User Security Issues and Social Engineering
Contrary to popular belief most computer break-ins by external hackers don't happen because of great knowledge of operating system internals and network protocols. They happen because a hacker went digging through a company's garbage and found a piece of paper with a password written on it, or perhaps because they talked to a low-level bureaucrat on the phone, convinced this person they were from the local data processing department and that they needed him or her to change their password to "DEBUG."
This is
sort of attack is called social engineering. Java applets
introduce a new path for social engineering. For instance
imagine an applet that pops up a dialog box that says, "You have
lost your connection to the network. Please enter your username
and password to reconnect." How many people would blindly enter
their username and password without thinking? Now what if the
box didn't really come from a lost network connection but from a
hacker's applet? And instead of reconnecting to the network (a
connection that was never lost in the first place) the username
and password was sent over the Internet to the cracker? See the
problem?
Previous | Next | Top
Last Modified June 15, 1998
Copyright 1997, 1998 Elliotte Rusty Harold
elharo@metalab.unc.edu