h a l f b a k e r yThese statements have not been evaluated by the Food and Drug Administration.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
This is a near-rant about social engineers.
Companies that secure data, maintain confidential and protected information that is vital to various interests, and carry substantial liability for risks of data breach generally require employees to be confidential and to follow ethical guidelines in
the course of business. That assumes a desire of hackers or social engineers (SE) to acquire and subvert the property or data of companies through a breach of confidential communication. I realize that efforts to "put the fear of god" into employees to maintain security, exhausting hours of team time in meetings pouring over vignettes of SE, mitigating team members who fail to remain confidential, and even posted signs and warnings about the valuable secrets we keep will not stop SE.
What will?
[link]
|
|
I do not understand what you're trying to say. |
|
|
I have no idea. [reensure] you need to bulldoze this rant
into something more focussed. I mean focussed. |
|
|
Are the social engineers in the room with you right now? |
|
|
I know quite a chatty mechanic, if that helps. |
|
|
Is this an April fools prank? |
|
|
No, quite real. Call me "stuck on stupid"; but there has to be some way to educate the masses that does not rely on, say, a website. Some way to deny those who would probe organizations' security, either ignorantly or in a SE role. |
|
|
I became weary just reading the first sentence. National snooze fest more like. Is there some joke about the British census in this someplace? |
|
|
Thank you for the edit. Much clearer, now. |
|
|
Well, one thing that will help will be a gradual diminution
in people's expectation of privacy -- redefining the
problem out of existence, as it were. That will take
generations, but we've already made a start. |
|
|
But some personal information -- passwords, credid card
numbers, that sort of thing -- will remain problematic.
What'll solve that is new forms of identification less easily
separated from the person being identified. Biometrics,
maybe. (At least until we all discorporealize by uploading
ourselves to the Cloud.) |
|
|
Trying to solve the problem by
hardening employees against "Social Engineers," (or con
artists as they used to be called) is asking a lot. That
amounts to finding
a way to ensure that the mark is always smarter than the
grifter, which is, prima facie not gonna happen. |
|
|
There, did that make you feel better? Didn't think so. |
|
|
[bigsleep] But such systems rely on senior management
being less gullible than call center employees. Can this, in
practice, be relied upon? (I suppose the mere fact of their
being less numerous affords some protection.) |
|
|
Private data can only be kept private through trust and honesty. Private data has market value in today's society; trust and honesty do not. |
|
|
Ah! The editing makes this idea very nearly
understandable by me. So, the idea is find a way to stop
Social Engineers trying to hack into databases to obtain
private data, thereby perhaps relieving some of the
burden of securing this information? |
|
|
Well, that does sound like a rant rather than an idea. But
I'm still not sure I get your point. |
|
|
Social Engineering (as far as I understand it, which isn't
very far) is normally associated with governments or other
bodies who have a large interest in the structure of
society. Presumably, they can just legislate to obtain
whatever information they think they need, can't they?
I'm sure that my salary and address are both available to
the government. |
|
|
I thought the main threat from hackers, to the individual,
was having one's bank account cleaned out or discovering
that someone has bought a yacht using one's Amex card. I
can imagine saying "shit! my account's been hacked and
I've lost all my money!", but not "shit! my account's been
hacked and I've been socially engineered!". |
|
|
Or maybe I've missed the point. A [-] from me because
either the invention isn't clear even after editing, or else
it's as I read it. |
|
|
You bring a good point, lurch. High level collaboration with keys, biometrics, and restrictions imposed by various layers of security keep data secure; but, call centers can't access secret data (in a secure environment). Gaining access to highly secure data really propels SE from the level of gaming to a more tangible criminal level such as hacking, fraud, or extortion. How can an company foster openness, convenience, and efficiency both when facing its patrons and within its organization structure, if held to non-disclosure agreements? Is there some way to reconcile trust and honesty as imperatives against policies "written in absence" to comply with confidentiality agreements? |
|
|
Simple minds want to know. |
|
|
//pouring over vignettes// sp. vinaigrettes. |
|
|
I'm assuming this refers to confidence tricksters, rather than the political science use of the term "social engineer". |
|
|
That much of a difference ? Arguably social-engineering has done a bit to decrease this generation's propensity towards smoking, though my natural cynicism says there's a proportionate increase in the insufferability of the general population. |
|
|
Latest one I saw was a paint job to keep people from stockpiling potassium iodide pills. |
|
|
I am also cynical about the motives and effects of such measures. Current anti-smoking propaganda in my country has so much misinformation that my first reaction was to want to take up smoking, just to spite them. Also, the "war on drugs" - just don't get me started! However, the distinction is important in the context of this Idea. |
|
|
I agree with MaxB, maybe youre on to something,
but none of us can see what it is yet. |
|
| |