Tuesday, February 25, 2014

Interview: Naoki Hiroshima, or How One Social Engineer Used the Phone as a Weapon

It didn’t take long for Naoki Hiroshima’s story to take Twitter by storm when he posted his article on Medium on January 29. After all, no one likes it when a social engineer wins—especially when his target is smart, tech-savvy, and prepared.

Here’s the story in a bright, colorful nutshell:

phone fraud, pretexting, social engineering

Share this Image On Your Site

So, Naoki lost his Twitter handle and the thief got away. Grrr.

That’s what makes this story such a model for the danger of social engineering. In fact, the details of Naoki’s story were so frustrating that we sat down with him last week for a little more detail.

Tuesday, February 11, 2014

Oh the Humanity: The Problem with Security Policy

Everybody talks about people using easy passwords. For example, using the same password forever and adding a 2. ‘Password.’ ‘12345.’ We all joke about it (even though it’s no laughing matter).

In the past decade, we’ve had the unique opportunity to see long lists of actual passwords through penetration tests for large companies. Now, initially, I didn’t know this was unique. I mean, everyone talks about what passwords people use, but honestly, nobody really knows. They are private, after all, and sometimes encrypted. Even though we all think we already know, it’s still eye opening to see what real people use for their passwords. And, as in the case of one particular job, those passwords are not always what you expect.