It Seems So Easy to Gain Access: Social Engineering

Un article sur le site US de Microsoft sur la manipulation (Social Engineering) et l'exploitation de la plus grosse vulnérabilité d'un système d'information : le facteur humain.

Security Tip of the Month - January 2005
It Seems So Easy to Gain Access: Social Engineering

"Hackers use the term “social engineering” to describe the art of persuading people to divulge information, such as account names and passwords. This information can allow the hackers to then access a system or network. These methods depend on people skills rather than technical skills, since they exploit human nature rather than software or hardware vulnerabilities.

A good social engineer is an accomplished actor who tries to charm or intimidate network users into giving him sensitive information. Common ploys include pretending to be an organization executive or member of the IT staff, a fellow worker, or a member of an outside organization, such as a network consultant or phone company employee... "

La suite de l'article : http://www.microsoft.com/technet/community/columns/sectip/st0105.mspx

Et pour ceux que le sujet intéresse, je recommande vivement la lecture de l'Art de la supercherie (The Art of deception) le livre de Kevin Mitnick.