engineering attack he has read about in a long time. And coming from someone who comments on the various ATM skimming/phishing scams as they comes out, that means something.
The latest in the annals of user cluelessness: more than 70% of people surveyed would reveal their computer password for a bar of chocolate. Or perhaps give a stranger a bogus, non-working password for a very real bar of chocolate (after all, it's not like they'd check it first).
Criminals are turning to blackmailing office employees; the criminals send mail to the employees, threatening to wipe their hard disks or install porn on their PCs unless the victims pay them a small sum. Unlike traditional e-extortion schemes, the perpetrators usually don't have to demonstrate their control of the victims' machines; among the millions of people spammed, they find one or two clueless people who accept their claims and pay the small sum demanded; which, of course, marks them out as a "sucker", and results in them being blackmailed for larger amounts.
"It's getting simpler," said Hypponen. "If you wanted to extort money from a small company you would have had to hack them and convince them you have stolen their information. Here, you don't have to do anything but send an e-mail around."
Laptop thieves have started using a new tactic: disguising themselves as employees, hanging around workplaces, often pretending to work there, and walking off with equipment. (via Rocknerd)
(When I worked at Melbourne University, in Carlton, we would often get emailed alerts of junkies from the nearby streets wandering the corridors, trying doors, and, when questioned, pretending to be students looking for a specific staff member.)
And, surprisingly enough, the last one received a comment from an "avowed Slashdot troll", outlining how, against a serious troll with access to cookie-poisoning plugins, anonymous web proxies and thousands of trolling accounts (all automated, natch), such a scheme wouldn't work, and giving an outline of a determined troll's formidable arsenal of tools.
The moral of this story is: never underestimate the ingenuity of guys without girlfriends.
Social engineering: A sneaky way to find out a friend's secrets with the use of a fake web survey. Though in this case, "secrets" is limited to sexual history and fantasies, so this is probably more of interest to excitable adolescents or fans of teen gross-out comedies. (via bOING bOING)
Interesting article on salon.com, listing some choice entries in a practical memetic engineering contest:
How does the author of a computer virus get the unsuspecting victim to open the attachment? We invited readers to create irresistible virus wrappers. Here, we've collected some of the more devious and effective submissions.
"Dear Lucky Winner,
You've been selected to participate in our first-ever E-mail Sweepstakes! Double-click on the enclosed electronic registration form -- everyone wins at least $500!"