Jump to content

The Giant Security Hole That Facebook Doesn’t Care About

Jopa

By Jopa
in Report News

 Share

Recommended Posts

Jefke Newbie

Jefke

Posted
Posted (edited)

Phishing is not social engineering.

 

With social engineering you manipulate people so they will be performing actions of divulging confidential information to you.

 

Phishing is more like a troyan horse (but it is not). It is used so you will penetrate yourself in the system to obtain the information you wish. This technique was used for all the recent known major hacking attacks ( New York Times, Twitter, etc.)

 

Gengis

 

phishing is a social engineering technique

 

Phishing != trojan horse

 

True, malware can be installed using a phishing technique (sending the mail to the victim target for example, containing the malware or link to it)

But the phishing attack itself (the mail) is pure social engineering. You target the weakest chain in the link: the human

 

ps. WIkipedia proves me right :

 

Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

 

source: well wikipedia :P

 

It's perfectly possible to use phishing without malware, hell I did that with minor succes with runescape accounts back in the day...

 

Just send mail seeming to come for legit source pointing to your site looking exactly like the legit site (you can just copy the source code for the most part). The login form just saves the info instead of logging the victim in. Or ever more basic, just asking the people to response to your mail with the information you need.

 

=> nothing even close to trojan horse, but still phishing B)

 

 

Well, at least this is how I learned it about 5 times in different classes :P

Feel free to educate me more, considering according to your profile it's your job (always been interested in the subject :P)

 

EDIT: Ow and include sources other than wikipedia (I know I did it myself), because I can't find anything on the internet proving me wrong...

Edited by DrJoske
Link to comment
Share on other sites
Gengis Experienced

Gengis

Posted
Posted

Seen that way ... everything will be social engineering cuz the human will always be the weakest link in computer security.

 

That is why i tend to those differences.

 

Regards

 

Gengis

Link to comment
Share on other sites
Gengis Experienced

Gengis

Posted
Posted

I jus read it on the huffington post.

 

http://www.huffingtonpost.com/2013/03/03/evernote-hacked-50-million-passwords-reset_n_2801108.html?utm_hp_ref=technology

 

How did it happened....interesting.

 

More to come in the news i hope.

 

Gengis

Link to comment
Share on other sites
Pickle_Pete Newbie

Pickle_Pete

Posted
Posted

Okay.. this is an.. interesting conversation. Social Engineering is using any communication means to gain access or information illicitly. It's engineering the responses or scenarios you want, socially. Phishing is what it sounds like, fishing. It's throwing out a line and waiting for a bite. Like say someone created a fake F|A website that looked exactly the same, but when you logged in using your real information, instead of being checked by the SQL server, it was sent in plain text to the person owning that fake website. They'd then have your real information to log on to, using the real website. It's fishing though, because you never know if you're going to get a catch or lose it. Both of these methods generally require each other in context, such as social engineering someone to your phishing website, or using the phishing details to social engineer someone else. The method the OP is talking about though is plain social engineering, you don't need to create a fake website to get the information. You just need to talk to a person, pretending you're someone else, to get what you want.

Link to comment
Share on other sites
Jefke Newbie

Jefke

Posted
Posted

Seen that way ... everything will be social engineering cuz the human will always be the weakest link in computer security.

 

That is why i tend to those differences.

 

Regards

 

Gengis

 

 

Nope, it's not

 

You don't always target the human link (although it's general the easiest way)

 

- Using flash/java exploits on websites to install malware: no human targeted, but exploits in the system

- SQL injection: exploits in the system

- ...

 

Social engineering is a wide thing under which many techniques fit, I will always put phishing under it. Because it's a technique which targets the human  directly (at least the initial attack, after which you might be able to install malware)

 

Like I said it might be your job, but can't find any source that proves me wrong :P

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept