A quick consultation with Wikipedia gives a definition of social engineering as, ‘The practice of obtaining confidential information by manipulation of legitimate users.’ This certainly captures some of the elements. At times it can be used to directly obtain confidential information, although all too oen information hasn’t been classified in any way, the target of the aack may not have even recognized the confidential nature of the information they are disclosing. However, there are other occasions when the action an aacker seeks may not be directly designed to manipulate you into disclosing information. Tricking a security guard into giving access to a building, using social engineering techniques, doesn’t directly obtain confidential information – the objective may be to disable a facility and deny access to information.
No hay comentarios:
Publicar un comentario